Vulnerability-Lookup

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 ESM
Ubuntu	Ubuntu	Ubuntu 24.04 LTS
Ubuntu	Ubuntu	Ubuntu 18.04 ESM
Ubuntu	Ubuntu	Ubuntu 20.04 LTS
Ubuntu	Ubuntu	Ubuntu 14.04 ESM
Ubuntu	Ubuntu	Ubuntu 22.04 LTS

CVE-2024-53129 (GCVE-0-2024-53129)

Vulnerability from cvelistv5 – Published: 2024-12-04 14:20 – Updated: 2025-11-03 22:29

Title

drm/rockchip: vop: Fix a dereferenced before check warning

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: Fix a dereferenced before check warning The 'state' can't be NULL, we should check crtc_state. Fix warning: drivers/gpu/drm/rockchip/rockchip_drm_vop.c:1096 vop_plane_atomic_async_check() warn: variable dereferenced before check 'state' (see line 1077)

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4e47b99a7764b23a4…
	https://git.kernel.org/stable/c/656dbd1c21c2c088c…
	https://git.kernel.org/stable/c/1e53059729691ca4d…
	https://git.kernel.org/stable/c/bbf8bc7e758639420…
	https://git.kernel.org/stable/c/ab1c793f457f740ab…

Impacted products

Vendor

Product

Version

Linux

Affected: 5ddb0bd4ddc35d9c9376d109398f84277bb8d25e , < 4e47b99a7764b23a431bff6a3f91dfe77d294765 (git)
Affected: 5ddb0bd4ddc35d9c9376d109398f84277bb8d25e , < 656dbd1c21c2c088c70059cdd43ec83e7d54ec4d (git)
Affected: 5ddb0bd4ddc35d9c9376d109398f84277bb8d25e , < 1e53059729691ca4d905118258b9fbd17d854174 (git)
Affected: 5ddb0bd4ddc35d9c9376d109398f84277bb8d25e , < bbf8bc7e75863942028131ae39c23118f62de6c0 (git)
Affected: 5ddb0bd4ddc35d9c9376d109398f84277bb8d25e , < ab1c793f457f740ab7108cc0b1340a402dbf484d (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.119 , ≤ 6.1.* (semver)
Unaffected: 6.6.63 , ≤ 6.6.* (semver)
Unaffected: 6.11.10 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:29:33.414Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/rockchip/rockchip_drm_vop.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4e47b99a7764b23a431bff6a3f91dfe77d294765",
              "status": "affected",
              "version": "5ddb0bd4ddc35d9c9376d109398f84277bb8d25e",
              "versionType": "git"
            },
            {
              "lessThan": "656dbd1c21c2c088c70059cdd43ec83e7d54ec4d",
              "status": "affected",
              "version": "5ddb0bd4ddc35d9c9376d109398f84277bb8d25e",
              "versionType": "git"
            },
            {
              "lessThan": "1e53059729691ca4d905118258b9fbd17d854174",
              "status": "affected",
              "version": "5ddb0bd4ddc35d9c9376d109398f84277bb8d25e",
              "versionType": "git"
            },
            {
              "lessThan": "bbf8bc7e75863942028131ae39c23118f62de6c0",
              "status": "affected",
              "version": "5ddb0bd4ddc35d9c9376d109398f84277bb8d25e",
              "versionType": "git"
            },
            {
              "lessThan": "ab1c793f457f740ab7108cc0b1340a402dbf484d",
              "status": "affected",
              "version": "5ddb0bd4ddc35d9c9376d109398f84277bb8d25e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/rockchip/rockchip_drm_vop.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.119",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.63",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.10",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/rockchip: vop: Fix a dereferenced before check warning\n\nThe \u0027state\u0027 can\u0027t be NULL, we should check crtc_state.\n\nFix warning:\ndrivers/gpu/drm/rockchip/rockchip_drm_vop.c:1096\nvop_plane_atomic_async_check() warn: variable dereferenced before check\n\u0027state\u0027 (see line 1077)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:53:46.135Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4e47b99a7764b23a431bff6a3f91dfe77d294765"
        },
        {
          "url": "https://git.kernel.org/stable/c/656dbd1c21c2c088c70059cdd43ec83e7d54ec4d"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e53059729691ca4d905118258b9fbd17d854174"
        },
        {
          "url": "https://git.kernel.org/stable/c/bbf8bc7e75863942028131ae39c23118f62de6c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/ab1c793f457f740ab7108cc0b1340a402dbf484d"
        }
      ],
      "title": "drm/rockchip: vop: Fix a dereferenced before check warning",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53129",
    "datePublished": "2024-12-04T14:20:35.907Z",
    "dateReserved": "2024-11-19T17:17:24.995Z",
    "dateUpdated": "2025-11-03T22:29:33.414Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53130 (GCVE-0-2024-53130)

Vulnerability from cvelistv5 – Published: 2024-12-04 14:20 – Updated: 2025-11-03 22:29

Title

nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint

Summary

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint When using the "block:block_dirty_buffer" tracepoint, mark_buffer_dirty() may cause a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens because, since the tracepoint was added in mark_buffer_dirty(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. In the current implementation, nilfs_grab_buffer(), which grabs a buffer to read (or create) a block of metadata, including b-tree node blocks, does not set the block device, but instead does so only if the buffer is not in the "uptodate" state for each of its caller block reading functions. However, if the uptodate flag is set on a folio/page, and the buffer heads are detached from it by try_to_free_buffers(), and new buffer heads are then attached by create_empty_buffers(), the uptodate flag may be restored to each buffer without the block device being set to bh->b_bdev, and mark_buffer_dirty() may be called later in that state, resulting in the bug mentioned above. Fix this issue by making nilfs_grab_buffer() always set the block device of the super block structure to the buffer head, regardless of the state of the buffer's uptodate flag.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7af3309c7a2ef2683…
	https://git.kernel.org/stable/c/0ce59fb1c73fdd5b6…
	https://git.kernel.org/stable/c/0a5014ad37c77ac6a…
	https://git.kernel.org/stable/c/d904e4d845aafbcfd…
	https://git.kernel.org/stable/c/86b19031dbc79abc3…
	https://git.kernel.org/stable/c/b0e4765740040c440…
	https://git.kernel.org/stable/c/ffc440a76a0f476a7…
	https://git.kernel.org/stable/c/2026559a6c4ce34db…

Impacted products

Vendor

Product

Version

Linux

Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < 7af3309c7a2ef26831a67125b11c34a7e01c1b2a (git)
Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < 0ce59fb1c73fdd5b6028226aeb46259a0cdc0957 (git)
Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < 0a5014ad37c77ac6a2c525137c00a0e1724f6020 (git)
Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < d904e4d845aafbcfd8a40c1df7d999f02f062be8 (git)
Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < 86b19031dbc79abc378dfae357f6ea33ebeb0c95 (git)
Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < b0e4765740040c44039282057ecacd7435d1d2ba (git)
Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < ffc440a76a0f476a7e6ea838ec0dc8e9979944d1 (git)
Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < 2026559a6c4ce34db117d2db8f710fe2a9420d5a (git)

Linux

Affected: 3.9
Unaffected: 0 , < 3.9 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.119 , ≤ 6.1.* (semver)
Unaffected: 6.6.63 , ≤ 6.6.* (semver)
Unaffected: 6.11.10 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:29:34.891Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/btnode.c",
            "fs/nilfs2/gcinode.c",
            "fs/nilfs2/mdt.c",
            "fs/nilfs2/page.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7af3309c7a2ef26831a67125b11c34a7e01c1b2a",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            },
            {
              "lessThan": "0ce59fb1c73fdd5b6028226aeb46259a0cdc0957",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            },
            {
              "lessThan": "0a5014ad37c77ac6a2c525137c00a0e1724f6020",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            },
            {
              "lessThan": "d904e4d845aafbcfd8a40c1df7d999f02f062be8",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            },
            {
              "lessThan": "86b19031dbc79abc378dfae357f6ea33ebeb0c95",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            },
            {
              "lessThan": "b0e4765740040c44039282057ecacd7435d1d2ba",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            },
            {
              "lessThan": "ffc440a76a0f476a7e6ea838ec0dc8e9979944d1",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            },
            {
              "lessThan": "2026559a6c4ce34db117d2db8f710fe2a9420d5a",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/btnode.c",
            "fs/nilfs2/gcinode.c",
            "fs/nilfs2/mdt.c",
            "fs/nilfs2/page.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.9"
            },
            {
              "lessThan": "3.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.119",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.63",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.10",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint\n\nWhen using the \"block:block_dirty_buffer\" tracepoint, mark_buffer_dirty()\nmay cause a NULL pointer dereference, or a general protection fault when\nKASAN is enabled.\n\nThis happens because, since the tracepoint was added in\nmark_buffer_dirty(), it references the dev_t member bh-\u003eb_bdev-\u003ebd_dev\nregardless of whether the buffer head has a pointer to a block_device\nstructure.\n\nIn the current implementation, nilfs_grab_buffer(), which grabs a buffer\nto read (or create) a block of metadata, including b-tree node blocks,\ndoes not set the block device, but instead does so only if the buffer is\nnot in the \"uptodate\" state for each of its caller block reading\nfunctions.  However, if the uptodate flag is set on a folio/page, and the\nbuffer heads are detached from it by try_to_free_buffers(), and new buffer\nheads are then attached by create_empty_buffers(), the uptodate flag may\nbe restored to each buffer without the block device being set to\nbh-\u003eb_bdev, and mark_buffer_dirty() may be called later in that state,\nresulting in the bug mentioned above.\n\nFix this issue by making nilfs_grab_buffer() always set the block device\nof the super block structure to the buffer head, regardless of the state\nof the buffer\u0027s uptodate flag."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:53:47.552Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7af3309c7a2ef26831a67125b11c34a7e01c1b2a"
        },
        {
          "url": "https://git.kernel.org/stable/c/0ce59fb1c73fdd5b6028226aeb46259a0cdc0957"
        },
        {
          "url": "https://git.kernel.org/stable/c/0a5014ad37c77ac6a2c525137c00a0e1724f6020"
        },
        {
          "url": "https://git.kernel.org/stable/c/d904e4d845aafbcfd8a40c1df7d999f02f062be8"
        },
        {
          "url": "https://git.kernel.org/stable/c/86b19031dbc79abc378dfae357f6ea33ebeb0c95"
        },
        {
          "url": "https://git.kernel.org/stable/c/b0e4765740040c44039282057ecacd7435d1d2ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/ffc440a76a0f476a7e6ea838ec0dc8e9979944d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/2026559a6c4ce34db117d2db8f710fe2a9420d5a"
        }
      ],
      "title": "nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53130",
    "datePublished": "2024-12-04T14:20:36.741Z",
    "dateReserved": "2024-11-19T17:17:24.995Z",
    "dateUpdated": "2025-11-03T22:29:34.891Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53194 (GCVE-0-2024-53194)

Vulnerability from cvelistv5 – Published: 2024-12-27 13:49 – Updated: 2025-11-03 20:47

Title

PCI: Fix use-after-free of slot->bus on hot remove

Summary

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix use-after-free of slot->bus on hot remove Dennis reports a boot crash on recent Lenovo laptops with a USB4 dock. Since commit 0fc70886569c ("thunderbolt: Reset USB4 v2 host router") and commit 59a54c5f3dbd ("thunderbolt: Reset topology created by the boot firmware"), USB4 v2 and v1 Host Routers are reset on probe of the thunderbolt driver. The reset clears the Presence Detect State and Data Link Layer Link Active bits at the USB4 Host Router's Root Port and thus causes hot removal of the dock. The crash occurs when pciehp is unbound from one of the dock's Downstream Ports: pciehp creates a pci_slot on bind and destroys it on unbind. The pci_slot contains a pointer to the pci_bus below the Downstream Port, but a reference on that pci_bus is never acquired. The pci_bus is destroyed before the pci_slot, so a use-after-free ensues when pci_slot_release() accesses slot->bus. In principle this should not happen because pci_stop_bus_device() unbinds pciehp (and therefore destroys the pci_slot) before the pci_bus is destroyed by pci_remove_bus_device(). However the stacktrace provided by Dennis shows that pciehp is unbound from pci_remove_bus_device() instead of pci_stop_bus_device(). To understand the significance of this, one needs to know that the PCI core uses a two step process to remove a portion of the hierarchy: It first unbinds all drivers in the sub-hierarchy in pci_stop_bus_device() and then actually removes the devices in pci_remove_bus_device(). There is no precaution to prevent driver binding in-between pci_stop_bus_device() and pci_remove_bus_device(). In Dennis' case, it seems removal of the hierarchy by pciehp races with driver binding by pci_bus_add_devices(). pciehp is bound to the Downstream Port after pci_stop_bus_device() has run, so it is unbound by pci_remove_bus_device() instead of pci_stop_bus_device(). Because the pci_bus has already been destroyed at that point, accesses to it result in a use-after-free. One might conclude that driver binding needs to be prevented after pci_stop_bus_device() has run. However it seems risky that pci_slot points to pci_bus without holding a reference. Solely relying on correct ordering of driver unbind versus pci_bus destruction is certainly not defensive programming. If pci_slot has a need to access data in pci_bus, it ought to acquire a reference. Amend pci_create_slot() accordingly. Dennis reports that the crash is not reproducible with this change. Abridged stacktrace: pcieport 0000:00:07.0: PME: Signaling with IRQ 156 pcieport 0000:00:07.0: pciehp: Slot #12 AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+ IbPresDis- LLActRep+ pci_bus 0000:20: dev 00, created physical slot 12 pcieport 0000:00:07.0: pciehp: Slot(12): Card not present ... pcieport 0000:21:02.0: pciehp: pcie_disable_notification: SLOTCTRL d8 write cmd 0 Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI CPU: 13 UID: 0 PID: 134 Comm: irq/156-pciehp Not tainted 6.11.0-devel+ #1 RIP: 0010:dev_driver_string+0x12/0x40 pci_destroy_slot pciehp_remove pcie_port_remove_service device_release_driver_internal bus_remove_device device_del device_unregister remove_iter device_for_each_child pcie_portdrv_remove pci_device_remove device_release_driver_internal bus_remove_device device_del pci_remove_bus_device (recursive invocation) pci_remove_bus_device pciehp_unconfigure_device pciehp_disable_slot pciehp_handle_presence_or_link_change pciehp_ist

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/50473dd3b2a08601a…
	https://git.kernel.org/stable/c/d0ddd2c92b75a19a3…
	https://git.kernel.org/stable/c/da6e6ff1f6c57f16e…
	https://git.kernel.org/stable/c/41bbb1eb996be1435…
	https://git.kernel.org/stable/c/20502f0b3f3acd6be…
	https://git.kernel.org/stable/c/e5d5c04aac71bf147…
	https://git.kernel.org/stable/c/c8266ab8e7ccd1d1f…
	https://git.kernel.org/stable/c/69d2ceac11acf8579…
	https://git.kernel.org/stable/c/c7acef99642b763ba…

Impacted products

Vendor

Product

Version

Linux

Affected: f46753c5e354b857b20ab8e0fe7b2579831dc369 , < 50473dd3b2a08601a078f852ea05572de9b1f86c (git)
Affected: f46753c5e354b857b20ab8e0fe7b2579831dc369 , < d0ddd2c92b75a19a37c887154223372b600fed37 (git)
Affected: f46753c5e354b857b20ab8e0fe7b2579831dc369 , < da6e6ff1f6c57f16e07af955e0e997fc90dd1e75 (git)
Affected: f46753c5e354b857b20ab8e0fe7b2579831dc369 , < 41bbb1eb996be1435815aa1fbcc9ffc45b84cc12 (git)
Affected: f46753c5e354b857b20ab8e0fe7b2579831dc369 , < 20502f0b3f3acd6bee300257556c27a867f80c8b (git)
Affected: f46753c5e354b857b20ab8e0fe7b2579831dc369 , < e5d5c04aac71bf1476dc44b56f2206a4c2facca8 (git)
Affected: f46753c5e354b857b20ab8e0fe7b2579831dc369 , < c8266ab8e7ccd1d1f5a9c8b29eb2020175048134 (git)
Affected: f46753c5e354b857b20ab8e0fe7b2579831dc369 , < 69d2ceac11acf8579d58d55c9c5b65fb658f916e (git)
Affected: f46753c5e354b857b20ab8e0fe7b2579831dc369 , < c7acef99642b763ba585f4a43af999fcdbcc3dc4 (git)

Linux

Affected: 2.6.27
Unaffected: 0 , < 2.6.27 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-53194",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T15:43:25.841090Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T15:45:26.535Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:47:25.631Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/pci/slot.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "50473dd3b2a08601a078f852ea05572de9b1f86c",
              "status": "affected",
              "version": "f46753c5e354b857b20ab8e0fe7b2579831dc369",
              "versionType": "git"
            },
            {
              "lessThan": "d0ddd2c92b75a19a37c887154223372b600fed37",
              "status": "affected",
              "version": "f46753c5e354b857b20ab8e0fe7b2579831dc369",
              "versionType": "git"
            },
            {
              "lessThan": "da6e6ff1f6c57f16e07af955e0e997fc90dd1e75",
              "status": "affected",
              "version": "f46753c5e354b857b20ab8e0fe7b2579831dc369",
              "versionType": "git"
            },
            {
              "lessThan": "41bbb1eb996be1435815aa1fbcc9ffc45b84cc12",
              "status": "affected",
              "version": "f46753c5e354b857b20ab8e0fe7b2579831dc369",
              "versionType": "git"
            },
            {
              "lessThan": "20502f0b3f3acd6bee300257556c27a867f80c8b",
              "status": "affected",
              "version": "f46753c5e354b857b20ab8e0fe7b2579831dc369",
              "versionType": "git"
            },
            {
              "lessThan": "e5d5c04aac71bf1476dc44b56f2206a4c2facca8",
              "status": "affected",
              "version": "f46753c5e354b857b20ab8e0fe7b2579831dc369",
              "versionType": "git"
            },
            {
              "lessThan": "c8266ab8e7ccd1d1f5a9c8b29eb2020175048134",
              "status": "affected",
              "version": "f46753c5e354b857b20ab8e0fe7b2579831dc369",
              "versionType": "git"
            },
            {
              "lessThan": "69d2ceac11acf8579d58d55c9c5b65fb658f916e",
              "status": "affected",
              "version": "f46753c5e354b857b20ab8e0fe7b2579831dc369",
              "versionType": "git"
            },
            {
              "lessThan": "c7acef99642b763ba585f4a43af999fcdbcc3dc4",
              "status": "affected",
              "version": "f46753c5e354b857b20ab8e0fe7b2579831dc369",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/pci/slot.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.27"
            },
            {
              "lessThan": "2.6.27",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Fix use-after-free of slot-\u003ebus on hot remove\n\nDennis reports a boot crash on recent Lenovo laptops with a USB4 dock.\n\nSince commit 0fc70886569c (\"thunderbolt: Reset USB4 v2 host router\") and\ncommit 59a54c5f3dbd (\"thunderbolt: Reset topology created by the boot\nfirmware\"), USB4 v2 and v1 Host Routers are reset on probe of the\nthunderbolt driver.\n\nThe reset clears the Presence Detect State and Data Link Layer Link Active\nbits at the USB4 Host Router\u0027s Root Port and thus causes hot removal of the\ndock.\n\nThe crash occurs when pciehp is unbound from one of the dock\u0027s Downstream\nPorts:  pciehp creates a pci_slot on bind and destroys it on unbind.  The\npci_slot contains a pointer to the pci_bus below the Downstream Port, but\na reference on that pci_bus is never acquired.  The pci_bus is destroyed\nbefore the pci_slot, so a use-after-free ensues when pci_slot_release()\naccesses slot-\u003ebus.\n\nIn principle this should not happen because pci_stop_bus_device() unbinds\npciehp (and therefore destroys the pci_slot) before the pci_bus is\ndestroyed by pci_remove_bus_device().\n\nHowever the stacktrace provided by Dennis shows that pciehp is unbound from\npci_remove_bus_device() instead of pci_stop_bus_device().  To understand\nthe significance of this, one needs to know that the PCI core uses a two\nstep process to remove a portion of the hierarchy:  It first unbinds all\ndrivers in the sub-hierarchy in pci_stop_bus_device() and then actually\nremoves the devices in pci_remove_bus_device().  There is no precaution to\nprevent driver binding in-between pci_stop_bus_device() and\npci_remove_bus_device().\n\nIn Dennis\u0027 case, it seems removal of the hierarchy by pciehp races with\ndriver binding by pci_bus_add_devices().  pciehp is bound to the\nDownstream Port after pci_stop_bus_device() has run, so it is unbound by\npci_remove_bus_device() instead of pci_stop_bus_device().  Because the\npci_bus has already been destroyed at that point, accesses to it result in\na use-after-free.\n\nOne might conclude that driver binding needs to be prevented after\npci_stop_bus_device() has run.  However it seems risky that pci_slot points\nto pci_bus without holding a reference.  Solely relying on correct ordering\nof driver unbind versus pci_bus destruction is certainly not defensive\nprogramming.\n\nIf pci_slot has a need to access data in pci_bus, it ought to acquire a\nreference.  Amend pci_create_slot() accordingly.  Dennis reports that the\ncrash is not reproducible with this change.\n\nAbridged stacktrace:\n\n  pcieport 0000:00:07.0: PME: Signaling with IRQ 156\n  pcieport 0000:00:07.0: pciehp: Slot #12 AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+ IbPresDis- LLActRep+\n  pci_bus 0000:20: dev 00, created physical slot 12\n  pcieport 0000:00:07.0: pciehp: Slot(12): Card not present\n  ...\n  pcieport 0000:21:02.0: pciehp: pcie_disable_notification: SLOTCTRL d8 write cmd 0\n  Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI\n  CPU: 13 UID: 0 PID: 134 Comm: irq/156-pciehp Not tainted 6.11.0-devel+ #1\n  RIP: 0010:dev_driver_string+0x12/0x40\n  pci_destroy_slot\n  pciehp_remove\n  pcie_port_remove_service\n  device_release_driver_internal\n  bus_remove_device\n  device_del\n  device_unregister\n  remove_iter\n  device_for_each_child\n  pcie_portdrv_remove\n  pci_device_remove\n  device_release_driver_internal\n  bus_remove_device\n  device_del\n  pci_remove_bus_device (recursive invocation)\n  pci_remove_bus_device\n  pciehp_unconfigure_device\n  pciehp_disable_slot\n  pciehp_handle_presence_or_link_change\n  pciehp_ist"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-11T16:59:20.646Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/50473dd3b2a08601a078f852ea05572de9b1f86c"
        },
        {
          "url": "https://git.kernel.org/stable/c/d0ddd2c92b75a19a37c887154223372b600fed37"
        },
        {
          "url": "https://git.kernel.org/stable/c/da6e6ff1f6c57f16e07af955e0e997fc90dd1e75"
        },
        {
          "url": "https://git.kernel.org/stable/c/41bbb1eb996be1435815aa1fbcc9ffc45b84cc12"
        },
        {
          "url": "https://git.kernel.org/stable/c/20502f0b3f3acd6bee300257556c27a867f80c8b"
        },
        {
          "url": "https://git.kernel.org/stable/c/e5d5c04aac71bf1476dc44b56f2206a4c2facca8"
        },
        {
          "url": "https://git.kernel.org/stable/c/c8266ab8e7ccd1d1f5a9c8b29eb2020175048134"
        },
        {
          "url": "https://git.kernel.org/stable/c/69d2ceac11acf8579d58d55c9c5b65fb658f916e"
        },
        {
          "url": "https://git.kernel.org/stable/c/c7acef99642b763ba585f4a43af999fcdbcc3dc4"
        }
      ],
      "title": "PCI: Fix use-after-free of slot-\u003ebus on hot remove",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53194",
    "datePublished": "2024-12-27T13:49:36.534Z",
    "dateReserved": "2024-11-19T17:17:25.014Z",
    "dateUpdated": "2025-11-03T20:47:25.631Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56610 (GCVE-0-2024-56610)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:51 – Updated: 2025-11-03 20:50

Title

kcsan: Turn report_filterlist_lock into a raw_spinlock

Summary

In the Linux kernel, the following vulnerability has been resolved: kcsan: Turn report_filterlist_lock into a raw_spinlock Ran Xiaokai reports that with a KCSAN-enabled PREEMPT_RT kernel, we can see splats like: | BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1 | preempt_count: 10002, expected: 0 | RCU nest depth: 0, expected: 0 | no locks held by swapper/1/0. | irq event stamp: 156674 | hardirqs last enabled at (156673): [<ffffffff81130bd9>] do_idle+0x1f9/0x240 | hardirqs last disabled at (156674): [<ffffffff82254f84>] sysvec_apic_timer_interrupt+0x14/0xc0 | softirqs last enabled at (0): [<ffffffff81099f47>] copy_process+0xfc7/0x4b60 | softirqs last disabled at (0): [<0000000000000000>] 0x0 | Preemption disabled at: | [<ffffffff814a3e2a>] paint_ptr+0x2a/0x90 | CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.11.0+ #3 | Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014 | Call Trace: | <IRQ> | dump_stack_lvl+0x7e/0xc0 | dump_stack+0x1d/0x30 | __might_resched+0x1a2/0x270 | rt_spin_lock+0x68/0x170 | kcsan_skip_report_debugfs+0x43/0xe0 | print_report+0xb5/0x590 | kcsan_report_known_origin+0x1b1/0x1d0 | kcsan_setup_watchpoint+0x348/0x650 | __tsan_unaligned_write1+0x16d/0x1d0 | hrtimer_interrupt+0x3d6/0x430 | __sysvec_apic_timer_interrupt+0xe8/0x3a0 | sysvec_apic_timer_interrupt+0x97/0xc0 | </IRQ> On a detected data race, KCSAN's reporting logic checks if it should filter the report. That list is protected by the report_filterlist_lock *non-raw* spinlock which may sleep on RT kernels. Since KCSAN may report data races in any context, convert it to a raw_spinlock. This requires being careful about when to allocate memory for the filter list itself which can be done via KCSAN's debugfs interface. Concurrent modification of the filter list via debugfs should be rare: the chosen strategy is to optimistically pre-allocate memory before the critical section and discard if unused.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f4f2ef66d288ea796…
	https://git.kernel.org/stable/c/ea6588abcc15d68fd…
	https://git.kernel.org/stable/c/0ab4951c1473c7d1c…
	https://git.kernel.org/stable/c/dca4e74a918586913…
	https://git.kernel.org/stable/c/889a0d3a35fdedba1…
	https://git.kernel.org/stable/c/59458fa4ddb47e789…

Impacted products

Vendor

Product

Version

Linux

Affected: dfd402a4c4baae42398ce9180ff424d589b8bffc , < f4f2ef66d288ea796ddb8ecbdc2df074ab2d5f4d (git)
Affected: dfd402a4c4baae42398ce9180ff424d589b8bffc , < ea6588abcc15d68fdeae777ffe3dd74c02eab407 (git)
Affected: dfd402a4c4baae42398ce9180ff424d589b8bffc , < 0ab4951c1473c7d1ceaf1232eb927109cd1c4859 (git)
Affected: dfd402a4c4baae42398ce9180ff424d589b8bffc , < dca4e74a918586913d251c0b359e8cc96a3883ea (git)
Affected: dfd402a4c4baae42398ce9180ff424d589b8bffc , < 889a0d3a35fdedba1c5dcb6410c95c32421680ec (git)
Affected: dfd402a4c4baae42398ce9180ff424d589b8bffc , < 59458fa4ddb47e7891c61b4a928d13d5f5b00aa0 (git)

Linux

Affected: 5.8
Unaffected: 0 , < 5.8 (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:50:58.130Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/kcsan/debugfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f4f2ef66d288ea796ddb8ecbdc2df074ab2d5f4d",
              "status": "affected",
              "version": "dfd402a4c4baae42398ce9180ff424d589b8bffc",
              "versionType": "git"
            },
            {
              "lessThan": "ea6588abcc15d68fdeae777ffe3dd74c02eab407",
              "status": "affected",
              "version": "dfd402a4c4baae42398ce9180ff424d589b8bffc",
              "versionType": "git"
            },
            {
              "lessThan": "0ab4951c1473c7d1ceaf1232eb927109cd1c4859",
              "status": "affected",
              "version": "dfd402a4c4baae42398ce9180ff424d589b8bffc",
              "versionType": "git"
            },
            {
              "lessThan": "dca4e74a918586913d251c0b359e8cc96a3883ea",
              "status": "affected",
              "version": "dfd402a4c4baae42398ce9180ff424d589b8bffc",
              "versionType": "git"
            },
            {
              "lessThan": "889a0d3a35fdedba1c5dcb6410c95c32421680ec",
              "status": "affected",
              "version": "dfd402a4c4baae42398ce9180ff424d589b8bffc",
              "versionType": "git"
            },
            {
              "lessThan": "59458fa4ddb47e7891c61b4a928d13d5f5b00aa0",
              "status": "affected",
              "version": "dfd402a4c4baae42398ce9180ff424d589b8bffc",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/kcsan/debugfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            },
            {
              "lessThan": "5.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkcsan: Turn report_filterlist_lock into a raw_spinlock\n\nRan Xiaokai reports that with a KCSAN-enabled PREEMPT_RT kernel, we can see\nsplats like:\n\n| BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n| in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1\n| preempt_count: 10002, expected: 0\n| RCU nest depth: 0, expected: 0\n| no locks held by swapper/1/0.\n| irq event stamp: 156674\n| hardirqs last  enabled at (156673): [\u003cffffffff81130bd9\u003e] do_idle+0x1f9/0x240\n| hardirqs last disabled at (156674): [\u003cffffffff82254f84\u003e] sysvec_apic_timer_interrupt+0x14/0xc0\n| softirqs last  enabled at (0): [\u003cffffffff81099f47\u003e] copy_process+0xfc7/0x4b60\n| softirqs last disabled at (0): [\u003c0000000000000000\u003e] 0x0\n| Preemption disabled at:\n| [\u003cffffffff814a3e2a\u003e] paint_ptr+0x2a/0x90\n| CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.11.0+ #3\n| Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014\n| Call Trace:\n|  \u003cIRQ\u003e\n|  dump_stack_lvl+0x7e/0xc0\n|  dump_stack+0x1d/0x30\n|  __might_resched+0x1a2/0x270\n|  rt_spin_lock+0x68/0x170\n|  kcsan_skip_report_debugfs+0x43/0xe0\n|  print_report+0xb5/0x590\n|  kcsan_report_known_origin+0x1b1/0x1d0\n|  kcsan_setup_watchpoint+0x348/0x650\n|  __tsan_unaligned_write1+0x16d/0x1d0\n|  hrtimer_interrupt+0x3d6/0x430\n|  __sysvec_apic_timer_interrupt+0xe8/0x3a0\n|  sysvec_apic_timer_interrupt+0x97/0xc0\n|  \u003c/IRQ\u003e\n\nOn a detected data race, KCSAN\u0027s reporting logic checks if it should\nfilter the report. That list is protected by the report_filterlist_lock\n*non-raw* spinlock which may sleep on RT kernels.\n\nSince KCSAN may report data races in any context, convert it to a\nraw_spinlock.\n\nThis requires being careful about when to allocate memory for the filter\nlist itself which can be done via KCSAN\u0027s debugfs interface. Concurrent\nmodification of the filter list via debugfs should be rare: the chosen\nstrategy is to optimistically pre-allocate memory before the critical\nsection and discard if unused."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:59:47.459Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f4f2ef66d288ea796ddb8ecbdc2df074ab2d5f4d"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea6588abcc15d68fdeae777ffe3dd74c02eab407"
        },
        {
          "url": "https://git.kernel.org/stable/c/0ab4951c1473c7d1ceaf1232eb927109cd1c4859"
        },
        {
          "url": "https://git.kernel.org/stable/c/dca4e74a918586913d251c0b359e8cc96a3883ea"
        },
        {
          "url": "https://git.kernel.org/stable/c/889a0d3a35fdedba1c5dcb6410c95c32421680ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/59458fa4ddb47e7891c61b4a928d13d5f5b00aa0"
        }
      ],
      "title": "kcsan: Turn report_filterlist_lock into a raw_spinlock",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56610",
    "datePublished": "2024-12-27T14:51:15.305Z",
    "dateReserved": "2024-12-27T14:03:06.013Z",
    "dateUpdated": "2025-11-03T20:50:58.130Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-57908 (GCVE-0-2024-57908)

Vulnerability from cvelistv5 – Published: 2025-01-19 11:52 – Updated: 2025-11-03 20:55

Title

iio: imu: kmx61: fix information leak in triggered buffer

Summary

In the Linux kernel, the following vulnerability has been resolved: iio: imu: kmx61: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the array to zero before using it to avoid pushing uninitialized information to userspace.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-908 - Use of Uninitialized Resource

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0871eb8d700b33dd7…
	https://git.kernel.org/stable/c/a386d9d2dc6635f2e…
	https://git.kernel.org/stable/c/a07f698084412a3ef…
	https://git.kernel.org/stable/c/6985ba4467e4b15b8…
	https://git.kernel.org/stable/c/cde312e257b59ecaa…
	https://git.kernel.org/stable/c/565814cbbaa674d29…
	https://git.kernel.org/stable/c/6ae053113f6a226a2…

Impacted products

Vendor

Product

Version

Linux

Affected: c3a23ecc0901f624b681bbfbc4829766c5aa3070 , < 0871eb8d700b33dd7fa86c80630d62ddaef58c2c (git)
Affected: c3a23ecc0901f624b681bbfbc4829766c5aa3070 , < a386d9d2dc6635f2ec210b8199cfb3acf4d31305 (git)
Affected: c3a23ecc0901f624b681bbfbc4829766c5aa3070 , < a07f698084412a3ef5e950fcac1d6b0f53289efd (git)
Affected: c3a23ecc0901f624b681bbfbc4829766c5aa3070 , < 6985ba4467e4b15b809043fa7740d1fb23a1897b (git)
Affected: c3a23ecc0901f624b681bbfbc4829766c5aa3070 , < cde312e257b59ecaa0fad3af9ec7e2370bb24639 (git)
Affected: c3a23ecc0901f624b681bbfbc4829766c5aa3070 , < 565814cbbaa674d2901428796801de49a611e59d (git)
Affected: c3a23ecc0901f624b681bbfbc4829766c5aa3070 , < 6ae053113f6a226a2303caa4936a4c37f3bfff7b (git)

Linux

Affected: 4.0
Unaffected: 0 , < 4.0 (semver)
Unaffected: 5.4.290 , ≤ 5.4.* (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.125 , ≤ 6.1.* (semver)
Unaffected: 6.6.72 , ≤ 6.6.* (semver)
Unaffected: 6.12.10 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-57908",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:53:36.338739Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-908",
                "description": "CWE-908 Use of Uninitialized Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:16.393Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:55:36.947Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/iio/imu/kmx61.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0871eb8d700b33dd7fa86c80630d62ddaef58c2c",
              "status": "affected",
              "version": "c3a23ecc0901f624b681bbfbc4829766c5aa3070",
              "versionType": "git"
            },
            {
              "lessThan": "a386d9d2dc6635f2ec210b8199cfb3acf4d31305",
              "status": "affected",
              "version": "c3a23ecc0901f624b681bbfbc4829766c5aa3070",
              "versionType": "git"
            },
            {
              "lessThan": "a07f698084412a3ef5e950fcac1d6b0f53289efd",
              "status": "affected",
              "version": "c3a23ecc0901f624b681bbfbc4829766c5aa3070",
              "versionType": "git"
            },
            {
              "lessThan": "6985ba4467e4b15b809043fa7740d1fb23a1897b",
              "status": "affected",
              "version": "c3a23ecc0901f624b681bbfbc4829766c5aa3070",
              "versionType": "git"
            },
            {
              "lessThan": "cde312e257b59ecaa0fad3af9ec7e2370bb24639",
              "status": "affected",
              "version": "c3a23ecc0901f624b681bbfbc4829766c5aa3070",
              "versionType": "git"
            },
            {
              "lessThan": "565814cbbaa674d2901428796801de49a611e59d",
              "status": "affected",
              "version": "c3a23ecc0901f624b681bbfbc4829766c5aa3070",
              "versionType": "git"
            },
            {
              "lessThan": "6ae053113f6a226a2303caa4936a4c37f3bfff7b",
              "status": "affected",
              "version": "c3a23ecc0901f624b681bbfbc4829766c5aa3070",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/iio/imu/kmx61.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "lessThan": "4.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.290",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.125",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.72",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.290",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.125",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.72",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.10",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: imu: kmx61: fix information leak in triggered buffer\n\nThe \u0027buffer\u0027 local array is used to push data to user space from a\ntriggered buffer, but it does not set values for inactive channels, as\nit only uses iio_for_each_active_channel() to assign new values.\n\nInitialize the array to zero before using it to avoid pushing\nuninitialized information to userspace."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:06:24.304Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0871eb8d700b33dd7fa86c80630d62ddaef58c2c"
        },
        {
          "url": "https://git.kernel.org/stable/c/a386d9d2dc6635f2ec210b8199cfb3acf4d31305"
        },
        {
          "url": "https://git.kernel.org/stable/c/a07f698084412a3ef5e950fcac1d6b0f53289efd"
        },
        {
          "url": "https://git.kernel.org/stable/c/6985ba4467e4b15b809043fa7740d1fb23a1897b"
        },
        {
          "url": "https://git.kernel.org/stable/c/cde312e257b59ecaa0fad3af9ec7e2370bb24639"
        },
        {
          "url": "https://git.kernel.org/stable/c/565814cbbaa674d2901428796801de49a611e59d"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ae053113f6a226a2303caa4936a4c37f3bfff7b"
        }
      ],
      "title": "iio: imu: kmx61: fix information leak in triggered buffer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57908",
    "datePublished": "2025-01-19T11:52:31.714Z",
    "dateReserved": "2025-01-19T11:50:08.373Z",
    "dateUpdated": "2025-11-03T20:55:36.947Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21692 (GCVE-0-2025-21692)

Vulnerability from cvelistv5 – Published: 2025-02-10 15:58 – Updated: 2025-11-03 20:59

Title

net: sched: fix ets qdisc OOB Indexing

Summary

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan <g1042620637@gmail.com> found that ets_class_from_arg() can index an Out-Of-Bound class in ets_class_from_arg() when passed clid of 0. The overflow may cause local privilege escalation. [ 18.852298] ------------[ cut here ]------------ [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20 [ 18.853743] index 18446744073709551615 is out of range for type 'ets_class [16]' [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17 [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [ 18.856532] Call Trace: [ 18.857441] <TASK> [ 18.858227] dump_stack_lvl+0xc2/0xf0 [ 18.859607] dump_stack+0x10/0x20 [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0 [ 18.864022] ets_class_change+0x3d6/0x3f0 [ 18.864322] tc_ctl_tclass+0x251/0x910 [ 18.864587] ? lock_acquire+0x5e/0x140 [ 18.865113] ? __mutex_lock+0x9c/0xe70 [ 18.866009] ? __mutex_lock+0xa34/0xe70 [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0 [ 18.866806] ? __lock_acquire+0x578/0xc10 [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 18.867503] netlink_rcv_skb+0x59/0x110 [ 18.867776] rtnetlink_rcv+0x15/0x30 [ 18.868159] netlink_unicast+0x1c3/0x2b0 [ 18.868440] netlink_sendmsg+0x239/0x4b0 [ 18.868721] ____sys_sendmsg+0x3e2/0x410 [ 18.869012] ___sys_sendmsg+0x88/0xe0 [ 18.869276] ? rseq_ip_fixup+0x198/0x260 [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190 [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0 [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220 [ 18.870547] ? do_syscall_64+0x93/0x150 [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290 [ 18.871157] __sys_sendmsg+0x69/0xd0 [ 18.871416] __x64_sys_sendmsg+0x1d/0x30 [ 18.871699] x64_sys_call+0x9e2/0x2670 [ 18.871979] do_syscall_64+0x87/0x150 [ 18.873280] ? do_syscall_64+0x93/0x150 [ 18.874742] ? lock_release+0x7b/0x160 [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0 [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210 [ 18.879608] ? irqentry_exit+0x77/0xb0 [ 18.879808] ? clear_bhb_loop+0x15/0x70 [ 18.880023] ? clear_bhb_loop+0x15/0x70 [ 18.880223] ? clear_bhb_loop+0x15/0x70 [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 18.880683] RIP: 0033:0x44a957 [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10 [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957 [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003 [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0 [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001 [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001 [ 18.888395] </TASK> [ 18.888610] ---[ end trace ]---

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-129 - Improper Validation of Array Index

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/03c56665dab1f4ac8…
	https://git.kernel.org/stable/c/bcf0d815e728a3a30…
	https://git.kernel.org/stable/c/1332c6ed446be787f…
	https://git.kernel.org/stable/c/f4168299e553f17aa…
	https://git.kernel.org/stable/c/997f6ec4208b23c87…
	https://git.kernel.org/stable/c/f6b0f05fbfa4044f8…
	https://git.kernel.org/stable/c/d62b04fca4340a0d4…

Impacted products

Vendor

Product

Version

Linux

Affected: dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33 , < 03c56665dab1f4ac844bc156652d50d639093fa5 (git)
Affected: dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33 , < bcf0d815e728a3a304b50455b32a3170c16e1eaa (git)
Affected: dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33 , < 1332c6ed446be787f901ed1064ec6a3c694f028a (git)
Affected: dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33 , < f4168299e553f17aa2ba4016e77a9c38da40eb1d (git)
Affected: dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33 , < 997f6ec4208b23c87daf9f044689685f091826f7 (git)
Affected: dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33 , < f6b0f05fbfa4044f890e8a348288c0d9a20bd1d0 (git)
Affected: dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33 , < d62b04fca4340a0d468d7853bd66e511935a18cb (git)

Linux

Affected: 5.6
Unaffected: 0 , < 5.6 (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.178 , ≤ 5.15.* (semver)
Unaffected: 6.1.128 , ≤ 6.1.* (semver)
Unaffected: 6.6.75 , ≤ 6.6.* (semver)
Unaffected: 6.12.12 , ≤ 6.12.* (semver)
Unaffected: 6.13.1 , ≤ 6.13.* (semver)
Unaffected: 6.14 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-21692",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:51:24.646401Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-129",
                "description": "CWE-129 Improper Validation of Array Index",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:10.054Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:59:14.944Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_ets.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "03c56665dab1f4ac844bc156652d50d639093fa5",
              "status": "affected",
              "version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33",
              "versionType": "git"
            },
            {
              "lessThan": "bcf0d815e728a3a304b50455b32a3170c16e1eaa",
              "status": "affected",
              "version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33",
              "versionType": "git"
            },
            {
              "lessThan": "1332c6ed446be787f901ed1064ec6a3c694f028a",
              "status": "affected",
              "version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33",
              "versionType": "git"
            },
            {
              "lessThan": "f4168299e553f17aa2ba4016e77a9c38da40eb1d",
              "status": "affected",
              "version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33",
              "versionType": "git"
            },
            {
              "lessThan": "997f6ec4208b23c87daf9f044689685f091826f7",
              "status": "affected",
              "version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33",
              "versionType": "git"
            },
            {
              "lessThan": "f6b0f05fbfa4044f890e8a348288c0d9a20bd1d0",
              "status": "affected",
              "version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33",
              "versionType": "git"
            },
            {
              "lessThan": "d62b04fca4340a0d468d7853bd66e511935a18cb",
              "status": "affected",
              "version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_ets.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.178",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.178",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.128",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.75",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.12",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.1",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [   18.852298] ------------[ cut here ]------------\n [   18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [   18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [   18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [   18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [   18.856532] Call Trace:\n [   18.857441]  \u003cTASK\u003e\n [   18.858227]  dump_stack_lvl+0xc2/0xf0\n [   18.859607]  dump_stack+0x10/0x20\n [   18.860908]  __ubsan_handle_out_of_bounds+0xa7/0xf0\n [   18.864022]  ets_class_change+0x3d6/0x3f0\n [   18.864322]  tc_ctl_tclass+0x251/0x910\n [   18.864587]  ? lock_acquire+0x5e/0x140\n [   18.865113]  ? __mutex_lock+0x9c/0xe70\n [   18.866009]  ? __mutex_lock+0xa34/0xe70\n [   18.866401]  rtnetlink_rcv_msg+0x170/0x6f0\n [   18.866806]  ? __lock_acquire+0x578/0xc10\n [   18.867184]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [   18.867503]  netlink_rcv_skb+0x59/0x110\n [   18.867776]  rtnetlink_rcv+0x15/0x30\n [   18.868159]  netlink_unicast+0x1c3/0x2b0\n [   18.868440]  netlink_sendmsg+0x239/0x4b0\n [   18.868721]  ____sys_sendmsg+0x3e2/0x410\n [   18.869012]  ___sys_sendmsg+0x88/0xe0\n [   18.869276]  ? rseq_ip_fixup+0x198/0x260\n [   18.869563]  ? rseq_update_cpu_node_id+0x10a/0x190\n [   18.869900]  ? trace_hardirqs_off+0x5a/0xd0\n [   18.870196]  ? syscall_exit_to_user_mode+0xcc/0x220\n [   18.870547]  ? do_syscall_64+0x93/0x150\n [   18.870821]  ? __memcg_slab_free_hook+0x69/0x290\n [   18.871157]  __sys_sendmsg+0x69/0xd0\n [   18.871416]  __x64_sys_sendmsg+0x1d/0x30\n [   18.871699]  x64_sys_call+0x9e2/0x2670\n [   18.871979]  do_syscall_64+0x87/0x150\n [   18.873280]  ? do_syscall_64+0x93/0x150\n [   18.874742]  ? lock_release+0x7b/0x160\n [   18.876157]  ? do_user_addr_fault+0x5ce/0x8f0\n [   18.877833]  ? irqentry_exit_to_user_mode+0xc2/0x210\n [   18.879608]  ? irqentry_exit+0x77/0xb0\n [   18.879808]  ? clear_bhb_loop+0x15/0x70\n [   18.880023]  ? clear_bhb_loop+0x15/0x70\n [   18.880223]  ? clear_bhb_loop+0x15/0x70\n [   18.880426]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [   18.880683] RIP: 0033:0x44a957\n [   18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [   18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [   18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [   18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [   18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [   18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [   18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [   18.888395]  \u003c/TASK\u003e\n [   18.888610] ---[ end trace ]---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:19:09.132Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/03c56665dab1f4ac844bc156652d50d639093fa5"
        },
        {
          "url": "https://git.kernel.org/stable/c/bcf0d815e728a3a304b50455b32a3170c16e1eaa"
        },
        {
          "url": "https://git.kernel.org/stable/c/1332c6ed446be787f901ed1064ec6a3c694f028a"
        },
        {
          "url": "https://git.kernel.org/stable/c/f4168299e553f17aa2ba4016e77a9c38da40eb1d"
        },
        {
          "url": "https://git.kernel.org/stable/c/997f6ec4208b23c87daf9f044689685f091826f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/f6b0f05fbfa4044f890e8a348288c0d9a20bd1d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/d62b04fca4340a0d468d7853bd66e511935a18cb"
        }
      ],
      "title": "net: sched: fix ets qdisc OOB Indexing",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21692",
    "datePublished": "2025-02-10T15:58:48.087Z",
    "dateReserved": "2024-12-29T08:45:45.742Z",
    "dateUpdated": "2025-11-03T20:59:14.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56626 (GCVE-0-2024-56626)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:51 – Updated: 2025-11-03 20:51

Title

ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write

Summary

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write An offset from client could be a negative value, It could allows to write data outside the bounds of the allocated buffer. Note that this issue is coming when setting 'vfs objects = streams_xattr parameter' in ksmbd.conf.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1aea5c9470be2c712…
	https://git.kernel.org/stable/c/8cd7490fc0f268883…
	https://git.kernel.org/stable/c/164d3597d26d9acff…
	https://git.kernel.org/stable/c/c5797f195c67132d0…
	https://git.kernel.org/stable/c/313dab082289e4603…

Impacted products

Vendor

Product

Version

Linux

Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 1aea5c9470be2c7129704fb1b9562b1e3e0576f8 (git)
Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 8cd7490fc0f268883e86e840cda5311257af69ca (git)
Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 164d3597d26d9acff5d5b8bc3208bdcca942dd6a (git)
Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < c5797f195c67132d061d29c57a7c6d30530686f0 (git)
Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 313dab082289e460391c82d855430ec8a28ddf81 (git)

Linux

Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 5.15.176 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56626",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:00:52.752066Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:12.560Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:51:15.360Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/server/smb2pdu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1aea5c9470be2c7129704fb1b9562b1e3e0576f8",
              "status": "affected",
              "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
              "versionType": "git"
            },
            {
              "lessThan": "8cd7490fc0f268883e86e840cda5311257af69ca",
              "status": "affected",
              "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
              "versionType": "git"
            },
            {
              "lessThan": "164d3597d26d9acff5d5b8bc3208bdcca942dd6a",
              "status": "affected",
              "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
              "versionType": "git"
            },
            {
              "lessThan": "c5797f195c67132d061d29c57a7c6d30530686f0",
              "status": "affected",
              "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
              "versionType": "git"
            },
            {
              "lessThan": "313dab082289e460391c82d855430ec8a28ddf81",
              "status": "affected",
              "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/server/smb2pdu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.176",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write\n\nAn offset from client could be a negative value, It could allows\nto write data outside the bounds of the allocated buffer.\nNote that this issue is coming when setting\n\u0027vfs objects = streams_xattr parameter\u0027 in ksmbd.conf."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:00:16.260Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1aea5c9470be2c7129704fb1b9562b1e3e0576f8"
        },
        {
          "url": "https://git.kernel.org/stable/c/8cd7490fc0f268883e86e840cda5311257af69ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/164d3597d26d9acff5d5b8bc3208bdcca942dd6a"
        },
        {
          "url": "https://git.kernel.org/stable/c/c5797f195c67132d061d29c57a7c6d30530686f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/313dab082289e460391c82d855430ec8a28ddf81"
        }
      ],
      "title": "ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56626",
    "datePublished": "2024-12-27T14:51:29.078Z",
    "dateReserved": "2024-12-27T14:03:06.017Z",
    "dateUpdated": "2025-11-03T20:51:15.360Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56698 (GCVE-0-2024-56698)

Vulnerability from cvelistv5 – Published: 2024-12-28 09:46 – Updated: 2025-11-03 20:52

Title

usb: dwc3: gadget: Fix looping of queued SG entries

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix looping of queued SG entries The dwc3_request->num_queued_sgs is decremented on completion. If a partially completed request is handled, then the dwc3_request->num_queued_sgs no longer reflects the total number of num_queued_sgs (it would be cleared). Correctly check the number of request SG entries remained to be prepare and queued. Failure to do this may cause null pointer dereference when accessing non-existent SG entry.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8ceb21d76426bbe70…
	https://git.kernel.org/stable/c/0247da93bf62d3330…
	https://git.kernel.org/stable/c/c9e72352a10ae89a4…
	https://git.kernel.org/stable/c/1534f6f69393aac77…
	https://git.kernel.org/stable/c/b7c3d0b59213ebeed…
	https://git.kernel.org/stable/c/70777a23a54e359cf…
	https://git.kernel.org/stable/c/b7fc65f5141c24785…

Impacted products

Vendor

Product

Version

Linux

Affected: c96e6725db9d6a04ac1bee881e3034b636d9f71c , < 8ceb21d76426bbe7072cc3e43281e70c0d664cc7 (git)
Affected: c96e6725db9d6a04ac1bee881e3034b636d9f71c , < 0247da93bf62d33304b7bf97850ebf2a86e06d28 (git)
Affected: c96e6725db9d6a04ac1bee881e3034b636d9f71c , < c9e72352a10ae89a430449f7bfeb043e75c255d9 (git)
Affected: c96e6725db9d6a04ac1bee881e3034b636d9f71c , < 1534f6f69393aac773465d80d31801b554352627 (git)
Affected: c96e6725db9d6a04ac1bee881e3034b636d9f71c , < b7c3d0b59213ebeedff63d128728ce0b3d7a51ec (git)
Affected: c96e6725db9d6a04ac1bee881e3034b636d9f71c , < 70777a23a54e359cfdfafc625a57cd56434f3859 (git)
Affected: c96e6725db9d6a04ac1bee881e3034b636d9f71c , < b7fc65f5141c24785dc8c19249ca4efcf71b3524 (git)

Linux

Affected: 4.18
Unaffected: 0 , < 4.18 (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56698",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:58:57.794637Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:07.702Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:52:46.763Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/dwc3/gadget.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8ceb21d76426bbe7072cc3e43281e70c0d664cc7",
              "status": "affected",
              "version": "c96e6725db9d6a04ac1bee881e3034b636d9f71c",
              "versionType": "git"
            },
            {
              "lessThan": "0247da93bf62d33304b7bf97850ebf2a86e06d28",
              "status": "affected",
              "version": "c96e6725db9d6a04ac1bee881e3034b636d9f71c",
              "versionType": "git"
            },
            {
              "lessThan": "c9e72352a10ae89a430449f7bfeb043e75c255d9",
              "status": "affected",
              "version": "c96e6725db9d6a04ac1bee881e3034b636d9f71c",
              "versionType": "git"
            },
            {
              "lessThan": "1534f6f69393aac773465d80d31801b554352627",
              "status": "affected",
              "version": "c96e6725db9d6a04ac1bee881e3034b636d9f71c",
              "versionType": "git"
            },
            {
              "lessThan": "b7c3d0b59213ebeedff63d128728ce0b3d7a51ec",
              "status": "affected",
              "version": "c96e6725db9d6a04ac1bee881e3034b636d9f71c",
              "versionType": "git"
            },
            {
              "lessThan": "70777a23a54e359cfdfafc625a57cd56434f3859",
              "status": "affected",
              "version": "c96e6725db9d6a04ac1bee881e3034b636d9f71c",
              "versionType": "git"
            },
            {
              "lessThan": "b7fc65f5141c24785dc8c19249ca4efcf71b3524",
              "status": "affected",
              "version": "c96e6725db9d6a04ac1bee881e3034b636d9f71c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/dwc3/gadget.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.18"
            },
            {
              "lessThan": "4.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: gadget: Fix looping of queued SG entries\n\nThe dwc3_request-\u003enum_queued_sgs is decremented on completion. If a\npartially completed request is handled, then the\ndwc3_request-\u003enum_queued_sgs no longer reflects the total number of\nnum_queued_sgs (it would be cleared).\n\nCorrectly check the number of request SG entries remained to be prepare\nand queued. Failure to do this may cause null pointer dereference when\naccessing non-existent SG entry."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:02:44.077Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8ceb21d76426bbe7072cc3e43281e70c0d664cc7"
        },
        {
          "url": "https://git.kernel.org/stable/c/0247da93bf62d33304b7bf97850ebf2a86e06d28"
        },
        {
          "url": "https://git.kernel.org/stable/c/c9e72352a10ae89a430449f7bfeb043e75c255d9"
        },
        {
          "url": "https://git.kernel.org/stable/c/1534f6f69393aac773465d80d31801b554352627"
        },
        {
          "url": "https://git.kernel.org/stable/c/b7c3d0b59213ebeedff63d128728ce0b3d7a51ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/70777a23a54e359cfdfafc625a57cd56434f3859"
        },
        {
          "url": "https://git.kernel.org/stable/c/b7fc65f5141c24785dc8c19249ca4efcf71b3524"
        }
      ],
      "title": "usb: dwc3: gadget: Fix looping of queued SG entries",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56698",
    "datePublished": "2024-12-28T09:46:21.363Z",
    "dateReserved": "2024-12-27T15:00:39.850Z",
    "dateUpdated": "2025-11-03T20:52:46.763Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53063 (GCVE-0-2024-53063)

Vulnerability from cvelistv5 – Published: 2024-11-19 17:22 – Updated: 2025-11-03 22:28

Title

media: dvbdev: prevent the risk of out of memory access

Summary

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: prevent the risk of out of memory access The dvbdev contains a static variable used to store dvb minors. The behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set or not. When not set, dvb_register_device() won't check for boundaries, as it will rely that a previous call to dvb_register_adapter() would already be enforcing it. On a similar way, dvb_device_open() uses the assumption that the register functions already did the needed checks. This can be fragile if some device ends using different calls. This also generate warnings on static check analysers like Coverity. So, add explicit guards to prevent potential risk of OOM issues.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-755 - Improper Handling of Exceptional Conditions

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/fedfde9deb83ac8d2…
	https://git.kernel.org/stable/c/3b88675e18b651704…
	https://git.kernel.org/stable/c/a4a17210c03ade1c8…
	https://git.kernel.org/stable/c/5f76f7df14861e3a5…
	https://git.kernel.org/stable/c/b751a96025275c17f…
	https://git.kernel.org/stable/c/1e461672616b726f2…
	https://git.kernel.org/stable/c/9c17085fabbde2041…
	https://git.kernel.org/stable/c/972e63e895abbe8aa…

Impacted products

Vendor

Product

Version

Linux

Affected: 5dd3f3071070f5a306bdf8d474c80062f5691cba , < fedfde9deb83ac8d2f3d5f36f111023df34b1684 (git)
Affected: 5dd3f3071070f5a306bdf8d474c80062f5691cba , < 3b88675e18b6517043a6f734eaa8ea6eb3bfa140 (git)
Affected: 5dd3f3071070f5a306bdf8d474c80062f5691cba , < a4a17210c03ade1c8d9a9f193a105654b7a05c11 (git)
Affected: 5dd3f3071070f5a306bdf8d474c80062f5691cba , < 5f76f7df14861e3a560898fa41979ec92424b58f (git)
Affected: 5dd3f3071070f5a306bdf8d474c80062f5691cba , < b751a96025275c17f04083cbfe856822f1658946 (git)
Affected: 5dd3f3071070f5a306bdf8d474c80062f5691cba , < 1e461672616b726f29261ee81bb991528818537c (git)
Affected: 5dd3f3071070f5a306bdf8d474c80062f5691cba , < 9c17085fabbde2041c893d29599800f2d4992b23 (git)
Affected: 5dd3f3071070f5a306bdf8d474c80062f5691cba , < 972e63e895abbe8aa1ccbdbb4e6362abda7cd457 (git)

Linux

Affected: 2.6.29
Unaffected: 0 , < 2.6.29 (semver)
Unaffected: 4.19.324 , ≤ 4.19.* (semver)
Unaffected: 5.4.286 , ≤ 5.4.* (semver)
Unaffected: 5.10.230 , ≤ 5.10.* (semver)
Unaffected: 5.15.172 , ≤ 5.15.* (semver)
Unaffected: 6.1.117 , ≤ 6.1.* (semver)
Unaffected: 6.6.61 , ≤ 6.6.* (semver)
Unaffected: 6.11.8 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-53063",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:12:43.056905Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-755",
                "description": "CWE-755 Improper Handling of Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:17:17.286Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:28:57.818Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/dvb-core/dvbdev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fedfde9deb83ac8d2f3d5f36f111023df34b1684",
              "status": "affected",
              "version": "5dd3f3071070f5a306bdf8d474c80062f5691cba",
              "versionType": "git"
            },
            {
              "lessThan": "3b88675e18b6517043a6f734eaa8ea6eb3bfa140",
              "status": "affected",
              "version": "5dd3f3071070f5a306bdf8d474c80062f5691cba",
              "versionType": "git"
            },
            {
              "lessThan": "a4a17210c03ade1c8d9a9f193a105654b7a05c11",
              "status": "affected",
              "version": "5dd3f3071070f5a306bdf8d474c80062f5691cba",
              "versionType": "git"
            },
            {
              "lessThan": "5f76f7df14861e3a560898fa41979ec92424b58f",
              "status": "affected",
              "version": "5dd3f3071070f5a306bdf8d474c80062f5691cba",
              "versionType": "git"
            },
            {
              "lessThan": "b751a96025275c17f04083cbfe856822f1658946",
              "status": "affected",
              "version": "5dd3f3071070f5a306bdf8d474c80062f5691cba",
              "versionType": "git"
            },
            {
              "lessThan": "1e461672616b726f29261ee81bb991528818537c",
              "status": "affected",
              "version": "5dd3f3071070f5a306bdf8d474c80062f5691cba",
              "versionType": "git"
            },
            {
              "lessThan": "9c17085fabbde2041c893d29599800f2d4992b23",
              "status": "affected",
              "version": "5dd3f3071070f5a306bdf8d474c80062f5691cba",
              "versionType": "git"
            },
            {
              "lessThan": "972e63e895abbe8aa1ccbdbb4e6362abda7cd457",
              "status": "affected",
              "version": "5dd3f3071070f5a306bdf8d474c80062f5691cba",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/dvb-core/dvbdev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.29"
            },
            {
              "lessThan": "2.6.29",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.324",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.286",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.230",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.172",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.117",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.61",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.324",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.286",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.230",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.172",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.117",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.61",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.8",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: prevent the risk of out of memory access\n\nThe dvbdev contains a static variable used to store dvb minors.\n\nThe behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set\nor not. When not set, dvb_register_device() won\u0027t check for\nboundaries, as it will rely that a previous call to\ndvb_register_adapter() would already be enforcing it.\n\nOn a similar way, dvb_device_open() uses the assumption\nthat the register functions already did the needed checks.\n\nThis can be fragile if some device ends using different\ncalls. This also generate warnings on static check analysers\nlike Coverity.\n\nSo, add explicit guards to prevent potential risk of OOM issues."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:52:00.976Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fedfde9deb83ac8d2f3d5f36f111023df34b1684"
        },
        {
          "url": "https://git.kernel.org/stable/c/3b88675e18b6517043a6f734eaa8ea6eb3bfa140"
        },
        {
          "url": "https://git.kernel.org/stable/c/a4a17210c03ade1c8d9a9f193a105654b7a05c11"
        },
        {
          "url": "https://git.kernel.org/stable/c/5f76f7df14861e3a560898fa41979ec92424b58f"
        },
        {
          "url": "https://git.kernel.org/stable/c/b751a96025275c17f04083cbfe856822f1658946"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e461672616b726f29261ee81bb991528818537c"
        },
        {
          "url": "https://git.kernel.org/stable/c/9c17085fabbde2041c893d29599800f2d4992b23"
        },
        {
          "url": "https://git.kernel.org/stable/c/972e63e895abbe8aa1ccbdbb4e6362abda7cd457"
        }
      ],
      "title": "media: dvbdev: prevent the risk of out of memory access",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53063",
    "datePublished": "2024-11-19T17:22:33.518Z",
    "dateReserved": "2024-11-19T17:17:24.975Z",
    "dateUpdated": "2025-11-03T22:28:57.818Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49952 (GCVE-0-2024-49952)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23

Title

netfilter: nf_tables: prevent nf_skb_duplicated corruption

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prevent nf_skb_duplicated corruption syzbot found that nf_dup_ipv4() or nf_dup_ipv6() could write per-cpu variable nf_skb_duplicated in an unsafe way [1]. Disabling preemption as hinted by the splat is not enough, we have to disable soft interrupts as well. [1] BUG: using __this_cpu_write() in preemptible [00000000] code: syz.4.282/6316 caller is nf_dup_ipv4+0x651/0x8f0 net/ipv4/netfilter/nf_dup_ipv4.c:87 CPU: 0 UID: 0 PID: 6316 Comm: syz.4.282 Not tainted 6.11.0-rc7-syzkaller-00104-g7052622fccb1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 check_preemption_disabled+0x10e/0x120 lib/smp_processor_id.c:49 nf_dup_ipv4+0x651/0x8f0 net/ipv4/netfilter/nf_dup_ipv4.c:87 nft_dup_ipv4_eval+0x1db/0x300 net/ipv4/netfilter/nft_dup_ipv4.c:30 expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline] nft_do_chain+0x4ad/0x1da0 net/netfilter/nf_tables_core.c:288 nft_do_chain_ipv4+0x202/0x320 net/netfilter/nft_chain_filter.c:23 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626 nf_hook+0x2c4/0x450 include/linux/netfilter.h:269 NF_HOOK_COND include/linux/netfilter.h:302 [inline] ip_output+0x185/0x230 net/ipv4/ip_output.c:433 ip_local_out net/ipv4/ip_output.c:129 [inline] ip_send_skb+0x74/0x100 net/ipv4/ip_output.c:1495 udp_send_skb+0xacf/0x1650 net/ipv4/udp.c:981 udp_sendmsg+0x1c21/0x2a60 net/ipv4/udp.c:1269 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597 ___sys_sendmsg net/socket.c:2651 [inline] __sys_sendmmsg+0x3b2/0x740 net/socket.c:2737 __do_sys_sendmmsg net/socket.c:2766 [inline] __se_sys_sendmmsg net/socket.c:2763 [inline] __x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2763 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f4ce4f7def9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f4ce5d4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00007f4ce5135f80 RCX: 00007f4ce4f7def9 RDX: 0000000000000001 RSI: 0000000020005d40 RDI: 0000000000000006 RBP: 00007f4ce4ff0b76 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f4ce5135f80 R15: 00007ffd4cbc6d68 </TASK>

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/50067d8b3f48e4cd4…
	https://git.kernel.org/stable/c/c0add6ed2cf1c4733…
	https://git.kernel.org/stable/c/531754952f5dfc4b1…
	https://git.kernel.org/stable/c/38e3fd0c4a2616052…
	https://git.kernel.org/stable/c/b40b027a0c0cc1cb9…
	https://git.kernel.org/stable/c/4e3542f40f3a94efa…
	https://git.kernel.org/stable/c/f839c5cd348201fec…
	https://git.kernel.org/stable/c/752e1924604254f17…
	https://git.kernel.org/stable/c/92ceba94de6fb4cee…

Impacted products

Vendor

Product

Version

Linux

Affected: d877f07112f1e5a247c6b585c971a93895c9f738 , < 50067d8b3f48e4cd4c9e817d3e9a5b5ff3507ca7 (git)
Affected: d877f07112f1e5a247c6b585c971a93895c9f738 , < c0add6ed2cf1c4733cd489efc61faeccd3433b41 (git)
Affected: d877f07112f1e5a247c6b585c971a93895c9f738 , < 531754952f5dfc4b141523088147071d6e6112c4 (git)
Affected: d877f07112f1e5a247c6b585c971a93895c9f738 , < 38e3fd0c4a2616052eb3c8f4e6f32d1ff47cd663 (git)
Affected: d877f07112f1e5a247c6b585c971a93895c9f738 , < b40b027a0c0cc1cb9471a13f9730bb2fff12a15b (git)
Affected: d877f07112f1e5a247c6b585c971a93895c9f738 , < 4e3542f40f3a94efa59ea328e307c50601ed7065 (git)
Affected: d877f07112f1e5a247c6b585c971a93895c9f738 , < f839c5cd348201fec440d987cbca9b979bdb4fa7 (git)
Affected: d877f07112f1e5a247c6b585c971a93895c9f738 , < 752e1924604254f1708f3e3700283a86ebdd325d (git)
Affected: d877f07112f1e5a247c6b585c971a93895c9f738 , < 92ceba94de6fb4cee2bf40b485979c342f44a492 (git)

Linux

Affected: 4.3
Unaffected: 0 , < 4.3 (semver)
Unaffected: 4.19.323 , ≤ 4.19.* (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.55 , ≤ 6.6.* (semver)
Unaffected: 6.10.14 , ≤ 6.10.* (semver)
Unaffected: 6.11.3 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49952",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:36:15.803620Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:38:48.971Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:23:32.342Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/netfilter/nf_dup_ipv4.c",
            "net/ipv6/netfilter/nf_dup_ipv6.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "50067d8b3f48e4cd4c9e817d3e9a5b5ff3507ca7",
              "status": "affected",
              "version": "d877f07112f1e5a247c6b585c971a93895c9f738",
              "versionType": "git"
            },
            {
              "lessThan": "c0add6ed2cf1c4733cd489efc61faeccd3433b41",
              "status": "affected",
              "version": "d877f07112f1e5a247c6b585c971a93895c9f738",
              "versionType": "git"
            },
            {
              "lessThan": "531754952f5dfc4b141523088147071d6e6112c4",
              "status": "affected",
              "version": "d877f07112f1e5a247c6b585c971a93895c9f738",
              "versionType": "git"
            },
            {
              "lessThan": "38e3fd0c4a2616052eb3c8f4e6f32d1ff47cd663",
              "status": "affected",
              "version": "d877f07112f1e5a247c6b585c971a93895c9f738",
              "versionType": "git"
            },
            {
              "lessThan": "b40b027a0c0cc1cb9471a13f9730bb2fff12a15b",
              "status": "affected",
              "version": "d877f07112f1e5a247c6b585c971a93895c9f738",
              "versionType": "git"
            },
            {
              "lessThan": "4e3542f40f3a94efa59ea328e307c50601ed7065",
              "status": "affected",
              "version": "d877f07112f1e5a247c6b585c971a93895c9f738",
              "versionType": "git"
            },
            {
              "lessThan": "f839c5cd348201fec440d987cbca9b979bdb4fa7",
              "status": "affected",
              "version": "d877f07112f1e5a247c6b585c971a93895c9f738",
              "versionType": "git"
            },
            {
              "lessThan": "752e1924604254f1708f3e3700283a86ebdd325d",
              "status": "affected",
              "version": "d877f07112f1e5a247c6b585c971a93895c9f738",
              "versionType": "git"
            },
            {
              "lessThan": "92ceba94de6fb4cee2bf40b485979c342f44a492",
              "status": "affected",
              "version": "d877f07112f1e5a247c6b585c971a93895c9f738",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/netfilter/nf_dup_ipv4.c",
            "net/ipv6/netfilter/nf_dup_ipv6.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.3"
            },
            {
              "lessThan": "4.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: prevent nf_skb_duplicated corruption\n\nsyzbot found that nf_dup_ipv4() or nf_dup_ipv6() could write\nper-cpu variable nf_skb_duplicated in an unsafe way [1].\n\nDisabling preemption as hinted by the splat is not enough,\nwe have to disable soft interrupts as well.\n\n[1]\nBUG: using __this_cpu_write() in preemptible [00000000] code: syz.4.282/6316\n caller is nf_dup_ipv4+0x651/0x8f0 net/ipv4/netfilter/nf_dup_ipv4.c:87\nCPU: 0 UID: 0 PID: 6316 Comm: syz.4.282 Not tainted 6.11.0-rc7-syzkaller-00104-g7052622fccb1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  check_preemption_disabled+0x10e/0x120 lib/smp_processor_id.c:49\n  nf_dup_ipv4+0x651/0x8f0 net/ipv4/netfilter/nf_dup_ipv4.c:87\n  nft_dup_ipv4_eval+0x1db/0x300 net/ipv4/netfilter/nft_dup_ipv4.c:30\n  expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n  nft_do_chain+0x4ad/0x1da0 net/netfilter/nf_tables_core.c:288\n  nft_do_chain_ipv4+0x202/0x320 net/netfilter/nft_chain_filter.c:23\n  nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n  nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n  nf_hook+0x2c4/0x450 include/linux/netfilter.h:269\n  NF_HOOK_COND include/linux/netfilter.h:302 [inline]\n  ip_output+0x185/0x230 net/ipv4/ip_output.c:433\n  ip_local_out net/ipv4/ip_output.c:129 [inline]\n  ip_send_skb+0x74/0x100 net/ipv4/ip_output.c:1495\n  udp_send_skb+0xacf/0x1650 net/ipv4/udp.c:981\n  udp_sendmsg+0x1c21/0x2a60 net/ipv4/udp.c:1269\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n  ___sys_sendmsg net/socket.c:2651 [inline]\n  __sys_sendmmsg+0x3b2/0x740 net/socket.c:2737\n  __do_sys_sendmmsg net/socket.c:2766 [inline]\n  __se_sys_sendmmsg net/socket.c:2763 [inline]\n  __x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2763\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f4ce4f7def9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f4ce5d4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133\nRAX: ffffffffffffffda RBX: 00007f4ce5135f80 RCX: 00007f4ce4f7def9\nRDX: 0000000000000001 RSI: 0000000020005d40 RDI: 0000000000000006\nRBP: 00007f4ce4ff0b76 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f4ce5135f80 R15: 00007ffd4cbc6d68\n \u003c/TASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:42:12.165Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/50067d8b3f48e4cd4c9e817d3e9a5b5ff3507ca7"
        },
        {
          "url": "https://git.kernel.org/stable/c/c0add6ed2cf1c4733cd489efc61faeccd3433b41"
        },
        {
          "url": "https://git.kernel.org/stable/c/531754952f5dfc4b141523088147071d6e6112c4"
        },
        {
          "url": "https://git.kernel.org/stable/c/38e3fd0c4a2616052eb3c8f4e6f32d1ff47cd663"
        },
        {
          "url": "https://git.kernel.org/stable/c/b40b027a0c0cc1cb9471a13f9730bb2fff12a15b"
        },
        {
          "url": "https://git.kernel.org/stable/c/4e3542f40f3a94efa59ea328e307c50601ed7065"
        },
        {
          "url": "https://git.kernel.org/stable/c/f839c5cd348201fec440d987cbca9b979bdb4fa7"
        },
        {
          "url": "https://git.kernel.org/stable/c/752e1924604254f1708f3e3700283a86ebdd325d"
        },
        {
          "url": "https://git.kernel.org/stable/c/92ceba94de6fb4cee2bf40b485979c342f44a492"
        }
      ],
      "title": "netfilter: nf_tables: prevent nf_skb_duplicated corruption",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49952",
    "datePublished": "2024-10-21T18:02:07.718Z",
    "dateReserved": "2024-10-21T12:17:06.047Z",
    "dateUpdated": "2025-11-03T22:23:32.342Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56589 (GCVE-0-2024-56589)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:50 – Updated: 2025-11-03 20:50

Title

scsi: hisi_sas: Add cond_resched() for no forced preemption model

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Add cond_resched() for no forced preemption model For no forced preemption model kernel, in the scenario where the expander is connected to 12 high performance SAS SSDs, the following call trace may occur: [ 214.409199][ C240] watchdog: BUG: soft lockup - CPU#240 stuck for 22s! [irq/149-hisi_sa:3211] [ 214.568533][ C240] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--) [ 214.575224][ C240] pc : fput_many+0x8c/0xdc [ 214.579480][ C240] lr : fput+0x1c/0xf0 [ 214.583302][ C240] sp : ffff80002de2b900 [ 214.587298][ C240] x29: ffff80002de2b900 x28: ffff1082aa412000 [ 214.593291][ C240] x27: ffff3062a0348c08 x26: ffff80003a9f6000 [ 214.599284][ C240] x25: ffff1062bbac5c40 x24: 0000000000001000 [ 214.605277][ C240] x23: 000000000000000a x22: 0000000000000001 [ 214.611270][ C240] x21: 0000000000001000 x20: 0000000000000000 [ 214.617262][ C240] x19: ffff3062a41ae580 x18: 0000000000010000 [ 214.623255][ C240] x17: 0000000000000001 x16: ffffdb3a6efe5fc0 [ 214.629248][ C240] x15: ffffffffffffffff x14: 0000000003ffffff [ 214.635241][ C240] x13: 000000000000ffff x12: 000000000000029c [ 214.641234][ C240] x11: 0000000000000006 x10: ffff80003a9f7fd0 [ 214.647226][ C240] x9 : ffffdb3a6f0482fc x8 : 0000000000000001 [ 214.653219][ C240] x7 : 0000000000000002 x6 : 0000000000000080 [ 214.659212][ C240] x5 : ffff55480ee9b000 x4 : fffffde7f94c6554 [ 214.665205][ C240] x3 : 0000000000000002 x2 : 0000000000000020 [ 214.671198][ C240] x1 : 0000000000000021 x0 : ffff3062a41ae5b8 [ 214.677191][ C240] Call trace: [ 214.680320][ C240] fput_many+0x8c/0xdc [ 214.684230][ C240] fput+0x1c/0xf0 [ 214.687707][ C240] aio_complete_rw+0xd8/0x1fc [ 214.692225][ C240] blkdev_bio_end_io+0x98/0x140 [ 214.696917][ C240] bio_endio+0x160/0x1bc [ 214.701001][ C240] blk_update_request+0x1c8/0x3bc [ 214.705867][ C240] scsi_end_request+0x3c/0x1f0 [ 214.710471][ C240] scsi_io_completion+0x7c/0x1a0 [ 214.715249][ C240] scsi_finish_command+0x104/0x140 [ 214.720200][ C240] scsi_softirq_done+0x90/0x180 [ 214.724892][ C240] blk_mq_complete_request+0x5c/0x70 [ 214.730016][ C240] scsi_mq_done+0x48/0xac [ 214.734194][ C240] sas_scsi_task_done+0xbc/0x16c [libsas] [ 214.739758][ C240] slot_complete_v3_hw+0x260/0x760 [hisi_sas_v3_hw] [ 214.746185][ C240] cq_thread_v3_hw+0xbc/0x190 [hisi_sas_v3_hw] [ 214.752179][ C240] irq_thread_fn+0x34/0xa4 [ 214.756435][ C240] irq_thread+0xc4/0x130 [ 214.760520][ C240] kthread+0x108/0x13c [ 214.764430][ C240] ret_from_fork+0x10/0x18 This is because in the hisi_sas driver, both the hardware interrupt handler and the interrupt thread are executed on the same CPU. In the performance test scenario, function irq_wait_for_interrupt() will always return 0 if lots of interrupts occurs and the CPU will be continuously consumed. As a result, the CPU cannot run the watchdog thread. When the watchdog time exceeds the specified time, call trace occurs. To fix it, add cond_resched() to execute the watchdog thread.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3dd2c5cb2c698a02a…
	https://git.kernel.org/stable/c/2174bbc235f79fce8…
	https://git.kernel.org/stable/c/2991a023896b79e67…
	https://git.kernel.org/stable/c/50ddf4b0e1a4cb5e9…
	https://git.kernel.org/stable/c/601f8001373fc3fba…
	https://git.kernel.org/stable/c/2233c4a0b94821174…

Impacted products

Vendor

Product

Version

Linux

Affected: 47caad1577cd7a39e2048c5e4edbce4b863dc12b , < 3dd2c5cb2c698a02a4ed2ea0acb7c9909374a8bf (git)
Affected: 47caad1577cd7a39e2048c5e4edbce4b863dc12b , < 2174bbc235f79fce88ea71fd08cf836568fcad5f (git)
Affected: 47caad1577cd7a39e2048c5e4edbce4b863dc12b , < 2991a023896b79e6753813ed88fbc98979713c73 (git)
Affected: 47caad1577cd7a39e2048c5e4edbce4b863dc12b , < 50ddf4b0e1a4cb5e9ca0aac3d0a73202b903c87f (git)
Affected: 47caad1577cd7a39e2048c5e4edbce4b863dc12b , < 601f8001373fc3fbad498f9be427254908b7fcce (git)
Affected: 47caad1577cd7a39e2048c5e4edbce4b863dc12b , < 2233c4a0b948211743659b24c13d6bd059fa75fc (git)

Linux

Affected: 4.5
Unaffected: 0 , < 4.5 (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:50:12.609Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/hisi_sas/hisi_sas_v3_hw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3dd2c5cb2c698a02a4ed2ea0acb7c9909374a8bf",
              "status": "affected",
              "version": "47caad1577cd7a39e2048c5e4edbce4b863dc12b",
              "versionType": "git"
            },
            {
              "lessThan": "2174bbc235f79fce88ea71fd08cf836568fcad5f",
              "status": "affected",
              "version": "47caad1577cd7a39e2048c5e4edbce4b863dc12b",
              "versionType": "git"
            },
            {
              "lessThan": "2991a023896b79e6753813ed88fbc98979713c73",
              "status": "affected",
              "version": "47caad1577cd7a39e2048c5e4edbce4b863dc12b",
              "versionType": "git"
            },
            {
              "lessThan": "50ddf4b0e1a4cb5e9ca0aac3d0a73202b903c87f",
              "status": "affected",
              "version": "47caad1577cd7a39e2048c5e4edbce4b863dc12b",
              "versionType": "git"
            },
            {
              "lessThan": "601f8001373fc3fbad498f9be427254908b7fcce",
              "status": "affected",
              "version": "47caad1577cd7a39e2048c5e4edbce4b863dc12b",
              "versionType": "git"
            },
            {
              "lessThan": "2233c4a0b948211743659b24c13d6bd059fa75fc",
              "status": "affected",
              "version": "47caad1577cd7a39e2048c5e4edbce4b863dc12b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/hisi_sas/hisi_sas_v3_hw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.5"
            },
            {
              "lessThan": "4.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Add cond_resched() for no forced preemption model\n\nFor no forced preemption model kernel, in the scenario where the\nexpander is connected to 12 high performance SAS SSDs, the following\ncall trace may occur:\n\n[  214.409199][  C240] watchdog: BUG: soft lockup - CPU#240 stuck for 22s! [irq/149-hisi_sa:3211]\n[  214.568533][  C240] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--)\n[  214.575224][  C240] pc : fput_many+0x8c/0xdc\n[  214.579480][  C240] lr : fput+0x1c/0xf0\n[  214.583302][  C240] sp : ffff80002de2b900\n[  214.587298][  C240] x29: ffff80002de2b900 x28: ffff1082aa412000\n[  214.593291][  C240] x27: ffff3062a0348c08 x26: ffff80003a9f6000\n[  214.599284][  C240] x25: ffff1062bbac5c40 x24: 0000000000001000\n[  214.605277][  C240] x23: 000000000000000a x22: 0000000000000001\n[  214.611270][  C240] x21: 0000000000001000 x20: 0000000000000000\n[  214.617262][  C240] x19: ffff3062a41ae580 x18: 0000000000010000\n[  214.623255][  C240] x17: 0000000000000001 x16: ffffdb3a6efe5fc0\n[  214.629248][  C240] x15: ffffffffffffffff x14: 0000000003ffffff\n[  214.635241][  C240] x13: 000000000000ffff x12: 000000000000029c\n[  214.641234][  C240] x11: 0000000000000006 x10: ffff80003a9f7fd0\n[  214.647226][  C240] x9 : ffffdb3a6f0482fc x8 : 0000000000000001\n[  214.653219][  C240] x7 : 0000000000000002 x6 : 0000000000000080\n[  214.659212][  C240] x5 : ffff55480ee9b000 x4 : fffffde7f94c6554\n[  214.665205][  C240] x3 : 0000000000000002 x2 : 0000000000000020\n[  214.671198][  C240] x1 : 0000000000000021 x0 : ffff3062a41ae5b8\n[  214.677191][  C240] Call trace:\n[  214.680320][  C240]  fput_many+0x8c/0xdc\n[  214.684230][  C240]  fput+0x1c/0xf0\n[  214.687707][  C240]  aio_complete_rw+0xd8/0x1fc\n[  214.692225][  C240]  blkdev_bio_end_io+0x98/0x140\n[  214.696917][  C240]  bio_endio+0x160/0x1bc\n[  214.701001][  C240]  blk_update_request+0x1c8/0x3bc\n[  214.705867][  C240]  scsi_end_request+0x3c/0x1f0\n[  214.710471][  C240]  scsi_io_completion+0x7c/0x1a0\n[  214.715249][  C240]  scsi_finish_command+0x104/0x140\n[  214.720200][  C240]  scsi_softirq_done+0x90/0x180\n[  214.724892][  C240]  blk_mq_complete_request+0x5c/0x70\n[  214.730016][  C240]  scsi_mq_done+0x48/0xac\n[  214.734194][  C240]  sas_scsi_task_done+0xbc/0x16c [libsas]\n[  214.739758][  C240]  slot_complete_v3_hw+0x260/0x760 [hisi_sas_v3_hw]\n[  214.746185][  C240]  cq_thread_v3_hw+0xbc/0x190 [hisi_sas_v3_hw]\n[  214.752179][  C240]  irq_thread_fn+0x34/0xa4\n[  214.756435][  C240]  irq_thread+0xc4/0x130\n[  214.760520][  C240]  kthread+0x108/0x13c\n[  214.764430][  C240]  ret_from_fork+0x10/0x18\n\nThis is because in the hisi_sas driver, both the hardware interrupt\nhandler and the interrupt thread are executed on the same CPU. In the\nperformance test scenario, function irq_wait_for_interrupt() will always\nreturn 0 if lots of interrupts occurs and the CPU will be continuously\nconsumed. As a result, the CPU cannot run the watchdog thread. When the\nwatchdog time exceeds the specified time, call trace occurs.\n\nTo fix it, add cond_resched() to execute the watchdog thread."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:59:09.845Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3dd2c5cb2c698a02a4ed2ea0acb7c9909374a8bf"
        },
        {
          "url": "https://git.kernel.org/stable/c/2174bbc235f79fce88ea71fd08cf836568fcad5f"
        },
        {
          "url": "https://git.kernel.org/stable/c/2991a023896b79e6753813ed88fbc98979713c73"
        },
        {
          "url": "https://git.kernel.org/stable/c/50ddf4b0e1a4cb5e9ca0aac3d0a73202b903c87f"
        },
        {
          "url": "https://git.kernel.org/stable/c/601f8001373fc3fbad498f9be427254908b7fcce"
        },
        {
          "url": "https://git.kernel.org/stable/c/2233c4a0b948211743659b24c13d6bd059fa75fc"
        }
      ],
      "title": "scsi: hisi_sas: Add cond_resched() for no forced preemption model",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56589",
    "datePublished": "2024-12-27T14:50:56.983Z",
    "dateReserved": "2024-12-27T14:03:06.002Z",
    "dateUpdated": "2025-11-03T20:50:12.609Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-57841 (GCVE-0-2024-57841)

Vulnerability from cvelistv5 – Published: 2025-01-15 13:10 – Updated: 2025-11-03 20:54

Title

net: fix memory leak in tcp_conn_request()

Summary

In the Linux kernel, the following vulnerability has been resolved: net: fix memory leak in tcp_conn_request() If inet_csk_reqsk_queue_hash_add() return false, tcp_conn_request() will return without free the dst memory, which allocated in af_ops->route_req. Here is the kmemleak stack: unreferenced object 0xffff8881198631c0 (size 240): comm "softirq", pid 0, jiffies 4299266571 (age 1802.392s) hex dump (first 32 bytes): 00 10 9b 03 81 88 ff ff 80 98 da bc ff ff ff ff ................ 81 55 18 bb ff ff ff ff 00 00 00 00 00 00 00 00 .U.............. backtrace: [<ffffffffb93e8d4c>] kmem_cache_alloc+0x60c/0xa80 [<ffffffffba11b4c5>] dst_alloc+0x55/0x250 [<ffffffffba227bf6>] rt_dst_alloc+0x46/0x1d0 [<ffffffffba23050a>] __mkroute_output+0x29a/0xa50 [<ffffffffba23456b>] ip_route_output_key_hash+0x10b/0x240 [<ffffffffba2346bd>] ip_route_output_flow+0x1d/0x90 [<ffffffffba254855>] inet_csk_route_req+0x2c5/0x500 [<ffffffffba26b331>] tcp_conn_request+0x691/0x12c0 [<ffffffffba27bd08>] tcp_rcv_state_process+0x3c8/0x11b0 [<ffffffffba2965c6>] tcp_v4_do_rcv+0x156/0x3b0 [<ffffffffba299c98>] tcp_v4_rcv+0x1cf8/0x1d80 [<ffffffffba239656>] ip_protocol_deliver_rcu+0xf6/0x360 [<ffffffffba2399a6>] ip_local_deliver_finish+0xe6/0x1e0 [<ffffffffba239b8e>] ip_local_deliver+0xee/0x360 [<ffffffffba239ead>] ip_rcv+0xad/0x2f0 [<ffffffffba110943>] __netif_receive_skb_one_core+0x123/0x140 Call dst_release() to free the dst memory when inet_csk_reqsk_queue_hash_add() return false in tcp_conn_request().

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-401 - Missing Release of Memory after Effective Lifetime

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9d38959677291552d…
	https://git.kernel.org/stable/c/de3f999bf8aee16e9…
	https://git.kernel.org/stable/c/2af69905180b3fea1…
	https://git.kernel.org/stable/c/b0b190218c78d8aee…
	https://git.kernel.org/stable/c/4f4aa4aa28142d53f…

Impacted products

Vendor

Product

Version

Linux

Affected: 527bec1f56ac7a2fceb8eb77eb0fc2678ecba394 , < 9d38959677291552d1b0ed2689a540af279b5bf8 (git)
Affected: c14f3c3793f7a785763e353df7fc40426187f832 , < de3f999bf8aee16e9da1c1224191abdc69e97c9d (git)
Affected: fdae4d139f4778b20a40c60705c53f5f146459b5 , < 2af69905180b3fea12f9c1db374b153a06977021 (git)
Affected: ff46e3b4421923937b7f6e44ffcd3549a074f321 , < b0b190218c78d8aeecfba36ea3a90063b3ede52d (git)
Affected: ff46e3b4421923937b7f6e44ffcd3549a074f321 , < 4f4aa4aa28142d53f8b06585c478476cfe325cfc (git)
Affected: 360892e60710427229fc1f7bb2218cf4d578229b (git)

Linux

Affected: 6.10
Unaffected: 0 , < 6.10 (semver)
Unaffected: 5.15.176 , ≤ 5.15.* (semver)
Unaffected: 6.1.124 , ≤ 6.1.* (semver)
Unaffected: 6.6.70 , ≤ 6.6.* (semver)
Unaffected: 6.12.9 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-57841",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:54:23.329434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-401",
                "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:18.572Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:54:41.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_input.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9d38959677291552d1b0ed2689a540af279b5bf8",
              "status": "affected",
              "version": "527bec1f56ac7a2fceb8eb77eb0fc2678ecba394",
              "versionType": "git"
            },
            {
              "lessThan": "de3f999bf8aee16e9da1c1224191abdc69e97c9d",
              "status": "affected",
              "version": "c14f3c3793f7a785763e353df7fc40426187f832",
              "versionType": "git"
            },
            {
              "lessThan": "2af69905180b3fea12f9c1db374b153a06977021",
              "status": "affected",
              "version": "fdae4d139f4778b20a40c60705c53f5f146459b5",
              "versionType": "git"
            },
            {
              "lessThan": "b0b190218c78d8aeecfba36ea3a90063b3ede52d",
              "status": "affected",
              "version": "ff46e3b4421923937b7f6e44ffcd3549a074f321",
              "versionType": "git"
            },
            {
              "lessThan": "4f4aa4aa28142d53f8b06585c478476cfe325cfc",
              "status": "affected",
              "version": "ff46e3b4421923937b7f6e44ffcd3549a074f321",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "360892e60710427229fc1f7bb2218cf4d578229b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_input.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.10"
            },
            {
              "lessThan": "6.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.124",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.70",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.176",
                  "versionStartIncluding": "5.15.162",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.124",
                  "versionStartIncluding": "6.1.97",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.70",
                  "versionStartIncluding": "6.6.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.9",
                  "versionStartIncluding": "6.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "6.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.9.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix memory leak in tcp_conn_request()\n\nIf inet_csk_reqsk_queue_hash_add() return false, tcp_conn_request() will\nreturn without free the dst memory, which allocated in af_ops-\u003eroute_req.\n\nHere is the kmemleak stack:\n\nunreferenced object 0xffff8881198631c0 (size 240):\n  comm \"softirq\", pid 0, jiffies 4299266571 (age 1802.392s)\n  hex dump (first 32 bytes):\n    00 10 9b 03 81 88 ff ff 80 98 da bc ff ff ff ff  ................\n    81 55 18 bb ff ff ff ff 00 00 00 00 00 00 00 00  .U..............\n  backtrace:\n    [\u003cffffffffb93e8d4c\u003e] kmem_cache_alloc+0x60c/0xa80\n    [\u003cffffffffba11b4c5\u003e] dst_alloc+0x55/0x250\n    [\u003cffffffffba227bf6\u003e] rt_dst_alloc+0x46/0x1d0\n    [\u003cffffffffba23050a\u003e] __mkroute_output+0x29a/0xa50\n    [\u003cffffffffba23456b\u003e] ip_route_output_key_hash+0x10b/0x240\n    [\u003cffffffffba2346bd\u003e] ip_route_output_flow+0x1d/0x90\n    [\u003cffffffffba254855\u003e] inet_csk_route_req+0x2c5/0x500\n    [\u003cffffffffba26b331\u003e] tcp_conn_request+0x691/0x12c0\n    [\u003cffffffffba27bd08\u003e] tcp_rcv_state_process+0x3c8/0x11b0\n    [\u003cffffffffba2965c6\u003e] tcp_v4_do_rcv+0x156/0x3b0\n    [\u003cffffffffba299c98\u003e] tcp_v4_rcv+0x1cf8/0x1d80\n    [\u003cffffffffba239656\u003e] ip_protocol_deliver_rcu+0xf6/0x360\n    [\u003cffffffffba2399a6\u003e] ip_local_deliver_finish+0xe6/0x1e0\n    [\u003cffffffffba239b8e\u003e] ip_local_deliver+0xee/0x360\n    [\u003cffffffffba239ead\u003e] ip_rcv+0xad/0x2f0\n    [\u003cffffffffba110943\u003e] __netif_receive_skb_one_core+0x123/0x140\n\nCall dst_release() to free the dst memory when\ninet_csk_reqsk_queue_hash_add() return false in tcp_conn_request()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T13:01:26.346Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9d38959677291552d1b0ed2689a540af279b5bf8"
        },
        {
          "url": "https://git.kernel.org/stable/c/de3f999bf8aee16e9da1c1224191abdc69e97c9d"
        },
        {
          "url": "https://git.kernel.org/stable/c/2af69905180b3fea12f9c1db374b153a06977021"
        },
        {
          "url": "https://git.kernel.org/stable/c/b0b190218c78d8aeecfba36ea3a90063b3ede52d"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f4aa4aa28142d53f8b06585c478476cfe325cfc"
        }
      ],
      "title": "net: fix memory leak in tcp_conn_request()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57841",
    "datePublished": "2025-01-15T13:10:26.842Z",
    "dateReserved": "2025-01-15T13:08:59.716Z",
    "dateUpdated": "2025-11-03T20:54:41.406Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21648 (GCVE-0-2025-21648)

Vulnerability from cvelistv5 – Published: 2025-01-19 10:18 – Updated: 2025-11-03 20:58

Title

netfilter: conntrack: clamp maximum hashtable size to INT_MAX

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. See: 0708a0afe291 ("mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls") Note: hashtable resize is only possible from init_netns.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a965f7f0ea3ae61b9…
	https://git.kernel.org/stable/c/b1b2353d768f1b80c…
	https://git.kernel.org/stable/c/5552b4fd44be3393b…
	https://git.kernel.org/stable/c/d5807dd1328bbc86e…
	https://git.kernel.org/stable/c/f559357d035877b9d…
	https://git.kernel.org/stable/c/b541ba7d1f5a5b7b3…

Impacted products

Vendor

Product

Version

Linux

Affected: 9cc1c73ad66610bffc80b691136ffc1e9a3b1a58 , < a965f7f0ea3ae61b9165bed619d5d6da02c75f80 (git)
Affected: 9cc1c73ad66610bffc80b691136ffc1e9a3b1a58 , < b1b2353d768f1b80cd7fe045a70adee576b9b338 (git)
Affected: 9cc1c73ad66610bffc80b691136ffc1e9a3b1a58 , < 5552b4fd44be3393b930434a7845d8d95a2a3c33 (git)
Affected: 9cc1c73ad66610bffc80b691136ffc1e9a3b1a58 , < d5807dd1328bbc86e059c5de80d1bbee9d58ca3d (git)
Affected: 9cc1c73ad66610bffc80b691136ffc1e9a3b1a58 , < f559357d035877b9d0dcd273e0ff83e18e1d46aa (git)
Affected: 9cc1c73ad66610bffc80b691136ffc1e9a3b1a58 , < b541ba7d1f5a5b7b3e2e22dc9e40e18a7d6dbc13 (git)

Linux

Affected: 4.7
Unaffected: 0 , < 4.7 (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.125 , ≤ 6.1.* (semver)
Unaffected: 6.6.72 , ≤ 6.6.* (semver)
Unaffected: 6.12.10 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:58:30.561Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_conntrack_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a965f7f0ea3ae61b9165bed619d5d6da02c75f80",
              "status": "affected",
              "version": "9cc1c73ad66610bffc80b691136ffc1e9a3b1a58",
              "versionType": "git"
            },
            {
              "lessThan": "b1b2353d768f1b80cd7fe045a70adee576b9b338",
              "status": "affected",
              "version": "9cc1c73ad66610bffc80b691136ffc1e9a3b1a58",
              "versionType": "git"
            },
            {
              "lessThan": "5552b4fd44be3393b930434a7845d8d95a2a3c33",
              "status": "affected",
              "version": "9cc1c73ad66610bffc80b691136ffc1e9a3b1a58",
              "versionType": "git"
            },
            {
              "lessThan": "d5807dd1328bbc86e059c5de80d1bbee9d58ca3d",
              "status": "affected",
              "version": "9cc1c73ad66610bffc80b691136ffc1e9a3b1a58",
              "versionType": "git"
            },
            {
              "lessThan": "f559357d035877b9d0dcd273e0ff83e18e1d46aa",
              "status": "affected",
              "version": "9cc1c73ad66610bffc80b691136ffc1e9a3b1a58",
              "versionType": "git"
            },
            {
              "lessThan": "b541ba7d1f5a5b7b3e2e22dc9e40e18a7d6dbc13",
              "status": "affected",
              "version": "9cc1c73ad66610bffc80b691136ffc1e9a3b1a58",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_conntrack_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.125",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.72",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.125",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.72",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.10",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: clamp maximum hashtable size to INT_MAX\n\nUse INT_MAX as maximum size for the conntrack hashtable. Otherwise, it\nis possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when\nresizing hashtable because __GFP_NOWARN is unset. See:\n\n  0708a0afe291 (\"mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls\")\n\nNote: hashtable resize is only possible from init_netns."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:18:12.315Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a965f7f0ea3ae61b9165bed619d5d6da02c75f80"
        },
        {
          "url": "https://git.kernel.org/stable/c/b1b2353d768f1b80cd7fe045a70adee576b9b338"
        },
        {
          "url": "https://git.kernel.org/stable/c/5552b4fd44be3393b930434a7845d8d95a2a3c33"
        },
        {
          "url": "https://git.kernel.org/stable/c/d5807dd1328bbc86e059c5de80d1bbee9d58ca3d"
        },
        {
          "url": "https://git.kernel.org/stable/c/f559357d035877b9d0dcd273e0ff83e18e1d46aa"
        },
        {
          "url": "https://git.kernel.org/stable/c/b541ba7d1f5a5b7b3e2e22dc9e40e18a7d6dbc13"
        }
      ],
      "title": "netfilter: conntrack: clamp maximum hashtable size to INT_MAX",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21648",
    "datePublished": "2025-01-19T10:18:05.700Z",
    "dateReserved": "2024-12-29T08:45:45.728Z",
    "dateUpdated": "2025-11-03T20:58:30.561Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46784 (GCVE-0-2024-46784)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2025-11-03 22:18

Title

net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup

Summary

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Currently napi_disable() gets called during rxq and txq cleanup, even before napi is enabled and hrtimer is initialized. It causes kernel panic. ? page_fault_oops+0x136/0x2b0 ? page_counter_cancel+0x2e/0x80 ? do_user_addr_fault+0x2f2/0x640 ? refill_obj_stock+0xc4/0x110 ? exc_page_fault+0x71/0x160 ? asm_exc_page_fault+0x27/0x30 ? __mmdrop+0x10/0x180 ? __mmdrop+0xec/0x180 ? hrtimer_active+0xd/0x50 hrtimer_try_to_cancel+0x2c/0xf0 hrtimer_cancel+0x15/0x30 napi_disable+0x65/0x90 mana_destroy_rxq+0x4c/0x2f0 mana_create_rxq.isra.0+0x56c/0x6d0 ? mana_uncfg_vport+0x50/0x50 mana_alloc_queues+0x21b/0x320 ? skb_dequeue+0x5f/0x80

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/386617efacab10bf5…
	https://git.kernel.org/stable/c/9178eb8ebcd887ab7…
	https://git.kernel.org/stable/c/9e0bff4900b5d412a…
	https://git.kernel.org/stable/c/4982a47154f0b50de…
	https://git.kernel.org/stable/c/b6ecc662037694488…

Impacted products

Vendor

Product

Version

Linux

Affected: e1b5683ff62e7b328317aec08869495992053e9d , < 386617efacab10bf5bb40bde403467c57cc00470 (git)
Affected: e1b5683ff62e7b328317aec08869495992053e9d , < 9178eb8ebcd887ab75e54ac40d538e54bb9c7788 (git)
Affected: e1b5683ff62e7b328317aec08869495992053e9d , < 9e0bff4900b5d412a9bafe4baeaa6facd34f671c (git)
Affected: e1b5683ff62e7b328317aec08869495992053e9d , < 4982a47154f0b50de81ee0a0b169a3fc74120a65 (git)
Affected: e1b5683ff62e7b328317aec08869495992053e9d , < b6ecc662037694488bfff7c9fd21c405df8411f2 (git)

Linux

Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 5.15.181 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46784",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:29:42.594600Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:29:56.871Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:18:31.242Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/microsoft/mana/mana_en.c",
            "include/net/mana/mana.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "386617efacab10bf5bb40bde403467c57cc00470",
              "status": "affected",
              "version": "e1b5683ff62e7b328317aec08869495992053e9d",
              "versionType": "git"
            },
            {
              "lessThan": "9178eb8ebcd887ab75e54ac40d538e54bb9c7788",
              "status": "affected",
              "version": "e1b5683ff62e7b328317aec08869495992053e9d",
              "versionType": "git"
            },
            {
              "lessThan": "9e0bff4900b5d412a9bafe4baeaa6facd34f671c",
              "status": "affected",
              "version": "e1b5683ff62e7b328317aec08869495992053e9d",
              "versionType": "git"
            },
            {
              "lessThan": "4982a47154f0b50de81ee0a0b169a3fc74120a65",
              "status": "affected",
              "version": "e1b5683ff62e7b328317aec08869495992053e9d",
              "versionType": "git"
            },
            {
              "lessThan": "b6ecc662037694488bfff7c9fd21c405df8411f2",
              "status": "affected",
              "version": "e1b5683ff62e7b328317aec08869495992053e9d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/microsoft/mana/mana_en.c",
            "include/net/mana/mana.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.181",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.181",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix error handling in mana_create_txq/rxq\u0027s NAPI cleanup\n\nCurrently napi_disable() gets called during rxq and txq cleanup,\neven before napi is enabled and hrtimer is initialized. It causes\nkernel panic.\n\n? page_fault_oops+0x136/0x2b0\n  ? page_counter_cancel+0x2e/0x80\n  ? do_user_addr_fault+0x2f2/0x640\n  ? refill_obj_stock+0xc4/0x110\n  ? exc_page_fault+0x71/0x160\n  ? asm_exc_page_fault+0x27/0x30\n  ? __mmdrop+0x10/0x180\n  ? __mmdrop+0xec/0x180\n  ? hrtimer_active+0xd/0x50\n  hrtimer_try_to_cancel+0x2c/0xf0\n  hrtimer_cancel+0x15/0x30\n  napi_disable+0x65/0x90\n  mana_destroy_rxq+0x4c/0x2f0\n  mana_create_rxq.isra.0+0x56c/0x6d0\n  ? mana_uncfg_vport+0x50/0x50\n  mana_alloc_queues+0x21b/0x320\n  ? skb_dequeue+0x5f/0x80"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:34:14.257Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/386617efacab10bf5bb40bde403467c57cc00470"
        },
        {
          "url": "https://git.kernel.org/stable/c/9178eb8ebcd887ab75e54ac40d538e54bb9c7788"
        },
        {
          "url": "https://git.kernel.org/stable/c/9e0bff4900b5d412a9bafe4baeaa6facd34f671c"
        },
        {
          "url": "https://git.kernel.org/stable/c/4982a47154f0b50de81ee0a0b169a3fc74120a65"
        },
        {
          "url": "https://git.kernel.org/stable/c/b6ecc662037694488bfff7c9fd21c405df8411f2"
        }
      ],
      "title": "net: mana: Fix error handling in mana_create_txq/rxq\u0027s NAPI cleanup",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46784",
    "datePublished": "2024-09-18T07:12:40.594Z",
    "dateReserved": "2024-09-11T15:12:18.277Z",
    "dateUpdated": "2025-11-03T22:18:31.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53181 (GCVE-0-2024-53181)

Vulnerability from cvelistv5 – Published: 2024-12-27 13:49 – Updated: 2026-01-05 10:55

Title

um: vector: Do not use drvdata in release

Summary

In the Linux kernel, the following vulnerability has been resolved: um: vector: Do not use drvdata in release The drvdata is not available in release. Let's just use container_of() to get the vector_device instance. Otherwise, removing a vector device will result in a crash: RIP: 0033:vector_device_release+0xf/0x50 RSP: 00000000e187bc40 EFLAGS: 00010202 RAX: 0000000060028f61 RBX: 00000000600f1baf RCX: 00000000620074e0 RDX: 000000006220b9c0 RSI: 0000000060551c80 RDI: 0000000000000000 RBP: 00000000e187bc50 R08: 00000000603ad594 R09: 00000000e187bb70 R10: 000000000000135a R11: 00000000603ad422 R12: 00000000623ae028 R13: 000000006287a200 R14: 0000000062006d30 R15: 00000000623700b6 Kernel panic - not syncing: Segfault with no mm CPU: 0 UID: 0 PID: 16 Comm: kworker/0:1 Not tainted 6.12.0-rc6-g59b723cd2adb #1 Workqueue: events mc_work_proc Stack: 60028f61 623ae028 e187bc80 60276fcd 6220b9c0 603f5820 623ae028 00000000 e187bcb0 603a2bcd 623ae000 62370010 Call Trace: [<60028f61>] ? vector_device_release+0x0/0x50 [<60276fcd>] device_release+0x70/0xba [<603a2bcd>] kobject_put+0xba/0xe7 [<60277265>] put_device+0x19/0x1c [<60281266>] platform_device_put+0x26/0x29 [<60281e5f>] platform_device_unregister+0x2c/0x2e [<60029422>] vector_remove+0x52/0x58 [<60031316>] ? mconsole_reply+0x0/0x50 [<600310c8>] mconsole_remove+0x160/0x1cc [<603b19f4>] ? strlen+0x0/0x15 [<60066611>] ? __dequeue_entity+0x1a9/0x206 [<600666a7>] ? set_next_entity+0x39/0x63 [<6006666e>] ? set_next_entity+0x0/0x63 [<60038fa6>] ? um_set_signals+0x0/0x43 [<6003070c>] mc_work_proc+0x77/0x91 [<60057664>] process_scheduled_works+0x1b3/0x2dd [<60055f32>] ? assign_work+0x0/0x58 [<60057f0a>] worker_thread+0x1e9/0x293 [<6005406f>] ? set_pf_worker+0x0/0x64 [<6005d65d>] ? arch_local_irq_save+0x0/0x2d [<6005d748>] ? kthread_exit+0x0/0x3a [<60057d21>] ? worker_thread+0x0/0x293 [<6005dbf1>] kthread+0x126/0x12b [<600219c5>] new_thread_handler+0x85/0xb6

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8ed7793f6f589b4e1…
	https://git.kernel.org/stable/c/376c7f0beb8f6f380…
	https://git.kernel.org/stable/c/35f8f72b45791a6a7…
	https://git.kernel.org/stable/c/bef9a2835011668c2…
	https://git.kernel.org/stable/c/dc5251b1af5c9a074…
	https://git.kernel.org/stable/c/8204dd589c4f25a76…
	https://git.kernel.org/stable/c/e9d36f7e71a907ec5…
	https://git.kernel.org/stable/c/12f52e373d63f008e…
	https://git.kernel.org/stable/c/51b39d741970742a5…

Impacted products

Vendor

Product

Version

Linux

Affected: 49da7e64f33e80edffb1a9eeb230fa4c3f42dffb , < 8ed7793f6f589b4e1f0b38f8448578d2a48f9c82 (git)
Affected: 49da7e64f33e80edffb1a9eeb230fa4c3f42dffb , < 376c7f0beb8f6f3800fc3013ef2f422d0cbfbf92 (git)
Affected: 49da7e64f33e80edffb1a9eeb230fa4c3f42dffb , < 35f8f72b45791a6a71b81140c59d02a6183b6f3b (git)
Affected: 49da7e64f33e80edffb1a9eeb230fa4c3f42dffb , < bef9a2835011668c221851a7572b6c8433087f85 (git)
Affected: 49da7e64f33e80edffb1a9eeb230fa4c3f42dffb , < dc5251b1af5c9a0749322bf58bd5aa673f545fe2 (git)
Affected: 49da7e64f33e80edffb1a9eeb230fa4c3f42dffb , < 8204dd589c4f25a7618eece5da3f0871e02af8ae (git)
Affected: 49da7e64f33e80edffb1a9eeb230fa4c3f42dffb , < e9d36f7e71a907ec507f84ee5d60a622c345cac4 (git)
Affected: 49da7e64f33e80edffb1a9eeb230fa4c3f42dffb , < 12f52e373d63f008ee386f371bdd82a3a3779199 (git)
Affected: 49da7e64f33e80edffb1a9eeb230fa4c3f42dffb , < 51b39d741970742a5c41136241a9c48ac607cf82 (git)

Linux

Affected: 4.17
Unaffected: 0 , < 4.17 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:47:15.140Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/um/drivers/vector_kern.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8ed7793f6f589b4e1f0b38f8448578d2a48f9c82",
              "status": "affected",
              "version": "49da7e64f33e80edffb1a9eeb230fa4c3f42dffb",
              "versionType": "git"
            },
            {
              "lessThan": "376c7f0beb8f6f3800fc3013ef2f422d0cbfbf92",
              "status": "affected",
              "version": "49da7e64f33e80edffb1a9eeb230fa4c3f42dffb",
              "versionType": "git"
            },
            {
              "lessThan": "35f8f72b45791a6a71b81140c59d02a6183b6f3b",
              "status": "affected",
              "version": "49da7e64f33e80edffb1a9eeb230fa4c3f42dffb",
              "versionType": "git"
            },
            {
              "lessThan": "bef9a2835011668c221851a7572b6c8433087f85",
              "status": "affected",
              "version": "49da7e64f33e80edffb1a9eeb230fa4c3f42dffb",
              "versionType": "git"
            },
            {
              "lessThan": "dc5251b1af5c9a0749322bf58bd5aa673f545fe2",
              "status": "affected",
              "version": "49da7e64f33e80edffb1a9eeb230fa4c3f42dffb",
              "versionType": "git"
            },
            {
              "lessThan": "8204dd589c4f25a7618eece5da3f0871e02af8ae",
              "status": "affected",
              "version": "49da7e64f33e80edffb1a9eeb230fa4c3f42dffb",
              "versionType": "git"
            },
            {
              "lessThan": "e9d36f7e71a907ec507f84ee5d60a622c345cac4",
              "status": "affected",
              "version": "49da7e64f33e80edffb1a9eeb230fa4c3f42dffb",
              "versionType": "git"
            },
            {
              "lessThan": "12f52e373d63f008ee386f371bdd82a3a3779199",
              "status": "affected",
              "version": "49da7e64f33e80edffb1a9eeb230fa4c3f42dffb",
              "versionType": "git"
            },
            {
              "lessThan": "51b39d741970742a5c41136241a9c48ac607cf82",
              "status": "affected",
              "version": "49da7e64f33e80edffb1a9eeb230fa4c3f42dffb",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/um/drivers/vector_kern.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.17"
            },
            {
              "lessThan": "4.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\num: vector: Do not use drvdata in release\n\nThe drvdata is not available in release. Let\u0027s just use container_of()\nto get the vector_device instance. Otherwise, removing a vector device\nwill result in a crash:\n\nRIP: 0033:vector_device_release+0xf/0x50\nRSP: 00000000e187bc40  EFLAGS: 00010202\nRAX: 0000000060028f61 RBX: 00000000600f1baf RCX: 00000000620074e0\nRDX: 000000006220b9c0 RSI: 0000000060551c80 RDI: 0000000000000000\nRBP: 00000000e187bc50 R08: 00000000603ad594 R09: 00000000e187bb70\nR10: 000000000000135a R11: 00000000603ad422 R12: 00000000623ae028\nR13: 000000006287a200 R14: 0000000062006d30 R15: 00000000623700b6\nKernel panic - not syncing: Segfault with no mm\nCPU: 0 UID: 0 PID: 16 Comm: kworker/0:1 Not tainted 6.12.0-rc6-g59b723cd2adb #1\nWorkqueue: events mc_work_proc\nStack:\n 60028f61 623ae028 e187bc80 60276fcd\n 6220b9c0 603f5820 623ae028 00000000\n e187bcb0 603a2bcd 623ae000 62370010\nCall Trace:\n [\u003c60028f61\u003e] ? vector_device_release+0x0/0x50\n [\u003c60276fcd\u003e] device_release+0x70/0xba\n [\u003c603a2bcd\u003e] kobject_put+0xba/0xe7\n [\u003c60277265\u003e] put_device+0x19/0x1c\n [\u003c60281266\u003e] platform_device_put+0x26/0x29\n [\u003c60281e5f\u003e] platform_device_unregister+0x2c/0x2e\n [\u003c60029422\u003e] vector_remove+0x52/0x58\n [\u003c60031316\u003e] ? mconsole_reply+0x0/0x50\n [\u003c600310c8\u003e] mconsole_remove+0x160/0x1cc\n [\u003c603b19f4\u003e] ? strlen+0x0/0x15\n [\u003c60066611\u003e] ? __dequeue_entity+0x1a9/0x206\n [\u003c600666a7\u003e] ? set_next_entity+0x39/0x63\n [\u003c6006666e\u003e] ? set_next_entity+0x0/0x63\n [\u003c60038fa6\u003e] ? um_set_signals+0x0/0x43\n [\u003c6003070c\u003e] mc_work_proc+0x77/0x91\n [\u003c60057664\u003e] process_scheduled_works+0x1b3/0x2dd\n [\u003c60055f32\u003e] ? assign_work+0x0/0x58\n [\u003c60057f0a\u003e] worker_thread+0x1e9/0x293\n [\u003c6005406f\u003e] ? set_pf_worker+0x0/0x64\n [\u003c6005d65d\u003e] ? arch_local_irq_save+0x0/0x2d\n [\u003c6005d748\u003e] ? kthread_exit+0x0/0x3a\n [\u003c60057d21\u003e] ? worker_thread+0x0/0x293\n [\u003c6005dbf1\u003e] kthread+0x126/0x12b\n [\u003c600219c5\u003e] new_thread_handler+0x85/0xb6"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:55:45.184Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8ed7793f6f589b4e1f0b38f8448578d2a48f9c82"
        },
        {
          "url": "https://git.kernel.org/stable/c/376c7f0beb8f6f3800fc3013ef2f422d0cbfbf92"
        },
        {
          "url": "https://git.kernel.org/stable/c/35f8f72b45791a6a71b81140c59d02a6183b6f3b"
        },
        {
          "url": "https://git.kernel.org/stable/c/bef9a2835011668c221851a7572b6c8433087f85"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc5251b1af5c9a0749322bf58bd5aa673f545fe2"
        },
        {
          "url": "https://git.kernel.org/stable/c/8204dd589c4f25a7618eece5da3f0871e02af8ae"
        },
        {
          "url": "https://git.kernel.org/stable/c/e9d36f7e71a907ec507f84ee5d60a622c345cac4"
        },
        {
          "url": "https://git.kernel.org/stable/c/12f52e373d63f008ee386f371bdd82a3a3779199"
        },
        {
          "url": "https://git.kernel.org/stable/c/51b39d741970742a5c41136241a9c48ac607cf82"
        }
      ],
      "title": "um: vector: Do not use drvdata in release",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53181",
    "datePublished": "2024-12-27T13:49:24.919Z",
    "dateReserved": "2024-11-19T17:17:25.008Z",
    "dateUpdated": "2026-01-05T10:55:45.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53145 (GCVE-0-2024-53145)

Vulnerability from cvelistv5 – Published: 2024-12-24 11:28 – Updated: 2025-11-03 20:46

Title

um: Fix potential integer overflow during physmem setup

Summary

In the Linux kernel, the following vulnerability has been resolved: um: Fix potential integer overflow during physmem setup This issue happens when the real map size is greater than LONG_MAX, which can be easily triggered on UML/i386.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5c710f45811e7e2bf…
	https://git.kernel.org/stable/c/e6102b72edc4eb8c0…
	https://git.kernel.org/stable/c/1bd118c5f887802ce…
	https://git.kernel.org/stable/c/1575df968650d1177…
	https://git.kernel.org/stable/c/a875c023155ea92b7…
	https://git.kernel.org/stable/c/d1a211e5210d31da8…
	https://git.kernel.org/stable/c/a9c95f787b88b2916…
	https://git.kernel.org/stable/c/a98b7761f697e590e…

Impacted products

Vendor

Product

Version

Linux

Affected: fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1 , < 5c710f45811e7e2bfcf703980c306f19c7e1ecfe (git)
Affected: fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1 , < e6102b72edc4eb8c0858df00ba74b5ce579c8fa2 (git)
Affected: fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1 , < 1bd118c5f887802cef2d9ba0d1917258667f1cae (git)
Affected: fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1 , < 1575df968650d11771359e5ac78278c5b0cc19f3 (git)
Affected: fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1 , < a875c023155ea92b75d6323977003e64d92ae7fc (git)
Affected: fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1 , < d1a211e5210d31da8f49fc0021bf7129b726468c (git)
Affected: fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1 , < a9c95f787b88b29165563fd97761032db77116e7 (git)
Affected: fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1 , < a98b7761f697e590ed5d610d87fa12be66f23419 (git)

Linux

Affected: 4.1
Unaffected: 0 , < 4.1 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-53145",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:09:57.683968Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-190",
                "description": "CWE-190 Integer Overflow or Wraparound",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:17:09.520Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:46:27.001Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/um/kernel/physmem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5c710f45811e7e2bfcf703980c306f19c7e1ecfe",
              "status": "affected",
              "version": "fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1",
              "versionType": "git"
            },
            {
              "lessThan": "e6102b72edc4eb8c0858df00ba74b5ce579c8fa2",
              "status": "affected",
              "version": "fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1",
              "versionType": "git"
            },
            {
              "lessThan": "1bd118c5f887802cef2d9ba0d1917258667f1cae",
              "status": "affected",
              "version": "fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1",
              "versionType": "git"
            },
            {
              "lessThan": "1575df968650d11771359e5ac78278c5b0cc19f3",
              "status": "affected",
              "version": "fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1",
              "versionType": "git"
            },
            {
              "lessThan": "a875c023155ea92b75d6323977003e64d92ae7fc",
              "status": "affected",
              "version": "fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1",
              "versionType": "git"
            },
            {
              "lessThan": "d1a211e5210d31da8f49fc0021bf7129b726468c",
              "status": "affected",
              "version": "fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1",
              "versionType": "git"
            },
            {
              "lessThan": "a9c95f787b88b29165563fd97761032db77116e7",
              "status": "affected",
              "version": "fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1",
              "versionType": "git"
            },
            {
              "lessThan": "a98b7761f697e590ed5d610d87fa12be66f23419",
              "status": "affected",
              "version": "fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/um/kernel/physmem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\num: Fix potential integer overflow during physmem setup\n\nThis issue happens when the real map size is greater than LONG_MAX,\nwhich can be easily triggered on UML/i386."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:54:10.919Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5c710f45811e7e2bfcf703980c306f19c7e1ecfe"
        },
        {
          "url": "https://git.kernel.org/stable/c/e6102b72edc4eb8c0858df00ba74b5ce579c8fa2"
        },
        {
          "url": "https://git.kernel.org/stable/c/1bd118c5f887802cef2d9ba0d1917258667f1cae"
        },
        {
          "url": "https://git.kernel.org/stable/c/1575df968650d11771359e5ac78278c5b0cc19f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/a875c023155ea92b75d6323977003e64d92ae7fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/d1a211e5210d31da8f49fc0021bf7129b726468c"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9c95f787b88b29165563fd97761032db77116e7"
        },
        {
          "url": "https://git.kernel.org/stable/c/a98b7761f697e590ed5d610d87fa12be66f23419"
        }
      ],
      "title": "um: Fix potential integer overflow during physmem setup",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53145",
    "datePublished": "2024-12-24T11:28:46.113Z",
    "dateReserved": "2024-11-19T17:17:24.997Z",
    "dateUpdated": "2025-11-03T20:46:27.001Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56586 (GCVE-0-2024-56586)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:50 – Updated: 2025-11-03 20:50

Title

f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.

Summary

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. creating a large files during checkpoint disable until it runs out of space and then delete it, then remount to enable checkpoint again, and then unmount the filesystem triggers the f2fs_bug_on as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/inode.c:896! CPU: 2 UID: 0 PID: 1286 Comm: umount Not tainted 6.11.0-rc7-dirty #360 Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:f2fs_evict_inode+0x58c/0x610 Call Trace: __die_body+0x15/0x60 die+0x33/0x50 do_trap+0x10a/0x120 f2fs_evict_inode+0x58c/0x610 do_error_trap+0x60/0x80 f2fs_evict_inode+0x58c/0x610 exc_invalid_op+0x53/0x60 f2fs_evict_inode+0x58c/0x610 asm_exc_invalid_op+0x16/0x20 f2fs_evict_inode+0x58c/0x610 evict+0x101/0x260 dispose_list+0x30/0x50 evict_inodes+0x140/0x190 generic_shutdown_super+0x2f/0x150 kill_block_super+0x11/0x40 kill_f2fs_super+0x7d/0x140 deactivate_locked_super+0x2a/0x70 cleanup_mnt+0xb3/0x140 task_work_run+0x61/0x90 The root cause is: creating large files during disable checkpoint period results in not enough free segments, so when writing back root inode will failed in f2fs_enable_checkpoint. When umount the file system after enabling checkpoint, the root inode is dirty in f2fs_evict_inode function, which triggers BUG_ON. The steps to reproduce are as follows: dd if=/dev/zero of=f2fs.img bs=1M count=55 mount f2fs.img f2fs_dir -o checkpoint=disable:10% dd if=/dev/zero of=big bs=1M count=50 sync rm big mount -o remount,checkpoint=enable f2fs_dir umount f2fs_dir Let's redirty inode when there is not free segments during checkpoint is disable.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ac8aaf78bd039fa1b…
	https://git.kernel.org/stable/c/dff561e4060d28edc…
	https://git.kernel.org/stable/c/a365de2fbfbe1e674…
	https://git.kernel.org/stable/c/ef517d2d21c3d8e2a…
	https://git.kernel.org/stable/c/9669b28f81e0ec630…
	https://git.kernel.org/stable/c/9e28513fd2858911d…
	https://git.kernel.org/stable/c/d5c367ef8287fb4d2…

Impacted products

Vendor

Product

Version

Linux

Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < ac8aaf78bd039fa1be0acaa8e84a56499f79d721 (git)
Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < dff561e4060d28edc9a2960d4a87f3c945a96aa3 (git)
Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < a365de2fbfbe1e6740bfb75ab5c3245cf7bbe4d7 (git)
Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < ef517d2d21c3d8e2ad35b2bb728bd1c90a31e617 (git)
Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < 9669b28f81e0ec6305af7773846fbe2cef1e7d61 (git)
Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < 9e28513fd2858911dcf47b84160a8824587536b6 (git)
Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < d5c367ef8287fb4d235c46a2f8c8d68715f3a0ca (git)

Linux

Affected: 3.8
Unaffected: 0 , < 3.8 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:50:06.930Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ac8aaf78bd039fa1be0acaa8e84a56499f79d721",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "dff561e4060d28edc9a2960d4a87f3c945a96aa3",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "a365de2fbfbe1e6740bfb75ab5c3245cf7bbe4d7",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "ef517d2d21c3d8e2ad35b2bb728bd1c90a31e617",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "9669b28f81e0ec6305af7773846fbe2cef1e7d61",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "9e28513fd2858911dcf47b84160a8824587536b6",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "d5c367ef8287fb4d235c46a2f8c8d68715f3a0ca",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.8"
            },
            {
              "lessThan": "3.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.\n\ncreating a large files during checkpoint disable until it runs out of\nspace and then delete it, then remount to enable checkpoint again, and\nthen unmount the filesystem triggers the f2fs_bug_on as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/inode.c:896!\nCPU: 2 UID: 0 PID: 1286 Comm: umount Not tainted 6.11.0-rc7-dirty #360\nOops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:f2fs_evict_inode+0x58c/0x610\nCall Trace:\n __die_body+0x15/0x60\n die+0x33/0x50\n do_trap+0x10a/0x120\n f2fs_evict_inode+0x58c/0x610\n do_error_trap+0x60/0x80\n f2fs_evict_inode+0x58c/0x610\n exc_invalid_op+0x53/0x60\n f2fs_evict_inode+0x58c/0x610\n asm_exc_invalid_op+0x16/0x20\n f2fs_evict_inode+0x58c/0x610\n evict+0x101/0x260\n dispose_list+0x30/0x50\n evict_inodes+0x140/0x190\n generic_shutdown_super+0x2f/0x150\n kill_block_super+0x11/0x40\n kill_f2fs_super+0x7d/0x140\n deactivate_locked_super+0x2a/0x70\n cleanup_mnt+0xb3/0x140\n task_work_run+0x61/0x90\n\nThe root cause is: creating large files during disable checkpoint\nperiod results in not enough free segments, so when writing back root\ninode will failed in f2fs_enable_checkpoint. When umount the file\nsystem after enabling checkpoint, the root inode is dirty in\nf2fs_evict_inode function, which triggers BUG_ON. The steps to\nreproduce are as follows:\n\ndd if=/dev/zero of=f2fs.img bs=1M count=55\nmount f2fs.img f2fs_dir -o checkpoint=disable:10%\ndd if=/dev/zero of=big bs=1M count=50\nsync\nrm big\nmount -o remount,checkpoint=enable f2fs_dir\numount f2fs_dir\n\nLet\u0027s redirty inode when there is not free segments during checkpoint\nis disable."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T17:21:32.749Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ac8aaf78bd039fa1be0acaa8e84a56499f79d721"
        },
        {
          "url": "https://git.kernel.org/stable/c/dff561e4060d28edc9a2960d4a87f3c945a96aa3"
        },
        {
          "url": "https://git.kernel.org/stable/c/a365de2fbfbe1e6740bfb75ab5c3245cf7bbe4d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef517d2d21c3d8e2ad35b2bb728bd1c90a31e617"
        },
        {
          "url": "https://git.kernel.org/stable/c/9669b28f81e0ec6305af7773846fbe2cef1e7d61"
        },
        {
          "url": "https://git.kernel.org/stable/c/9e28513fd2858911dcf47b84160a8824587536b6"
        },
        {
          "url": "https://git.kernel.org/stable/c/d5c367ef8287fb4d235c46a2f8c8d68715f3a0ca"
        }
      ],
      "title": "f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56586",
    "datePublished": "2024-12-27T14:50:54.378Z",
    "dateReserved": "2024-12-27T14:03:06.001Z",
    "dateUpdated": "2025-11-03T20:50:06.930Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56763 (GCVE-0-2024-56763)

Vulnerability from cvelistv5 – Published: 2025-01-06 16:20 – Updated: 2025-11-03 20:53

Title

tracing: Prevent bad count for tracing_cpumask_write

Summary

In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for tracing_cpumask_write If a large count is provided, it will trigger a warning in bitmap_parse_user. Also check zero for it.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/2558d753df0628d41…
	https://git.kernel.org/stable/c/f60172b447317cb6c…
	https://git.kernel.org/stable/c/3d15f4c2449558ffe…
	https://git.kernel.org/stable/c/03041e474a6a8f1bf…
	https://git.kernel.org/stable/c/1cca920af19df5dd9…
	https://git.kernel.org/stable/c/98feccbf32cfdde8c…

Impacted products

Vendor

Product

Version

Linux

Affected: 9e01c1b74c9531e301c900edaa92a99fcb7738f2 , < 2558d753df0628d4187d8e1fd989339460f4f364 (git)
Affected: 9e01c1b74c9531e301c900edaa92a99fcb7738f2 , < f60172b447317cb6c5e74b5601a151866269baf6 (git)
Affected: 9e01c1b74c9531e301c900edaa92a99fcb7738f2 , < 3d15f4c2449558ffe83b4dba30614ef1cd6937c3 (git)
Affected: 9e01c1b74c9531e301c900edaa92a99fcb7738f2 , < 03041e474a6a8f1bfd4b96b164bb3165c48fa1a3 (git)
Affected: 9e01c1b74c9531e301c900edaa92a99fcb7738f2 , < 1cca920af19df5dd91254e5ff35e68e911683706 (git)
Affected: 9e01c1b74c9531e301c900edaa92a99fcb7738f2 , < 98feccbf32cfdde8c722bc4587aaa60ee5ac33f0 (git)

Linux

Affected: 2.6.29
Unaffected: 0 , < 2.6.29 (semver)
Unaffected: 5.10.233 , ≤ 5.10.* (semver)
Unaffected: 5.15.176 , ≤ 5.15.* (semver)
Unaffected: 6.1.123 , ≤ 6.1.* (semver)
Unaffected: 6.6.69 , ≤ 6.6.* (semver)
Unaffected: 6.12.8 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:53:55.401Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/trace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2558d753df0628d4187d8e1fd989339460f4f364",
              "status": "affected",
              "version": "9e01c1b74c9531e301c900edaa92a99fcb7738f2",
              "versionType": "git"
            },
            {
              "lessThan": "f60172b447317cb6c5e74b5601a151866269baf6",
              "status": "affected",
              "version": "9e01c1b74c9531e301c900edaa92a99fcb7738f2",
              "versionType": "git"
            },
            {
              "lessThan": "3d15f4c2449558ffe83b4dba30614ef1cd6937c3",
              "status": "affected",
              "version": "9e01c1b74c9531e301c900edaa92a99fcb7738f2",
              "versionType": "git"
            },
            {
              "lessThan": "03041e474a6a8f1bfd4b96b164bb3165c48fa1a3",
              "status": "affected",
              "version": "9e01c1b74c9531e301c900edaa92a99fcb7738f2",
              "versionType": "git"
            },
            {
              "lessThan": "1cca920af19df5dd91254e5ff35e68e911683706",
              "status": "affected",
              "version": "9e01c1b74c9531e301c900edaa92a99fcb7738f2",
              "versionType": "git"
            },
            {
              "lessThan": "98feccbf32cfdde8c722bc4587aaa60ee5ac33f0",
              "status": "affected",
              "version": "9e01c1b74c9531e301c900edaa92a99fcb7738f2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/trace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.29"
            },
            {
              "lessThan": "2.6.29",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.233",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.123",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.69",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.233",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.176",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.123",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.69",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.8",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Prevent bad count for tracing_cpumask_write\n\nIf a large count is provided, it will trigger a warning in bitmap_parse_user.\nAlso check zero for it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:04:09.269Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2558d753df0628d4187d8e1fd989339460f4f364"
        },
        {
          "url": "https://git.kernel.org/stable/c/f60172b447317cb6c5e74b5601a151866269baf6"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d15f4c2449558ffe83b4dba30614ef1cd6937c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/03041e474a6a8f1bfd4b96b164bb3165c48fa1a3"
        },
        {
          "url": "https://git.kernel.org/stable/c/1cca920af19df5dd91254e5ff35e68e911683706"
        },
        {
          "url": "https://git.kernel.org/stable/c/98feccbf32cfdde8c722bc4587aaa60ee5ac33f0"
        }
      ],
      "title": "tracing: Prevent bad count for tracing_cpumask_write",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56763",
    "datePublished": "2025-01-06T16:20:42.530Z",
    "dateReserved": "2024-12-29T11:26:39.762Z",
    "dateUpdated": "2025-11-03T20:53:55.401Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-55916 (GCVE-0-2024-55916)

Vulnerability from cvelistv5 – Published: 2025-01-11 12:35 – Updated: 2025-11-03 20:48

Title

Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet

Summary

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet If the KVP (or VSS) daemon starts before the VMBus channel's ringbuffer is fully initialized, we can hit the panic below: hv_utils: Registering HyperV Utility Driver hv_vmbus: registering driver hv_utils ... BUG: kernel NULL pointer dereference, address: 0000000000000000 CPU: 44 UID: 0 PID: 2552 Comm: hv_kvp_daemon Tainted: G E 6.11.0-rc3+ #1 RIP: 0010:hv_pkt_iter_first+0x12/0xd0 Call Trace: ... vmbus_recvpacket hv_kvp_onchannelcallback vmbus_on_event tasklet_action_common tasklet_action handle_softirqs irq_exit_rcu sysvec_hyperv_stimer0 </IRQ> <TASK> asm_sysvec_hyperv_stimer0 ... kvp_register_done hvt_op_read vfs_read ksys_read __x64_sys_read This can happen because the KVP/VSS channel callback can be invoked even before the channel is fully opened: 1) as soon as hv_kvp_init() -> hvutil_transport_init() creates /dev/vmbus/hv_kvp, the kvp daemon can open the device file immediately and register itself to the driver by writing a message KVP_OP_REGISTER1 to the file (which is handled by kvp_on_msg() ->kvp_handle_handshake()) and reading the file for the driver's response, which is handled by hvt_op_read(), which calls hvt->on_read(), i.e. kvp_register_done(). 2) the problem with kvp_register_done() is that it can cause the channel callback to be called even before the channel is fully opened, and when the channel callback is starting to run, util_probe()-> vmbus_open() may have not initialized the ringbuffer yet, so the callback can hit the panic of NULL pointer dereference. To reproduce the panic consistently, we can add a "ssleep(10)" for KVP in __vmbus_open(), just before the first hv_ringbuffer_init(), and then we unload and reload the driver hv_utils, and run the daemon manually within the 10 seconds. Fix the panic by reordering the steps in util_probe() so the char dev entry used by the KVP or VSS daemon is not created until after vmbus_open() has completed. This reordering prevents the race condition from happening.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f091a224a2c82f1e3…
	https://git.kernel.org/stable/c/d81f4e73aff9b8616…
	https://git.kernel.org/stable/c/042253c57be901bfd…
	https://git.kernel.org/stable/c/718fe694a334be9d1…
	https://git.kernel.org/stable/c/89fcec5e466b3ac9b…
	https://git.kernel.org/stable/c/3dd7a30c6d7f90afc…
	https://git.kernel.org/stable/c/07a756a49f4b4290b…

Impacted products

Vendor

Product

Version

Linux

Affected: e0fa3e5e7df61eb2c339c9f0067c202c0cdeec2c , < f091a224a2c82f1e302b1768d73bb6332f687321 (git)
Affected: e0fa3e5e7df61eb2c339c9f0067c202c0cdeec2c , < d81f4e73aff9b861671df60e5100ad25cc16fbf8 (git)
Affected: e0fa3e5e7df61eb2c339c9f0067c202c0cdeec2c , < 042253c57be901bfd19f15b68267442b70f510d5 (git)
Affected: e0fa3e5e7df61eb2c339c9f0067c202c0cdeec2c , < 718fe694a334be9d1a89eed22602369ac18d6583 (git)
Affected: e0fa3e5e7df61eb2c339c9f0067c202c0cdeec2c , < 89fcec5e466b3ac9b376e0d621c71effa1a7983f (git)
Affected: e0fa3e5e7df61eb2c339c9f0067c202c0cdeec2c , < 3dd7a30c6d7f90afcf19e9b072f572ba524d7ec6 (git)
Affected: e0fa3e5e7df61eb2c339c9f0067c202c0cdeec2c , < 07a756a49f4b4290b49ea46e089cbe6f79ff8d26 (git)

Linux

Affected: 4.9
Unaffected: 0 , < 4.9 (semver)
Unaffected: 5.4.289 , ≤ 5.4.* (semver)
Unaffected: 5.10.233 , ≤ 5.10.* (semver)
Unaffected: 5.15.176 , ≤ 5.15.* (semver)
Unaffected: 6.1.122 , ≤ 6.1.* (semver)
Unaffected: 6.6.68 , ≤ 6.6.* (semver)
Unaffected: 6.12.7 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-55916",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:55:21.065122Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:21.020Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:48:52.286Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/hv/hv_kvp.c",
            "drivers/hv/hv_snapshot.c",
            "drivers/hv/hv_util.c",
            "drivers/hv/hyperv_vmbus.h",
            "include/linux/hyperv.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f091a224a2c82f1e302b1768d73bb6332f687321",
              "status": "affected",
              "version": "e0fa3e5e7df61eb2c339c9f0067c202c0cdeec2c",
              "versionType": "git"
            },
            {
              "lessThan": "d81f4e73aff9b861671df60e5100ad25cc16fbf8",
              "status": "affected",
              "version": "e0fa3e5e7df61eb2c339c9f0067c202c0cdeec2c",
              "versionType": "git"
            },
            {
              "lessThan": "042253c57be901bfd19f15b68267442b70f510d5",
              "status": "affected",
              "version": "e0fa3e5e7df61eb2c339c9f0067c202c0cdeec2c",
              "versionType": "git"
            },
            {
              "lessThan": "718fe694a334be9d1a89eed22602369ac18d6583",
              "status": "affected",
              "version": "e0fa3e5e7df61eb2c339c9f0067c202c0cdeec2c",
              "versionType": "git"
            },
            {
              "lessThan": "89fcec5e466b3ac9b376e0d621c71effa1a7983f",
              "status": "affected",
              "version": "e0fa3e5e7df61eb2c339c9f0067c202c0cdeec2c",
              "versionType": "git"
            },
            {
              "lessThan": "3dd7a30c6d7f90afcf19e9b072f572ba524d7ec6",
              "status": "affected",
              "version": "e0fa3e5e7df61eb2c339c9f0067c202c0cdeec2c",
              "versionType": "git"
            },
            {
              "lessThan": "07a756a49f4b4290b49ea46e089cbe6f79ff8d26",
              "status": "affected",
              "version": "e0fa3e5e7df61eb2c339c9f0067c202c0cdeec2c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/hv/hv_kvp.c",
            "drivers/hv/hv_snapshot.c",
            "drivers/hv/hv_util.c",
            "drivers/hv/hyperv_vmbus.h",
            "include/linux/hyperv.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.9"
            },
            {
              "lessThan": "4.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.289",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.233",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.122",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.68",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.289",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.233",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.176",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.122",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.68",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.7",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: util: Avoid accessing a ringbuffer not initialized yet\n\nIf the KVP (or VSS) daemon starts before the VMBus channel\u0027s ringbuffer is\nfully initialized, we can hit the panic below:\n\nhv_utils: Registering HyperV Utility Driver\nhv_vmbus: registering driver hv_utils\n...\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCPU: 44 UID: 0 PID: 2552 Comm: hv_kvp_daemon Tainted: G E 6.11.0-rc3+ #1\nRIP: 0010:hv_pkt_iter_first+0x12/0xd0\nCall Trace:\n...\n vmbus_recvpacket\n hv_kvp_onchannelcallback\n vmbus_on_event\n tasklet_action_common\n tasklet_action\n handle_softirqs\n irq_exit_rcu\n sysvec_hyperv_stimer0\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_hyperv_stimer0\n...\n kvp_register_done\n hvt_op_read\n vfs_read\n ksys_read\n __x64_sys_read\n\nThis can happen because the KVP/VSS channel callback can be invoked\neven before the channel is fully opened:\n1) as soon as hv_kvp_init() -\u003e hvutil_transport_init() creates\n/dev/vmbus/hv_kvp, the kvp daemon can open the device file immediately and\nregister itself to the driver by writing a message KVP_OP_REGISTER1 to the\nfile (which is handled by kvp_on_msg() -\u003ekvp_handle_handshake()) and\nreading the file for the driver\u0027s response, which is handled by\nhvt_op_read(), which calls hvt-\u003eon_read(), i.e. kvp_register_done().\n\n2) the problem with kvp_register_done() is that it can cause the\nchannel callback to be called even before the channel is fully opened,\nand when the channel callback is starting to run, util_probe()-\u003e\nvmbus_open() may have not initialized the ringbuffer yet, so the\ncallback can hit the panic of NULL pointer dereference.\n\nTo reproduce the panic consistently, we can add a \"ssleep(10)\" for KVP in\n__vmbus_open(), just before the first hv_ringbuffer_init(), and then we\nunload and reload the driver hv_utils, and run the daemon manually within\nthe 10 seconds.\n\nFix the panic by reordering the steps in util_probe() so the char dev\nentry used by the KVP or VSS daemon is not created until after\nvmbus_open() has completed. This reordering prevents the race condition\nfrom happening."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:57:19.361Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f091a224a2c82f1e302b1768d73bb6332f687321"
        },
        {
          "url": "https://git.kernel.org/stable/c/d81f4e73aff9b861671df60e5100ad25cc16fbf8"
        },
        {
          "url": "https://git.kernel.org/stable/c/042253c57be901bfd19f15b68267442b70f510d5"
        },
        {
          "url": "https://git.kernel.org/stable/c/718fe694a334be9d1a89eed22602369ac18d6583"
        },
        {
          "url": "https://git.kernel.org/stable/c/89fcec5e466b3ac9b376e0d621c71effa1a7983f"
        },
        {
          "url": "https://git.kernel.org/stable/c/3dd7a30c6d7f90afcf19e9b072f572ba524d7ec6"
        },
        {
          "url": "https://git.kernel.org/stable/c/07a756a49f4b4290b49ea46e089cbe6f79ff8d26"
        }
      ],
      "title": "Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-55916",
    "datePublished": "2025-01-11T12:35:44.800Z",
    "dateReserved": "2025-01-09T09:49:29.678Z",
    "dateUpdated": "2025-11-03T20:48:52.286Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-57892 (GCVE-0-2024-57892)

Vulnerability from cvelistv5 – Published: 2025-01-15 13:05 – Updated: 2025-11-03 20:55

Title

ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv

Summary

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv When mounting ocfs2 and then remounting it as read-only, a slab-use-after-free occurs after the user uses a syscall to quota_getnextquota. Specifically, sb_dqinfo(sb, type)->dqi_priv is the dangling pointer. During the remounting process, the pointer dqi_priv is freed but is never set as null leaving it to be accessed. Additionally, the read-only option for remounting sets the DQUOT_SUSPENDED flag instead of setting the DQUOT_USAGE_ENABLED flags. Moreover, later in the process of getting the next quota, the function ocfs2_get_next_id is called and only checks the quota usage flags and not the quota suspended flags. To fix this, I set dqi_priv to null when it is freed after remounting with read-only and put a check for DQUOT_SUSPENDED in ocfs2_get_next_id. [akpm@linux-foundation.org: coding-style cleanups]

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/58f9e20e2a7602e1d…
	https://git.kernel.org/stable/c/8ff6f635a08c30559…
	https://git.kernel.org/stable/c/f44e6d70c100614c2…
	https://git.kernel.org/stable/c/2d431192486367eee…
	https://git.kernel.org/stable/c/2e3d203b1adede46b…
	https://git.kernel.org/stable/c/ba950a02d8d23811a…
	https://git.kernel.org/stable/c/5f3fd772d152229d9…

Impacted products

Vendor

Product

Version

Linux

Affected: 8f9e8f5fcc059a3cba87ce837c88316797ef3645 , < 58f9e20e2a7602e1dd649a1ec4790077c251cb6c (git)
Affected: 8f9e8f5fcc059a3cba87ce837c88316797ef3645 , < 8ff6f635a08c30559ded0c110c7ce03ba7747d11 (git)
Affected: 8f9e8f5fcc059a3cba87ce837c88316797ef3645 , < f44e6d70c100614c211703f065cad448050e4a0e (git)
Affected: 8f9e8f5fcc059a3cba87ce837c88316797ef3645 , < 2d431192486367eee03cc28d0b53b97dafcb8e63 (git)
Affected: 8f9e8f5fcc059a3cba87ce837c88316797ef3645 , < 2e3d203b1adede46bbba049e497765d67865be18 (git)
Affected: 8f9e8f5fcc059a3cba87ce837c88316797ef3645 , < ba950a02d8d23811aa1120affd3adedcfac6153d (git)
Affected: 8f9e8f5fcc059a3cba87ce837c88316797ef3645 , < 5f3fd772d152229d94602bca243fbb658068a597 (git)

Linux

Affected: 4.6
Unaffected: 0 , < 4.6 (semver)
Unaffected: 5.4.290 , ≤ 5.4.* (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.125 , ≤ 6.1.* (semver)
Unaffected: 6.6.70 , ≤ 6.6.* (semver)
Unaffected: 6.12.9 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-57892",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T13:55:16.692610Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-13T14:04:27.066Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:55:05.774Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/quota_global.c",
            "fs/ocfs2/quota_local.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "58f9e20e2a7602e1dd649a1ec4790077c251cb6c",
              "status": "affected",
              "version": "8f9e8f5fcc059a3cba87ce837c88316797ef3645",
              "versionType": "git"
            },
            {
              "lessThan": "8ff6f635a08c30559ded0c110c7ce03ba7747d11",
              "status": "affected",
              "version": "8f9e8f5fcc059a3cba87ce837c88316797ef3645",
              "versionType": "git"
            },
            {
              "lessThan": "f44e6d70c100614c211703f065cad448050e4a0e",
              "status": "affected",
              "version": "8f9e8f5fcc059a3cba87ce837c88316797ef3645",
              "versionType": "git"
            },
            {
              "lessThan": "2d431192486367eee03cc28d0b53b97dafcb8e63",
              "status": "affected",
              "version": "8f9e8f5fcc059a3cba87ce837c88316797ef3645",
              "versionType": "git"
            },
            {
              "lessThan": "2e3d203b1adede46bbba049e497765d67865be18",
              "status": "affected",
              "version": "8f9e8f5fcc059a3cba87ce837c88316797ef3645",
              "versionType": "git"
            },
            {
              "lessThan": "ba950a02d8d23811aa1120affd3adedcfac6153d",
              "status": "affected",
              "version": "8f9e8f5fcc059a3cba87ce837c88316797ef3645",
              "versionType": "git"
            },
            {
              "lessThan": "5f3fd772d152229d94602bca243fbb658068a597",
              "status": "affected",
              "version": "8f9e8f5fcc059a3cba87ce837c88316797ef3645",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/quota_global.c",
            "fs/ocfs2/quota_local.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.6"
            },
            {
              "lessThan": "4.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.290",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.125",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.70",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.290",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.125",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.70",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.9",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix slab-use-after-free due to dangling pointer dqi_priv\n\nWhen mounting ocfs2 and then remounting it as read-only, a\nslab-use-after-free occurs after the user uses a syscall to\nquota_getnextquota.  Specifically, sb_dqinfo(sb, type)-\u003edqi_priv is the\ndangling pointer.\n\nDuring the remounting process, the pointer dqi_priv is freed but is never\nset as null leaving it to be accessed.  Additionally, the read-only option\nfor remounting sets the DQUOT_SUSPENDED flag instead of setting the\nDQUOT_USAGE_ENABLED flags.  Moreover, later in the process of getting the\nnext quota, the function ocfs2_get_next_id is called and only checks the\nquota usage flags and not the quota suspended flags.\n\nTo fix this, I set dqi_priv to null when it is freed after remounting with\nread-only and put a check for DQUOT_SUSPENDED in ocfs2_get_next_id.\n\n[akpm@linux-foundation.org: coding-style cleanups]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:06:02.283Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/58f9e20e2a7602e1dd649a1ec4790077c251cb6c"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ff6f635a08c30559ded0c110c7ce03ba7747d11"
        },
        {
          "url": "https://git.kernel.org/stable/c/f44e6d70c100614c211703f065cad448050e4a0e"
        },
        {
          "url": "https://git.kernel.org/stable/c/2d431192486367eee03cc28d0b53b97dafcb8e63"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e3d203b1adede46bbba049e497765d67865be18"
        },
        {
          "url": "https://git.kernel.org/stable/c/ba950a02d8d23811aa1120affd3adedcfac6153d"
        },
        {
          "url": "https://git.kernel.org/stable/c/5f3fd772d152229d94602bca243fbb658068a597"
        }
      ],
      "title": "ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57892",
    "datePublished": "2025-01-15T13:05:44.635Z",
    "dateReserved": "2025-01-11T14:45:42.028Z",
    "dateUpdated": "2025-11-03T20:55:05.774Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56619 (GCVE-0-2024-56619)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:51 – Updated: 2025-11-03 20:51

Title

nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()

Summary

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() Syzbot reported that when searching for records in a directory where the inode's i_size is corrupted and has a large value, memory access outside the folio/page range may occur, or a use-after-free bug may be detected if KASAN is enabled. This is because nilfs_last_byte(), which is called by nilfs_find_entry() and others to calculate the number of valid bytes of directory data in a page from i_size and the page index, loses the upper 32 bits of the 64-bit size information due to an inappropriate type of local variable to which the i_size value is assigned. This caused a large byte offset value due to underflow in the end address calculation in the calling nilfs_find_entry(), resulting in memory access that exceeds the folio/page size. Fix this issue by changing the type of the local variable causing the bit loss from "unsigned int" to "u64". The return value of nilfs_last_byte() is also of type "unsigned int", but it is truncated so as not to exceed PAGE_SIZE and no bit loss occurs, so no change is required.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/09d6d05579fd46e61…
	https://git.kernel.org/stable/c/e3732102a9d638d86…
	https://git.kernel.org/stable/c/48eb6e7404948032b…
	https://git.kernel.org/stable/c/5af8366625182f01f…
	https://git.kernel.org/stable/c/c3afea07477baccdb…
	https://git.kernel.org/stable/c/31f7b57a77d4c82a3…
	https://git.kernel.org/stable/c/985ebec4ab0a28bb5…

Impacted products

Vendor

Product

Version

Linux

Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < 09d6d05579fd46e61abf6e457bb100ff11f3a9d3 (git)
Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < e3732102a9d638d8627d14fdf7b208462f0520e0 (git)
Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < 48eb6e7404948032bbe811c5affbe39f6b316951 (git)
Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < 5af8366625182f01f6d8465c9a3210574673af57 (git)
Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < c3afea07477baccdbdec4483f8d5e59d42a3f67f (git)
Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < 31f7b57a77d4c82a34ddcb6ff35b5aa577ef153e (git)
Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < 985ebec4ab0a28bb5910c3b1481a40fbf7f9e61d (git)

Linux

Affected: 2.6.30
Unaffected: 0 , < 2.6.30 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56619",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T15:41:59.486282Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T15:45:22.383Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:51:08.191Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/dir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "09d6d05579fd46e61abf6e457bb100ff11f3a9d3",
              "status": "affected",
              "version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
              "versionType": "git"
            },
            {
              "lessThan": "e3732102a9d638d8627d14fdf7b208462f0520e0",
              "status": "affected",
              "version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
              "versionType": "git"
            },
            {
              "lessThan": "48eb6e7404948032bbe811c5affbe39f6b316951",
              "status": "affected",
              "version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
              "versionType": "git"
            },
            {
              "lessThan": "5af8366625182f01f6d8465c9a3210574673af57",
              "status": "affected",
              "version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
              "versionType": "git"
            },
            {
              "lessThan": "c3afea07477baccdbdec4483f8d5e59d42a3f67f",
              "status": "affected",
              "version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
              "versionType": "git"
            },
            {
              "lessThan": "31f7b57a77d4c82a34ddcb6ff35b5aa577ef153e",
              "status": "affected",
              "version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
              "versionType": "git"
            },
            {
              "lessThan": "985ebec4ab0a28bb5910c3b1481a40fbf7f9e61d",
              "status": "affected",
              "version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/dir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.30"
            },
            {
              "lessThan": "2.6.30",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()\n\nSyzbot reported that when searching for records in a directory where the\ninode\u0027s i_size is corrupted and has a large value, memory access outside\nthe folio/page range may occur, or a use-after-free bug may be detected if\nKASAN is enabled.\n\nThis is because nilfs_last_byte(), which is called by nilfs_find_entry()\nand others to calculate the number of valid bytes of directory data in a\npage from i_size and the page index, loses the upper 32 bits of the 64-bit\nsize information due to an inappropriate type of local variable to which\nthe i_size value is assigned.\n\nThis caused a large byte offset value due to underflow in the end address\ncalculation in the calling nilfs_find_entry(), resulting in memory access\nthat exceeds the folio/page size.\n\nFix this issue by changing the type of the local variable causing the bit\nloss from \"unsigned int\" to \"u64\".  The return value of nilfs_last_byte()\nis also of type \"unsigned int\", but it is truncated so as not to exceed\nPAGE_SIZE and no bit loss occurs, so no change is required."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:00:06.030Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/09d6d05579fd46e61abf6e457bb100ff11f3a9d3"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3732102a9d638d8627d14fdf7b208462f0520e0"
        },
        {
          "url": "https://git.kernel.org/stable/c/48eb6e7404948032bbe811c5affbe39f6b316951"
        },
        {
          "url": "https://git.kernel.org/stable/c/5af8366625182f01f6d8465c9a3210574673af57"
        },
        {
          "url": "https://git.kernel.org/stable/c/c3afea07477baccdbdec4483f8d5e59d42a3f67f"
        },
        {
          "url": "https://git.kernel.org/stable/c/31f7b57a77d4c82a34ddcb6ff35b5aa577ef153e"
        },
        {
          "url": "https://git.kernel.org/stable/c/985ebec4ab0a28bb5910c3b1481a40fbf7f9e61d"
        }
      ],
      "title": "nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56619",
    "datePublished": "2024-12-27T14:51:23.516Z",
    "dateReserved": "2024-12-27T14:03:06.016Z",
    "dateUpdated": "2025-11-03T20:51:08.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-44938 (GCVE-0-2024-44938)

Vulnerability from cvelistv5 – Published: 2024-08-26 11:20 – Updated: 2025-11-03 22:13

Title

jfs: Fix shift-out-of-bounds in dbDiscardAG

Summary

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix shift-out-of-bounds in dbDiscardAG When searching for the next smaller log2 block, BLKSTOL2() returned 0, causing shift exponent -1 to be negative. This patch fixes the issue by exiting the loop directly when negative shift is found.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/bb7c605a754823b86…
	https://git.kernel.org/stable/c/4de2c04c3acd5b84f…
	https://git.kernel.org/stable/c/bd04a149e3a29e7f7…
	https://git.kernel.org/stable/c/f650148b43949ca9e…
	https://git.kernel.org/stable/c/234e6ea0855cdb567…
	https://git.kernel.org/stable/c/7063b80268e2593e5…

Impacted products

Vendor

Product

Version

Linux

Affected: b40c2e665cd552eae5fbdbb878bc29a34357668e , < bb7c605a754823b86dd74f6537ccb9d38a9dec5a (git)
Affected: b40c2e665cd552eae5fbdbb878bc29a34357668e , < 4de2c04c3acd5b84f50b0d2f8f09e9b2f42374b9 (git)
Affected: b40c2e665cd552eae5fbdbb878bc29a34357668e , < bd04a149e3a29e7f71b7956ed41dba34e42d539e (git)
Affected: b40c2e665cd552eae5fbdbb878bc29a34357668e , < f650148b43949ca9e37e820804bb6026fff404f3 (git)
Affected: b40c2e665cd552eae5fbdbb878bc29a34357668e , < 234e6ea0855cdb5673d54ecaf7dc5c78f3e84630 (git)
Affected: b40c2e665cd552eae5fbdbb878bc29a34357668e , < 7063b80268e2593e58bee8a8d709c2f3ff93e2f2 (git)

Linux

Affected: 3.7
Unaffected: 0 , < 3.7 (semver)
Unaffected: 5.10.237 , ≤ 5.10.* (semver)
Unaffected: 5.15.181 , ≤ 5.15.* (semver)
Unaffected: 6.1.107 , ≤ 6.1.* (semver)
Unaffected: 6.6.47 , ≤ 6.6.* (semver)
Unaffected: 6.10.6 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44938",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:27:38.649616Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:32:55.564Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:13:42.650Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/jfs_dmap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bb7c605a754823b86dd74f6537ccb9d38a9dec5a",
              "status": "affected",
              "version": "b40c2e665cd552eae5fbdbb878bc29a34357668e",
              "versionType": "git"
            },
            {
              "lessThan": "4de2c04c3acd5b84f50b0d2f8f09e9b2f42374b9",
              "status": "affected",
              "version": "b40c2e665cd552eae5fbdbb878bc29a34357668e",
              "versionType": "git"
            },
            {
              "lessThan": "bd04a149e3a29e7f71b7956ed41dba34e42d539e",
              "status": "affected",
              "version": "b40c2e665cd552eae5fbdbb878bc29a34357668e",
              "versionType": "git"
            },
            {
              "lessThan": "f650148b43949ca9e37e820804bb6026fff404f3",
              "status": "affected",
              "version": "b40c2e665cd552eae5fbdbb878bc29a34357668e",
              "versionType": "git"
            },
            {
              "lessThan": "234e6ea0855cdb5673d54ecaf7dc5c78f3e84630",
              "status": "affected",
              "version": "b40c2e665cd552eae5fbdbb878bc29a34357668e",
              "versionType": "git"
            },
            {
              "lessThan": "7063b80268e2593e58bee8a8d709c2f3ff93e2f2",
              "status": "affected",
              "version": "b40c2e665cd552eae5fbdbb878bc29a34357668e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/jfs_dmap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.7"
            },
            {
              "lessThan": "3.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.237",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.181",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.47",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.237",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.181",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.107",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.47",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.6",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix shift-out-of-bounds in dbDiscardAG\n\nWhen searching for the next smaller log2 block, BLKSTOL2() returned 0,\ncausing shift exponent -1 to be negative.\n\nThis patch fixes the issue by exiting the loop directly when negative\nshift is found."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:13:08.507Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bb7c605a754823b86dd74f6537ccb9d38a9dec5a"
        },
        {
          "url": "https://git.kernel.org/stable/c/4de2c04c3acd5b84f50b0d2f8f09e9b2f42374b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/bd04a149e3a29e7f71b7956ed41dba34e42d539e"
        },
        {
          "url": "https://git.kernel.org/stable/c/f650148b43949ca9e37e820804bb6026fff404f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/234e6ea0855cdb5673d54ecaf7dc5c78f3e84630"
        },
        {
          "url": "https://git.kernel.org/stable/c/7063b80268e2593e58bee8a8d709c2f3ff93e2f2"
        }
      ],
      "title": "jfs: Fix shift-out-of-bounds in dbDiscardAG",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44938",
    "datePublished": "2024-08-26T11:20:43.340Z",
    "dateReserved": "2024-08-21T05:34:56.664Z",
    "dateUpdated": "2025-11-03T22:13:42.650Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53206 (GCVE-0-2024-53206)

Vulnerability from cvelistv5 – Published: 2024-12-27 13:49 – Updated: 2025-11-03 20:47

Title

tcp: Fix use-after-free of nreq in reqsk_timer_handler().

Summary

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix use-after-free of nreq in reqsk_timer_handler(). The cited commit replaced inet_csk_reqsk_queue_drop_and_put() with __inet_csk_reqsk_queue_drop() and reqsk_put() in reqsk_timer_handler(). Then, oreq should be passed to reqsk_put() instead of req; otherwise use-after-free of nreq could happen when reqsk is migrated but the retry attempt failed (e.g. due to timeout). Let's pass oreq to reqsk_put().

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/2dcc86fefe09ac853…
	https://git.kernel.org/stable/c/9a3c1ad93e6fba67b…
	https://git.kernel.org/stable/c/65ed89cad1f57034c…
	https://git.kernel.org/stable/c/d0eb14cb8c08b00c3…
	https://git.kernel.org/stable/c/6d845028609a4af0a…
	https://git.kernel.org/stable/c/c31e72d021db2714d…

Impacted products

Vendor

Product

Version

Linux

Affected: 8459d61fbf24967839a70235165673148c7c7f17 , < 2dcc86fefe09ac853158afd96b60d544af115dc5 (git)
Affected: 5071beb59ee416e8ab456ac8647a4dabcda823b1 , < 9a3c1ad93e6fba67b3a637cfa95a57a6685e4908 (git)
Affected: 997ae8da14f1639ce6fb66a063dab54031cd61b3 , < 65ed89cad1f57034c256b016e89e8c0a4ec7c65b (git)
Affected: 51e34db64f4e43c7b055ccf881b7f3e0c31bb26d , < d0eb14cb8c08b00c36a3d5dc57a6f428b301f721 (git)
Affected: e8c526f2bdf1845bedaf6a478816a3d06fa78b8f , < 6d845028609a4af0ad66f499ee0bd5789122b067 (git)
Affected: e8c526f2bdf1845bedaf6a478816a3d06fa78b8f , < c31e72d021db2714df03df6c42855a1db592716c (git)
Affected: 106e457953315e476b3642ef24be25ed862aaba3 (git)
Affected: c964bf65f80a14288d767023a1b300b30f5b9cd0 (git)

Linux

Affected: 6.12
Unaffected: 0 , < 6.12 (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-53206",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T15:43:21.588054Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T15:45:26.365Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:47:34.185Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/inet_connection_sock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2dcc86fefe09ac853158afd96b60d544af115dc5",
              "status": "affected",
              "version": "8459d61fbf24967839a70235165673148c7c7f17",
              "versionType": "git"
            },
            {
              "lessThan": "9a3c1ad93e6fba67b3a637cfa95a57a6685e4908",
              "status": "affected",
              "version": "5071beb59ee416e8ab456ac8647a4dabcda823b1",
              "versionType": "git"
            },
            {
              "lessThan": "65ed89cad1f57034c256b016e89e8c0a4ec7c65b",
              "status": "affected",
              "version": "997ae8da14f1639ce6fb66a063dab54031cd61b3",
              "versionType": "git"
            },
            {
              "lessThan": "d0eb14cb8c08b00c36a3d5dc57a6f428b301f721",
              "status": "affected",
              "version": "51e34db64f4e43c7b055ccf881b7f3e0c31bb26d",
              "versionType": "git"
            },
            {
              "lessThan": "6d845028609a4af0ad66f499ee0bd5789122b067",
              "status": "affected",
              "version": "e8c526f2bdf1845bedaf6a478816a3d06fa78b8f",
              "versionType": "git"
            },
            {
              "lessThan": "c31e72d021db2714df03df6c42855a1db592716c",
              "status": "affected",
              "version": "e8c526f2bdf1845bedaf6a478816a3d06fa78b8f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "106e457953315e476b3642ef24be25ed862aaba3",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "c964bf65f80a14288d767023a1b300b30f5b9cd0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/inet_connection_sock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.12"
            },
            {
              "lessThan": "6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.15.170",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "6.1.115",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "6.6.59",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "6.11.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.4.293",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.10.237",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Fix use-after-free of nreq in reqsk_timer_handler().\n\nThe cited commit replaced inet_csk_reqsk_queue_drop_and_put() with\n__inet_csk_reqsk_queue_drop() and reqsk_put() in reqsk_timer_handler().\n\nThen, oreq should be passed to reqsk_put() instead of req; otherwise\nuse-after-free of nreq could happen when reqsk is migrated but the\nretry attempt failed (e.g. due to timeout).\n\nLet\u0027s pass oreq to reqsk_put()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T13:00:41.564Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2dcc86fefe09ac853158afd96b60d544af115dc5"
        },
        {
          "url": "https://git.kernel.org/stable/c/9a3c1ad93e6fba67b3a637cfa95a57a6685e4908"
        },
        {
          "url": "https://git.kernel.org/stable/c/65ed89cad1f57034c256b016e89e8c0a4ec7c65b"
        },
        {
          "url": "https://git.kernel.org/stable/c/d0eb14cb8c08b00c36a3d5dc57a6f428b301f721"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d845028609a4af0ad66f499ee0bd5789122b067"
        },
        {
          "url": "https://git.kernel.org/stable/c/c31e72d021db2714df03df6c42855a1db592716c"
        }
      ],
      "title": "tcp: Fix use-after-free of nreq in reqsk_timer_handler().",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53206",
    "datePublished": "2024-12-27T13:49:52.131Z",
    "dateReserved": "2024-11-19T17:17:25.019Z",
    "dateUpdated": "2025-11-03T20:47:34.185Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56708 (GCVE-0-2024-56708)

Vulnerability from cvelistv5 – Published: 2024-12-28 09:46 – Updated: 2025-11-03 20:53

Title

EDAC/igen6: Avoid segmentation fault on module unload

Summary

In the Linux kernel, the following vulnerability has been resolved: EDAC/igen6: Avoid segmentation fault on module unload The segmentation fault happens because: During modprobe: 1. In igen6_probe(), igen6_pvt will be allocated with kzalloc() 2. In igen6_register_mci(), mci->pvt_info will point to &igen6_pvt->imc[mc] During rmmod: 1. In mci_release() in edac_mc.c, it will kfree(mci->pvt_info) 2. In igen6_remove(), it will kfree(igen6_pvt); Fix this issue by setting mci->pvt_info to NULL to avoid the double kfree.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-415 - Double Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/029ac07bb92d2f750…
	https://git.kernel.org/stable/c/2a80e710bbc088a25…
	https://git.kernel.org/stable/c/830cabb61113d92a4…
	https://git.kernel.org/stable/c/e5c7052664b61f9e2…
	https://git.kernel.org/stable/c/db60326f2c47b079e…
	https://git.kernel.org/stable/c/fefaae90398d38a11…

Impacted products

Vendor

Product

Version

Linux

Affected: 10590a9d4f23e0a519730d79d39331df60ad2079 , < 029ac07bb92d2f7502d47a4916f197a8445d83bf (git)
Affected: 10590a9d4f23e0a519730d79d39331df60ad2079 , < 2a80e710bbc088a2511c159ee4d910456c5f0832 (git)
Affected: 10590a9d4f23e0a519730d79d39331df60ad2079 , < 830cabb61113d92a425dd3038ccedbdfb3c8d079 (git)
Affected: 10590a9d4f23e0a519730d79d39331df60ad2079 , < e5c7052664b61f9e2f896702d20552707d0ef60a (git)
Affected: 10590a9d4f23e0a519730d79d39331df60ad2079 , < db60326f2c47b079e36785ace621eb3002db2088 (git)
Affected: 10590a9d4f23e0a519730d79d39331df60ad2079 , < fefaae90398d38a1100ccd73b46ab55ff4610fba (git)

Linux

Affected: 5.11
Unaffected: 0 , < 5.11 (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56708",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:58:44.624079Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-415",
                "description": "CWE-415 Double Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:07.160Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:53:00.785Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/edac/igen6_edac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "029ac07bb92d2f7502d47a4916f197a8445d83bf",
              "status": "affected",
              "version": "10590a9d4f23e0a519730d79d39331df60ad2079",
              "versionType": "git"
            },
            {
              "lessThan": "2a80e710bbc088a2511c159ee4d910456c5f0832",
              "status": "affected",
              "version": "10590a9d4f23e0a519730d79d39331df60ad2079",
              "versionType": "git"
            },
            {
              "lessThan": "830cabb61113d92a425dd3038ccedbdfb3c8d079",
              "status": "affected",
              "version": "10590a9d4f23e0a519730d79d39331df60ad2079",
              "versionType": "git"
            },
            {
              "lessThan": "e5c7052664b61f9e2f896702d20552707d0ef60a",
              "status": "affected",
              "version": "10590a9d4f23e0a519730d79d39331df60ad2079",
              "versionType": "git"
            },
            {
              "lessThan": "db60326f2c47b079e36785ace621eb3002db2088",
              "status": "affected",
              "version": "10590a9d4f23e0a519730d79d39331df60ad2079",
              "versionType": "git"
            },
            {
              "lessThan": "fefaae90398d38a1100ccd73b46ab55ff4610fba",
              "status": "affected",
              "version": "10590a9d4f23e0a519730d79d39331df60ad2079",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/edac/igen6_edac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.11"
            },
            {
              "lessThan": "5.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nEDAC/igen6: Avoid segmentation fault on module unload\n\nThe segmentation fault happens because:\n\nDuring modprobe:\n1. In igen6_probe(), igen6_pvt will be allocated with kzalloc()\n2. In igen6_register_mci(), mci-\u003epvt_info will point to\n   \u0026igen6_pvt-\u003eimc[mc]\n\nDuring rmmod:\n1. In mci_release() in edac_mc.c, it will kfree(mci-\u003epvt_info)\n2. In igen6_remove(), it will kfree(igen6_pvt);\n\nFix this issue by setting mci-\u003epvt_info to NULL to avoid the double\nkfree."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:02:59.570Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/029ac07bb92d2f7502d47a4916f197a8445d83bf"
        },
        {
          "url": "https://git.kernel.org/stable/c/2a80e710bbc088a2511c159ee4d910456c5f0832"
        },
        {
          "url": "https://git.kernel.org/stable/c/830cabb61113d92a425dd3038ccedbdfb3c8d079"
        },
        {
          "url": "https://git.kernel.org/stable/c/e5c7052664b61f9e2f896702d20552707d0ef60a"
        },
        {
          "url": "https://git.kernel.org/stable/c/db60326f2c47b079e36785ace621eb3002db2088"
        },
        {
          "url": "https://git.kernel.org/stable/c/fefaae90398d38a1100ccd73b46ab55ff4610fba"
        }
      ],
      "title": "EDAC/igen6: Avoid segmentation fault on module unload",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56708",
    "datePublished": "2024-12-28T09:46:28.885Z",
    "dateReserved": "2024-12-27T15:00:39.857Z",
    "dateUpdated": "2025-11-03T20:53:00.785Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56572 (GCVE-0-2024-56572)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:23 – Updated: 2025-11-03 20:49

Title

media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal()

Summary

In the Linux kernel, the following vulnerability has been resolved: media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() The buffer in the loop should be released under the exception path, otherwise there may be a memory leak here. To mitigate this, free the buffer when allegro_alloc_buffer fails.

Severity ?

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-401 - Missing Release of Memory after Effective Lifetime

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/cf642904be39ae0d4…
	https://git.kernel.org/stable/c/74a65313578b35e12…
	https://git.kernel.org/stable/c/64f72a738864b506a…
	https://git.kernel.org/stable/c/17e5613666209be4e…
	https://git.kernel.org/stable/c/6712a28a4f923ffdf…
	https://git.kernel.org/stable/c/891b5790bee8fc6dd…
	https://git.kernel.org/stable/c/0f514068fbc5d4d18…

Impacted products

Vendor

Product

Version

Linux

Affected: f20387dfd065693ba7ea2788a2f893bf653c9cb8 , < cf642904be39ae0d441dbdfa8f485e0a46260be4 (git)
Affected: f20387dfd065693ba7ea2788a2f893bf653c9cb8 , < 74a65313578b35e1239966adfa7ac2bdd60caf00 (git)
Affected: f20387dfd065693ba7ea2788a2f893bf653c9cb8 , < 64f72a738864b506ab50b4a6cb3ce3c3e04b71af (git)
Affected: f20387dfd065693ba7ea2788a2f893bf653c9cb8 , < 17e5613666209be4e5be1f1894f1a6014a8a0658 (git)
Affected: f20387dfd065693ba7ea2788a2f893bf653c9cb8 , < 6712a28a4f923ffdf51cff267ad05a634ee1babc (git)
Affected: f20387dfd065693ba7ea2788a2f893bf653c9cb8 , < 891b5790bee8fc6ddba17874dd87a646128d0b99 (git)
Affected: f20387dfd065693ba7ea2788a2f893bf653c9cb8 , < 0f514068fbc5d4d189c817adc7c4e32cffdc2e47 (git)

Linux

Affected: 5.3
Unaffected: 0 , < 5.3 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.12.4 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "LOW",
              "baseScore": 3.3,
              "baseSeverity": "LOW",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56572",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-17T20:10:43.633548Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-401",
                "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-17T20:15:53.019Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:49:45.324Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/platform/allegro-dvt/allegro-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cf642904be39ae0d441dbdfa8f485e0a46260be4",
              "status": "affected",
              "version": "f20387dfd065693ba7ea2788a2f893bf653c9cb8",
              "versionType": "git"
            },
            {
              "lessThan": "74a65313578b35e1239966adfa7ac2bdd60caf00",
              "status": "affected",
              "version": "f20387dfd065693ba7ea2788a2f893bf653c9cb8",
              "versionType": "git"
            },
            {
              "lessThan": "64f72a738864b506ab50b4a6cb3ce3c3e04b71af",
              "status": "affected",
              "version": "f20387dfd065693ba7ea2788a2f893bf653c9cb8",
              "versionType": "git"
            },
            {
              "lessThan": "17e5613666209be4e5be1f1894f1a6014a8a0658",
              "status": "affected",
              "version": "f20387dfd065693ba7ea2788a2f893bf653c9cb8",
              "versionType": "git"
            },
            {
              "lessThan": "6712a28a4f923ffdf51cff267ad05a634ee1babc",
              "status": "affected",
              "version": "f20387dfd065693ba7ea2788a2f893bf653c9cb8",
              "versionType": "git"
            },
            {
              "lessThan": "891b5790bee8fc6ddba17874dd87a646128d0b99",
              "status": "affected",
              "version": "f20387dfd065693ba7ea2788a2f893bf653c9cb8",
              "versionType": "git"
            },
            {
              "lessThan": "0f514068fbc5d4d189c817adc7c4e32cffdc2e47",
              "status": "affected",
              "version": "f20387dfd065693ba7ea2788a2f893bf653c9cb8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/platform/allegro-dvt/allegro-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThan": "5.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.4",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal()\n\nThe buffer in the loop should be released under the exception path,\notherwise there may be a memory leak here.\n\nTo mitigate this, free the buffer when allegro_alloc_buffer fails."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:58:38.800Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cf642904be39ae0d441dbdfa8f485e0a46260be4"
        },
        {
          "url": "https://git.kernel.org/stable/c/74a65313578b35e1239966adfa7ac2bdd60caf00"
        },
        {
          "url": "https://git.kernel.org/stable/c/64f72a738864b506ab50b4a6cb3ce3c3e04b71af"
        },
        {
          "url": "https://git.kernel.org/stable/c/17e5613666209be4e5be1f1894f1a6014a8a0658"
        },
        {
          "url": "https://git.kernel.org/stable/c/6712a28a4f923ffdf51cff267ad05a634ee1babc"
        },
        {
          "url": "https://git.kernel.org/stable/c/891b5790bee8fc6ddba17874dd87a646128d0b99"
        },
        {
          "url": "https://git.kernel.org/stable/c/0f514068fbc5d4d189c817adc7c4e32cffdc2e47"
        }
      ],
      "title": "media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56572",
    "datePublished": "2024-12-27T14:23:15.298Z",
    "dateReserved": "2024-12-27T14:03:05.998Z",
    "dateUpdated": "2025-11-03T20:49:45.324Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56720 (GCVE-0-2024-56720)

Vulnerability from cvelistv5 – Published: 2024-12-29 11:29 – Updated: 2025-11-03 20:53

Title

bpf, sockmap: Several fixes to bpf_msg_pop_data

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Several fixes to bpf_msg_pop_data Several fixes to bpf_msg_pop_data, 1. In sk_msg_shift_left, we should put_page 2. if (len == 0), return early is better 3. pop the entire sk_msg (last == msg->sg.size) should be supported 4. Fix for the value of variable "a" 5. In sk_msg_shift_left, after shifting, i has already pointed to the next element. Addtional sk_msg_iter_var_next may result in BUG.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-401 - Missing Release of Memory after Effective Lifetime

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d3f5763b3062514a2…
	https://git.kernel.org/stable/c/d26d977633d1d0b8b…
	https://git.kernel.org/stable/c/e1f54c61c4c9a5244…
	https://git.kernel.org/stable/c/f58d3aa457e77a3d9…
	https://git.kernel.org/stable/c/98c7ea7d11f2588e8…
	https://git.kernel.org/stable/c/785180bed9879680d…
	https://git.kernel.org/stable/c/275a9f3ef8fabb0cb…
	https://git.kernel.org/stable/c/5d609ba262475db45…

Impacted products

Vendor

Product

Version

Linux

Affected: 7246d8ed4dcce23f7509949a77be15fa9f0e3d28 , < d3f5763b3062514a234114e97bbde74d8d702449 (git)
Affected: 7246d8ed4dcce23f7509949a77be15fa9f0e3d28 , < d26d977633d1d0b8bf9407278189bd0a8d973323 (git)
Affected: 7246d8ed4dcce23f7509949a77be15fa9f0e3d28 , < e1f54c61c4c9a5244eb8159dce60d248f7d97b32 (git)
Affected: 7246d8ed4dcce23f7509949a77be15fa9f0e3d28 , < f58d3aa457e77a3d9b3df2ab081dcf9950f6029f (git)
Affected: 7246d8ed4dcce23f7509949a77be15fa9f0e3d28 , < 98c7ea7d11f2588e8197db042e0291e4ac8f8346 (git)
Affected: 7246d8ed4dcce23f7509949a77be15fa9f0e3d28 , < 785180bed9879680d8e5c5e1b54c8ae8d948f4c8 (git)
Affected: 7246d8ed4dcce23f7509949a77be15fa9f0e3d28 , < 275a9f3ef8fabb0cb282a62b9e164dedba7284c5 (git)
Affected: 7246d8ed4dcce23f7509949a77be15fa9f0e3d28 , < 5d609ba262475db450ba69b8e8a557bd768ac07a (git)

Linux

Affected: 5.0
Unaffected: 0 , < 5.0 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56720",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:58:21.307610Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-401",
                "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:06.140Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:53:12.383Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/filter.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d3f5763b3062514a234114e97bbde74d8d702449",
              "status": "affected",
              "version": "7246d8ed4dcce23f7509949a77be15fa9f0e3d28",
              "versionType": "git"
            },
            {
              "lessThan": "d26d977633d1d0b8bf9407278189bd0a8d973323",
              "status": "affected",
              "version": "7246d8ed4dcce23f7509949a77be15fa9f0e3d28",
              "versionType": "git"
            },
            {
              "lessThan": "e1f54c61c4c9a5244eb8159dce60d248f7d97b32",
              "status": "affected",
              "version": "7246d8ed4dcce23f7509949a77be15fa9f0e3d28",
              "versionType": "git"
            },
            {
              "lessThan": "f58d3aa457e77a3d9b3df2ab081dcf9950f6029f",
              "status": "affected",
              "version": "7246d8ed4dcce23f7509949a77be15fa9f0e3d28",
              "versionType": "git"
            },
            {
              "lessThan": "98c7ea7d11f2588e8197db042e0291e4ac8f8346",
              "status": "affected",
              "version": "7246d8ed4dcce23f7509949a77be15fa9f0e3d28",
              "versionType": "git"
            },
            {
              "lessThan": "785180bed9879680d8e5c5e1b54c8ae8d948f4c8",
              "status": "affected",
              "version": "7246d8ed4dcce23f7509949a77be15fa9f0e3d28",
              "versionType": "git"
            },
            {
              "lessThan": "275a9f3ef8fabb0cb282a62b9e164dedba7284c5",
              "status": "affected",
              "version": "7246d8ed4dcce23f7509949a77be15fa9f0e3d28",
              "versionType": "git"
            },
            {
              "lessThan": "5d609ba262475db450ba69b8e8a557bd768ac07a",
              "status": "affected",
              "version": "7246d8ed4dcce23f7509949a77be15fa9f0e3d28",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/filter.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Several fixes to bpf_msg_pop_data\n\nSeveral fixes to bpf_msg_pop_data,\n1. In sk_msg_shift_left, we should put_page\n2. if (len == 0), return early is better\n3. pop the entire sk_msg (last == msg-\u003esg.size) should be supported\n4. Fix for the value of variable \"a\"\n5. In sk_msg_shift_left, after shifting, i has already pointed to the next\nelement. Addtional sk_msg_iter_var_next may result in BUG."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:03:18.659Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d3f5763b3062514a234114e97bbde74d8d702449"
        },
        {
          "url": "https://git.kernel.org/stable/c/d26d977633d1d0b8bf9407278189bd0a8d973323"
        },
        {
          "url": "https://git.kernel.org/stable/c/e1f54c61c4c9a5244eb8159dce60d248f7d97b32"
        },
        {
          "url": "https://git.kernel.org/stable/c/f58d3aa457e77a3d9b3df2ab081dcf9950f6029f"
        },
        {
          "url": "https://git.kernel.org/stable/c/98c7ea7d11f2588e8197db042e0291e4ac8f8346"
        },
        {
          "url": "https://git.kernel.org/stable/c/785180bed9879680d8e5c5e1b54c8ae8d948f4c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/275a9f3ef8fabb0cb282a62b9e164dedba7284c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/5d609ba262475db450ba69b8e8a557bd768ac07a"
        }
      ],
      "title": "bpf, sockmap: Several fixes to bpf_msg_pop_data",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56720",
    "datePublished": "2024-12-29T11:29:58.345Z",
    "dateReserved": "2024-12-27T15:00:39.858Z",
    "dateUpdated": "2025-11-03T20:53:12.383Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-57850 (GCVE-0-2024-57850)

Vulnerability from cvelistv5 – Published: 2025-01-11 14:30 – Updated: 2026-01-05 10:56

Title

jffs2: Prevent rtime decompress memory corruption

Summary

In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompression routine does not fully check bounds during the entirety of the decompression pass and can corrupt memory outside the decompression buffer if the compressed data is corrupted. This adds the required check to prevent this failure mode.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/421f9e9f0fae9f8e7…
	https://git.kernel.org/stable/c/f6fc251baefc3cdc4…
	https://git.kernel.org/stable/c/bd384b04ad1995441…
	https://git.kernel.org/stable/c/47c9a7f81027a78af…
	https://git.kernel.org/stable/c/6808a1812a3419542…
	https://git.kernel.org/stable/c/dc39b08fcc3831b0b…
	https://git.kernel.org/stable/c/fe051552f5078fa02…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 421f9e9f0fae9f8e721ffa07f22d9765fa1214d5 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f6fc251baefc3cdc4f41f2f5a47940d7d4a67332 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < bd384b04ad1995441b18fe6c1366d02de8c5d5eb (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 47c9a7f81027a78afea9d2e9a54bfd8fabb6b3d0 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6808a1812a3419542223e7fe9e2de577e99e45d1 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < dc39b08fcc3831b0bc46add91ba93cd2aab50716 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < fe051552f5078fa02d593847529a3884305a6ffe (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-57850",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:55:07.022507Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:20.221Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:54:45.640Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/jffs2/compr_rtime.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "421f9e9f0fae9f8e721ffa07f22d9765fa1214d5",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f6fc251baefc3cdc4f41f2f5a47940d7d4a67332",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "bd384b04ad1995441b18fe6c1366d02de8c5d5eb",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "47c9a7f81027a78afea9d2e9a54bfd8fabb6b3d0",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6808a1812a3419542223e7fe9e2de577e99e45d1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "dc39b08fcc3831b0bc46add91ba93cd2aab50716",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fe051552f5078fa02d593847529a3884305a6ffe",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/jffs2/compr_rtime.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: Prevent rtime decompress memory corruption\n\nThe rtime decompression routine does not fully check bounds during the\nentirety of the decompression pass and can corrupt memory outside the\ndecompression buffer if the compressed data is corrupted. This adds the\nrequired check to prevent this failure mode."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:56:31.370Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/421f9e9f0fae9f8e721ffa07f22d9765fa1214d5"
        },
        {
          "url": "https://git.kernel.org/stable/c/f6fc251baefc3cdc4f41f2f5a47940d7d4a67332"
        },
        {
          "url": "https://git.kernel.org/stable/c/bd384b04ad1995441b18fe6c1366d02de8c5d5eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/47c9a7f81027a78afea9d2e9a54bfd8fabb6b3d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/6808a1812a3419542223e7fe9e2de577e99e45d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc39b08fcc3831b0bc46add91ba93cd2aab50716"
        },
        {
          "url": "https://git.kernel.org/stable/c/fe051552f5078fa02d593847529a3884305a6ffe"
        }
      ],
      "title": "jffs2: Prevent rtime decompress memory corruption",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57850",
    "datePublished": "2025-01-11T14:30:59.271Z",
    "dateReserved": "2025-01-11T12:32:49.525Z",
    "dateUpdated": "2026-01-05T10:56:31.370Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56776 (GCVE-0-2024-56776)

Vulnerability from cvelistv5 – Published: 2025-01-08 17:49 – Updated: 2025-11-03 20:54

Title

drm/sti: avoid potential dereference of error pointers

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e98ff67f5a6811480…
	https://git.kernel.org/stable/c/40725c5fabee804fe…
	https://git.kernel.org/stable/c/8ab73ac97c0fa528f…
	https://git.kernel.org/stable/c/f67786293193cf01e…
	https://git.kernel.org/stable/c/831214f77037de02a…

Impacted products

Vendor

Product

Version

Linux

Affected: dd86dc2f9ae1102f46115be1f1422265c15540f1 , < e98ff67f5a68114804607de549c2350d27628fc7 (git)
Affected: dd86dc2f9ae1102f46115be1f1422265c15540f1 , < 40725c5fabee804fecce41d4d5c5bae80c45e1c4 (git)
Affected: dd86dc2f9ae1102f46115be1f1422265c15540f1 , < 8ab73ac97c0fa528f66eeccd9bb53eb6eb7d20dc (git)
Affected: dd86dc2f9ae1102f46115be1f1422265c15540f1 , < f67786293193cf01ebcc6fdbcbd1587b24f52679 (git)
Affected: dd86dc2f9ae1102f46115be1f1422265c15540f1 , < 831214f77037de02afc287eae93ce97f218d8c04 (git)

Linux

Affected: 4.6
Unaffected: 0 , < 4.6 (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.12.4 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56776",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:56:38.325414Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:24.587Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:54:11.160Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/sti/sti_cursor.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e98ff67f5a68114804607de549c2350d27628fc7",
              "status": "affected",
              "version": "dd86dc2f9ae1102f46115be1f1422265c15540f1",
              "versionType": "git"
            },
            {
              "lessThan": "40725c5fabee804fecce41d4d5c5bae80c45e1c4",
              "status": "affected",
              "version": "dd86dc2f9ae1102f46115be1f1422265c15540f1",
              "versionType": "git"
            },
            {
              "lessThan": "8ab73ac97c0fa528f66eeccd9bb53eb6eb7d20dc",
              "status": "affected",
              "version": "dd86dc2f9ae1102f46115be1f1422265c15540f1",
              "versionType": "git"
            },
            {
              "lessThan": "f67786293193cf01ebcc6fdbcbd1587b24f52679",
              "status": "affected",
              "version": "dd86dc2f9ae1102f46115be1f1422265c15540f1",
              "versionType": "git"
            },
            {
              "lessThan": "831214f77037de02afc287eae93ce97f218d8c04",
              "status": "affected",
              "version": "dd86dc2f9ae1102f46115be1f1422265c15540f1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/sti/sti_cursor.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.6"
            },
            {
              "lessThan": "4.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.4",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sti: avoid potential dereference of error pointers\n\nThe return value of drm_atomic_get_crtc_state() needs to be\nchecked. To avoid use of error pointer \u0027crtc_state\u0027 in case\nof the failure."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:04:28.672Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e98ff67f5a68114804607de549c2350d27628fc7"
        },
        {
          "url": "https://git.kernel.org/stable/c/40725c5fabee804fecce41d4d5c5bae80c45e1c4"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ab73ac97c0fa528f66eeccd9bb53eb6eb7d20dc"
        },
        {
          "url": "https://git.kernel.org/stable/c/f67786293193cf01ebcc6fdbcbd1587b24f52679"
        },
        {
          "url": "https://git.kernel.org/stable/c/831214f77037de02afc287eae93ce97f218d8c04"
        }
      ],
      "title": "drm/sti: avoid potential dereference of error pointers",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56776",
    "datePublished": "2025-01-08T17:49:14.622Z",
    "dateReserved": "2024-12-29T11:26:39.766Z",
    "dateUpdated": "2025-11-03T20:54:11.160Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47483 (GCVE-0-2021-47483)

Vulnerability from cvelistv5 – Published: 2024-05-22 08:19 – Updated: 2025-05-04 07:12

Title

regmap: Fix possible double-free in regcache_rbtree_exit()

Summary

In the Linux kernel, the following vulnerability has been resolved: regmap: Fix possible double-free in regcache_rbtree_exit() In regcache_rbtree_insert_to_block(), when 'present' realloc failed, the 'blk' which is supposed to assign to 'rbnode->block' will be freed, so 'rbnode->block' points a freed memory, in the error handling path of regcache_rbtree_init(), 'rbnode->block' will be freed again in regcache_rbtree_exit(), KASAN will report double-free as follows: BUG: KASAN: double-free or invalid-free in kfree+0xce/0x390 Call Trace: slab_free_freelist_hook+0x10d/0x240 kfree+0xce/0x390 regcache_rbtree_exit+0x15d/0x1a0 regcache_rbtree_init+0x224/0x2c0 regcache_init+0x88d/0x1310 __regmap_init+0x3151/0x4a80 __devm_regmap_init+0x7d/0x100 madera_spi_probe+0x10f/0x333 [madera_spi] spi_probe+0x183/0x210 really_probe+0x285/0xc30 To fix this, moving up the assignment of rbnode->block to immediately after the reallocation has succeeded so that the data structure stays valid even if the second reallocation fails.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e72dce9afbdbfa70d…
	https://git.kernel.org/stable/c/fc081477b47dfc3a6…
	https://git.kernel.org/stable/c/758ced2c3878ff789…
	https://git.kernel.org/stable/c/3dae1a4eced3ee733…
	https://git.kernel.org/stable/c/1cead23c1c0bc766d…
	https://git.kernel.org/stable/c/36e911a16b377bde0…
	https://git.kernel.org/stable/c/50cc1462a668dc629…
	https://git.kernel.org/stable/c/55e6d8037805b3400…

Impacted products

Vendor

Product

Version

Linux

Affected: 3f4ff561bc88b074d5e868dde4012d89cbb06c87 , < e72dce9afbdbfa70d9b44f5908a50ff6c4858999 (git)
Affected: 3f4ff561bc88b074d5e868dde4012d89cbb06c87 , < fc081477b47dfc3a6cb50a96087fc29674013fc2 (git)
Affected: 3f4ff561bc88b074d5e868dde4012d89cbb06c87 , < 758ced2c3878ff789801e6fee808e185c5cf08d6 (git)
Affected: 3f4ff561bc88b074d5e868dde4012d89cbb06c87 , < 3dae1a4eced3ee733d7222e69b8a55caf2d61091 (git)
Affected: 3f4ff561bc88b074d5e868dde4012d89cbb06c87 , < 1cead23c1c0bc766dacb900a3b0269f651ad596f (git)
Affected: 3f4ff561bc88b074d5e868dde4012d89cbb06c87 , < 36e911a16b377bde0ad91a8c679069d0d310b1a6 (git)
Affected: 3f4ff561bc88b074d5e868dde4012d89cbb06c87 , < 50cc1462a668dc62949a1127388bc3af785ce047 (git)
Affected: 3f4ff561bc88b074d5e868dde4012d89cbb06c87 , < 55e6d8037805b3400096d621091dfbf713f97e83 (git)

Linux

Affected: 3.12
Unaffected: 0 , < 3.12 (semver)
Unaffected: 4.4.291 , ≤ 4.4.* (semver)
Unaffected: 4.9.289 , ≤ 4.9.* (semver)
Unaffected: 4.14.254 , ≤ 4.14.* (semver)
Unaffected: 4.19.215 , ≤ 4.19.* (semver)
Unaffected: 5.4.157 , ≤ 5.4.* (semver)
Unaffected: 5.10.77 , ≤ 5.10.* (semver)
Unaffected: 5.14.16 , ≤ 5.14.* (semver)
Unaffected: 5.15 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:39:59.752Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e72dce9afbdbfa70d9b44f5908a50ff6c4858999"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fc081477b47dfc3a6cb50a96087fc29674013fc2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/758ced2c3878ff789801e6fee808e185c5cf08d6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3dae1a4eced3ee733d7222e69b8a55caf2d61091"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1cead23c1c0bc766dacb900a3b0269f651ad596f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/36e911a16b377bde0ad91a8c679069d0d310b1a6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/50cc1462a668dc62949a1127388bc3af785ce047"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/55e6d8037805b3400096d621091dfbf713f97e83"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47483",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:35:58.617398Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:53.194Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/base/regmap/regcache-rbtree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e72dce9afbdbfa70d9b44f5908a50ff6c4858999",
              "status": "affected",
              "version": "3f4ff561bc88b074d5e868dde4012d89cbb06c87",
              "versionType": "git"
            },
            {
              "lessThan": "fc081477b47dfc3a6cb50a96087fc29674013fc2",
              "status": "affected",
              "version": "3f4ff561bc88b074d5e868dde4012d89cbb06c87",
              "versionType": "git"
            },
            {
              "lessThan": "758ced2c3878ff789801e6fee808e185c5cf08d6",
              "status": "affected",
              "version": "3f4ff561bc88b074d5e868dde4012d89cbb06c87",
              "versionType": "git"
            },
            {
              "lessThan": "3dae1a4eced3ee733d7222e69b8a55caf2d61091",
              "status": "affected",
              "version": "3f4ff561bc88b074d5e868dde4012d89cbb06c87",
              "versionType": "git"
            },
            {
              "lessThan": "1cead23c1c0bc766dacb900a3b0269f651ad596f",
              "status": "affected",
              "version": "3f4ff561bc88b074d5e868dde4012d89cbb06c87",
              "versionType": "git"
            },
            {
              "lessThan": "36e911a16b377bde0ad91a8c679069d0d310b1a6",
              "status": "affected",
              "version": "3f4ff561bc88b074d5e868dde4012d89cbb06c87",
              "versionType": "git"
            },
            {
              "lessThan": "50cc1462a668dc62949a1127388bc3af785ce047",
              "status": "affected",
              "version": "3f4ff561bc88b074d5e868dde4012d89cbb06c87",
              "versionType": "git"
            },
            {
              "lessThan": "55e6d8037805b3400096d621091dfbf713f97e83",
              "status": "affected",
              "version": "3f4ff561bc88b074d5e868dde4012d89cbb06c87",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/base/regmap/regcache-rbtree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.12"
            },
            {
              "lessThan": "3.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.*",
              "status": "unaffected",
              "version": "4.4.291",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.289",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.254",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.14.*",
              "status": "unaffected",
              "version": "5.14.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.4.291",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.289",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.254",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.215",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.157",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.77",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.14.16",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: Fix possible double-free in regcache_rbtree_exit()\n\nIn regcache_rbtree_insert_to_block(), when \u0027present\u0027 realloc failed,\nthe \u0027blk\u0027 which is supposed to assign to \u0027rbnode-\u003eblock\u0027 will be freed,\nso \u0027rbnode-\u003eblock\u0027 points a freed memory, in the error handling path of\nregcache_rbtree_init(), \u0027rbnode-\u003eblock\u0027 will be freed again in\nregcache_rbtree_exit(), KASAN will report double-free as follows:\n\nBUG: KASAN: double-free or invalid-free in kfree+0xce/0x390\nCall Trace:\n slab_free_freelist_hook+0x10d/0x240\n kfree+0xce/0x390\n regcache_rbtree_exit+0x15d/0x1a0\n regcache_rbtree_init+0x224/0x2c0\n regcache_init+0x88d/0x1310\n __regmap_init+0x3151/0x4a80\n __devm_regmap_init+0x7d/0x100\n madera_spi_probe+0x10f/0x333 [madera_spi]\n spi_probe+0x183/0x210\n really_probe+0x285/0xc30\n\nTo fix this, moving up the assignment of rbnode-\u003eblock to immediately after\nthe reallocation has succeeded so that the data structure stays valid even\nif the second reallocation fails."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:12:04.209Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e72dce9afbdbfa70d9b44f5908a50ff6c4858999"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc081477b47dfc3a6cb50a96087fc29674013fc2"
        },
        {
          "url": "https://git.kernel.org/stable/c/758ced2c3878ff789801e6fee808e185c5cf08d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/3dae1a4eced3ee733d7222e69b8a55caf2d61091"
        },
        {
          "url": "https://git.kernel.org/stable/c/1cead23c1c0bc766dacb900a3b0269f651ad596f"
        },
        {
          "url": "https://git.kernel.org/stable/c/36e911a16b377bde0ad91a8c679069d0d310b1a6"
        },
        {
          "url": "https://git.kernel.org/stable/c/50cc1462a668dc62949a1127388bc3af785ce047"
        },
        {
          "url": "https://git.kernel.org/stable/c/55e6d8037805b3400096d621091dfbf713f97e83"
        }
      ],
      "title": "regmap: Fix possible double-free in regcache_rbtree_exit()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47483",
    "datePublished": "2024-05-22T08:19:34.852Z",
    "dateReserved": "2024-05-22T06:20:56.200Z",
    "dateUpdated": "2025-05-04T07:12:04.209Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-49925 (GCVE-0-2024-49925)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2025-11-03 20:42

Title

fbdev: efifb: Register sysfs groups through driver core

Summary

In the Linux kernel, the following vulnerability has been resolved: fbdev: efifb: Register sysfs groups through driver core The driver core can register and cleanup sysfs groups already. Make use of that functionality to simplify the error handling and cleanup. Also avoid a UAF race during unregistering where the sysctl attributes were usable after the info struct was freed.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/2a9c40c72097b583b…
	https://git.kernel.org/stable/c/36bfefb6baaa8e46d…
	https://git.kernel.org/stable/c/872cd2d029d2c970a…
	https://git.kernel.org/stable/c/4684d69b9670a8399…
	https://git.kernel.org/stable/c/95cdd538e0e5677ef…

Impacted products

Vendor

Product

Version

Linux

Affected: 753375a881caa01112b7cec2c796749154e0bb23 , < 2a9c40c72097b583b23aeb2a26d429ccfc81fbc1 (git)
Affected: 753375a881caa01112b7cec2c796749154e0bb23 , < 36bfefb6baaa8e46de44f4fd919ce4347337620f (git)
Affected: 753375a881caa01112b7cec2c796749154e0bb23 , < 872cd2d029d2c970a8a1eea88b48dab2b3f2e93a (git)
Affected: 753375a881caa01112b7cec2c796749154e0bb23 , < 4684d69b9670a83992189f6271dc0fcdec4ed0d7 (git)
Affected: 753375a881caa01112b7cec2c796749154e0bb23 , < 95cdd538e0e5677efbdf8aade04ec098ab98f457 (git)

Linux

Affected: 4.10
Unaffected: 0 , < 4.10 (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.55 , ≤ 6.6.* (semver)
Unaffected: 6.10.14 , ≤ 6.10.* (semver)
Unaffected: 6.11.3 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49925",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:39:49.983687Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:48:44.061Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:42:00.980Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/efifb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2a9c40c72097b583b23aeb2a26d429ccfc81fbc1",
              "status": "affected",
              "version": "753375a881caa01112b7cec2c796749154e0bb23",
              "versionType": "git"
            },
            {
              "lessThan": "36bfefb6baaa8e46de44f4fd919ce4347337620f",
              "status": "affected",
              "version": "753375a881caa01112b7cec2c796749154e0bb23",
              "versionType": "git"
            },
            {
              "lessThan": "872cd2d029d2c970a8a1eea88b48dab2b3f2e93a",
              "status": "affected",
              "version": "753375a881caa01112b7cec2c796749154e0bb23",
              "versionType": "git"
            },
            {
              "lessThan": "4684d69b9670a83992189f6271dc0fcdec4ed0d7",
              "status": "affected",
              "version": "753375a881caa01112b7cec2c796749154e0bb23",
              "versionType": "git"
            },
            {
              "lessThan": "95cdd538e0e5677efbdf8aade04ec098ab98f457",
              "status": "affected",
              "version": "753375a881caa01112b7cec2c796749154e0bb23",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/efifb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: efifb: Register sysfs groups through driver core\n\nThe driver core can register and cleanup sysfs groups already.\nMake use of that functionality to simplify the error handling and\ncleanup.\n\nAlso avoid a UAF race during unregistering where the sysctl attributes\nwere usable after the info struct was freed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:13:22.064Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2a9c40c72097b583b23aeb2a26d429ccfc81fbc1"
        },
        {
          "url": "https://git.kernel.org/stable/c/36bfefb6baaa8e46de44f4fd919ce4347337620f"
        },
        {
          "url": "https://git.kernel.org/stable/c/872cd2d029d2c970a8a1eea88b48dab2b3f2e93a"
        },
        {
          "url": "https://git.kernel.org/stable/c/4684d69b9670a83992189f6271dc0fcdec4ed0d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/95cdd538e0e5677efbdf8aade04ec098ab98f457"
        }
      ],
      "title": "fbdev: efifb: Register sysfs groups through driver core",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49925",
    "datePublished": "2024-10-21T18:01:49.732Z",
    "dateReserved": "2024-10-21T12:17:06.036Z",
    "dateUpdated": "2025-11-03T20:42:00.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53217 (GCVE-0-2024-53217)

Vulnerability from cvelistv5 – Published: 2024-12-27 13:50 – Updated: 2025-11-03 20:47

Title

NFSD: Prevent NULL dereference in nfsd4_process_cb_update()

Summary

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4_process_cb_update() @ses is initialized to NULL. If __nfsd4_find_backchannel() finds no available backchannel session, setup_callback_client() will try to dereference @ses and segfault.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d9a0d1f6e15859ea7…
	https://git.kernel.org/stable/c/cac1405e3ff6685a4…
	https://git.kernel.org/stable/c/752a75811f27300fe…
	https://git.kernel.org/stable/c/c5d90f9302742985a…
	https://git.kernel.org/stable/c/0c3b0e326f838787d…
	https://git.kernel.org/stable/c/eb51733ae5fc73d95…
	https://git.kernel.org/stable/c/03178cd8f67227015…
	https://git.kernel.org/stable/c/4a4ffc1aa9d618e41…
	https://git.kernel.org/stable/c/1e02c641c3a43c88c…

Impacted products

Vendor

Product

Version

Linux

Affected: dcbeaa68dbbdacbbb330a86c7fc95a28473fc209 , < d9a0d1f6e15859ea7a86a327f28491e23deaaa62 (git)
Affected: dcbeaa68dbbdacbbb330a86c7fc95a28473fc209 , < cac1405e3ff6685a438e910ad719e0cf06af90ee (git)
Affected: dcbeaa68dbbdacbbb330a86c7fc95a28473fc209 , < 752a75811f27300fe8131b0a1efc91960f6f88e7 (git)
Affected: dcbeaa68dbbdacbbb330a86c7fc95a28473fc209 , < c5d90f9302742985a5078e42ac38de42c364c44a (git)
Affected: dcbeaa68dbbdacbbb330a86c7fc95a28473fc209 , < 0c3b0e326f838787d229314d4de83af9c53347e8 (git)
Affected: dcbeaa68dbbdacbbb330a86c7fc95a28473fc209 , < eb51733ae5fc73d95bd857d5da26f9f65b202a79 (git)
Affected: dcbeaa68dbbdacbbb330a86c7fc95a28473fc209 , < 03178cd8f67227015debb700123987fe96275cd1 (git)
Affected: dcbeaa68dbbdacbbb330a86c7fc95a28473fc209 , < 4a4ffc1aa9d618e41ad9151f40966e402e58a5a2 (git)
Affected: dcbeaa68dbbdacbbb330a86c7fc95a28473fc209 , < 1e02c641c3a43c88cecc08402000418e15578d38 (git)

Linux

Affected: 2.6.38
Unaffected: 0 , < 2.6.38 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-53217",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:03:26.697178Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:19.173Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:47:47.124Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/nfs4callback.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d9a0d1f6e15859ea7a86a327f28491e23deaaa62",
              "status": "affected",
              "version": "dcbeaa68dbbdacbbb330a86c7fc95a28473fc209",
              "versionType": "git"
            },
            {
              "lessThan": "cac1405e3ff6685a438e910ad719e0cf06af90ee",
              "status": "affected",
              "version": "dcbeaa68dbbdacbbb330a86c7fc95a28473fc209",
              "versionType": "git"
            },
            {
              "lessThan": "752a75811f27300fe8131b0a1efc91960f6f88e7",
              "status": "affected",
              "version": "dcbeaa68dbbdacbbb330a86c7fc95a28473fc209",
              "versionType": "git"
            },
            {
              "lessThan": "c5d90f9302742985a5078e42ac38de42c364c44a",
              "status": "affected",
              "version": "dcbeaa68dbbdacbbb330a86c7fc95a28473fc209",
              "versionType": "git"
            },
            {
              "lessThan": "0c3b0e326f838787d229314d4de83af9c53347e8",
              "status": "affected",
              "version": "dcbeaa68dbbdacbbb330a86c7fc95a28473fc209",
              "versionType": "git"
            },
            {
              "lessThan": "eb51733ae5fc73d95bd857d5da26f9f65b202a79",
              "status": "affected",
              "version": "dcbeaa68dbbdacbbb330a86c7fc95a28473fc209",
              "versionType": "git"
            },
            {
              "lessThan": "03178cd8f67227015debb700123987fe96275cd1",
              "status": "affected",
              "version": "dcbeaa68dbbdacbbb330a86c7fc95a28473fc209",
              "versionType": "git"
            },
            {
              "lessThan": "4a4ffc1aa9d618e41ad9151f40966e402e58a5a2",
              "status": "affected",
              "version": "dcbeaa68dbbdacbbb330a86c7fc95a28473fc209",
              "versionType": "git"
            },
            {
              "lessThan": "1e02c641c3a43c88cecc08402000418e15578d38",
              "status": "affected",
              "version": "dcbeaa68dbbdacbbb330a86c7fc95a28473fc209",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/nfs4callback.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.38"
            },
            {
              "lessThan": "2.6.38",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Prevent NULL dereference in nfsd4_process_cb_update()\n\n@ses is initialized to NULL. If __nfsd4_find_backchannel() finds no\navailable backchannel session, setup_callback_client() will try to\ndereference @ses and segfault."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:56:10.872Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d9a0d1f6e15859ea7a86a327f28491e23deaaa62"
        },
        {
          "url": "https://git.kernel.org/stable/c/cac1405e3ff6685a438e910ad719e0cf06af90ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/752a75811f27300fe8131b0a1efc91960f6f88e7"
        },
        {
          "url": "https://git.kernel.org/stable/c/c5d90f9302742985a5078e42ac38de42c364c44a"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c3b0e326f838787d229314d4de83af9c53347e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/eb51733ae5fc73d95bd857d5da26f9f65b202a79"
        },
        {
          "url": "https://git.kernel.org/stable/c/03178cd8f67227015debb700123987fe96275cd1"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a4ffc1aa9d618e41ad9151f40966e402e58a5a2"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e02c641c3a43c88cecc08402000418e15578d38"
        }
      ],
      "title": "NFSD: Prevent NULL dereference in nfsd4_process_cb_update()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53217",
    "datePublished": "2024-12-27T13:50:02.727Z",
    "dateReserved": "2024-11-19T17:17:25.024Z",
    "dateUpdated": "2025-11-03T20:47:47.124Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21702 (GCVE-0-2025-21702)

Vulnerability from cvelistv5 – Published: 2025-02-18 14:37 – Updated: 2025-11-03 19:35

Title

pfifo_tail_enqueue: Drop new packet when sch->limit == 0

Summary

In the Linux kernel, the following vulnerability has been resolved: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Expected behaviour: In case we reach scheduler's limit, pfifo_tail_enqueue() will drop a packet in scheduler's queue and decrease scheduler's qlen by one. Then, pfifo_tail_enqueue() enqueue new packet and increase scheduler's qlen by one. Finally, pfifo_tail_enqueue() return `NET_XMIT_CN` status code. Weird behaviour: In case we set `sch->limit == 0` and trigger pfifo_tail_enqueue() on a scheduler that has no packet, the 'drop a packet' step will do nothing. This means the scheduler's qlen still has value equal 0. Then, we continue to enqueue new packet and increase scheduler's qlen by one. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by one and return `NET_XMIT_CN` status code. The problem is: Let's say we have two qdiscs: Qdisc_A and Qdisc_B. - Qdisc_A's type must have '->graft()' function to create parent/child relationship. Let's say Qdisc_A's type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`. - Qdisc_B's type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`. - Qdisc_B is configured to have `sch->limit == 0`. - Qdisc_A is configured to route the enqueued's packet to Qdisc_B. Enqueue packet through Qdisc_A will lead to: - hfsc_enqueue(Qdisc_A) -> pfifo_tail_enqueue(Qdisc_B) - Qdisc_B->q.qlen += 1 - pfifo_tail_enqueue() return `NET_XMIT_CN` - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` => hfsc_enqueue() don't increase qlen of Qdisc_A. The whole process lead to a situation where Qdisc_A->q.qlen == 0 and Qdisc_B->q.qlen == 1. Replace 'hfsc' with other type (for example: 'drr') still lead to the same problem. This violate the design where parent's qlen should equal to the sum of its childrens'qlen. Bug impact: This issue can be used for user->kernel privilege escalation when it is reachable.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/78285b53266d6d51f…
	https://git.kernel.org/stable/c/7a9723ec27aff5674…
	https://git.kernel.org/stable/c/a56a6e8589a9b98d8…
	https://git.kernel.org/stable/c/020ecb76812a0526f…
	https://git.kernel.org/stable/c/79a955ea4a2e5ddf4…
	https://git.kernel.org/stable/c/e40cb34b7f247fe2e…
	https://git.kernel.org/stable/c/b6a079c3b6f95378f…
	https://git.kernel.org/stable/c/647cef20e649c576d…

Impacted products

Vendor

Product

Version

Linux

Affected: 57dbb2d83d100ea601c54fe129bfde0678db5dee , < 78285b53266d6d51fa4ff504a23df03852eba84e (git)
Affected: 57dbb2d83d100ea601c54fe129bfde0678db5dee , < 7a9723ec27aff5674f1fd4934608937f1d650980 (git)
Affected: 57dbb2d83d100ea601c54fe129bfde0678db5dee , < a56a6e8589a9b98d8171611fbcc1e45a15fd2455 (git)
Affected: 57dbb2d83d100ea601c54fe129bfde0678db5dee , < 020ecb76812a0526f4130ab5aeb6dc7c773e7ab9 (git)
Affected: 57dbb2d83d100ea601c54fe129bfde0678db5dee , < 79a955ea4a2e5ddf4a36328959de0de496419888 (git)
Affected: 57dbb2d83d100ea601c54fe129bfde0678db5dee , < e40cb34b7f247fe2e366fd192700d1b4f38196ca (git)
Affected: 57dbb2d83d100ea601c54fe129bfde0678db5dee , < b6a079c3b6f95378f26e2aeda520cb3176f7067b (git)
Affected: 57dbb2d83d100ea601c54fe129bfde0678db5dee , < 647cef20e649c576dff271e018d5d15d998b629d (git)

Linux

Affected: 2.6.34
Unaffected: 0 , < 2.6.34 (semver)
Unaffected: 5.4.291 , ≤ 5.4.* (semver)
Unaffected: 5.10.235 , ≤ 5.10.* (semver)
Unaffected: 5.15.179 , ≤ 5.15.* (semver)
Unaffected: 6.1.130 , ≤ 6.1.* (semver)
Unaffected: 6.6.83 , ≤ 6.6.* (semver)
Unaffected: 6.12.14 , ≤ 6.12.* (semver)
Unaffected: 6.13.3 , ≤ 6.13.* (semver)
Unaffected: 6.14 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:35:50.649Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_fifo.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "78285b53266d6d51fa4ff504a23df03852eba84e",
              "status": "affected",
              "version": "57dbb2d83d100ea601c54fe129bfde0678db5dee",
              "versionType": "git"
            },
            {
              "lessThan": "7a9723ec27aff5674f1fd4934608937f1d650980",
              "status": "affected",
              "version": "57dbb2d83d100ea601c54fe129bfde0678db5dee",
              "versionType": "git"
            },
            {
              "lessThan": "a56a6e8589a9b98d8171611fbcc1e45a15fd2455",
              "status": "affected",
              "version": "57dbb2d83d100ea601c54fe129bfde0678db5dee",
              "versionType": "git"
            },
            {
              "lessThan": "020ecb76812a0526f4130ab5aeb6dc7c773e7ab9",
              "status": "affected",
              "version": "57dbb2d83d100ea601c54fe129bfde0678db5dee",
              "versionType": "git"
            },
            {
              "lessThan": "79a955ea4a2e5ddf4a36328959de0de496419888",
              "status": "affected",
              "version": "57dbb2d83d100ea601c54fe129bfde0678db5dee",
              "versionType": "git"
            },
            {
              "lessThan": "e40cb34b7f247fe2e366fd192700d1b4f38196ca",
              "status": "affected",
              "version": "57dbb2d83d100ea601c54fe129bfde0678db5dee",
              "versionType": "git"
            },
            {
              "lessThan": "b6a079c3b6f95378f26e2aeda520cb3176f7067b",
              "status": "affected",
              "version": "57dbb2d83d100ea601c54fe129bfde0678db5dee",
              "versionType": "git"
            },
            {
              "lessThan": "647cef20e649c576dff271e018d5d15d998b629d",
              "status": "affected",
              "version": "57dbb2d83d100ea601c54fe129bfde0678db5dee",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_fifo.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.34"
            },
            {
              "lessThan": "2.6.34",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.291",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.179",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.130",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.291",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.235",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.179",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.130",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.83",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.14",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.3",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0\n\nExpected behaviour:\nIn case we reach scheduler\u0027s limit, pfifo_tail_enqueue() will drop a\npacket in scheduler\u0027s queue and decrease scheduler\u0027s qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler\u0027s qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\n\nWeird behaviour:\nIn case we set `sch-\u003elimit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the \u0027drop a packet\u0027 step will do nothing.\nThis means the scheduler\u0027s qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler\u0027s qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\n\nThe problem is:\nLet\u0027s say we have two qdiscs: Qdisc_A and Qdisc_B.\n - Qdisc_A\u0027s type must have \u0027-\u003egraft()\u0027 function to create parent/child relationship.\n   Let\u0027s say Qdisc_A\u0027s type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n - Qdisc_B\u0027s type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n - Qdisc_B is configured to have `sch-\u003elimit == 0`.\n - Qdisc_A is configured to route the enqueued\u0027s packet to Qdisc_B.\n\nEnqueue packet through Qdisc_A will lead to:\n - hfsc_enqueue(Qdisc_A) -\u003e pfifo_tail_enqueue(Qdisc_B)\n - Qdisc_B-\u003eq.qlen += 1\n - pfifo_tail_enqueue() return `NET_XMIT_CN`\n - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` =\u003e hfsc_enqueue() don\u0027t increase qlen of Qdisc_A.\n\nThe whole process lead to a situation where Qdisc_A-\u003eq.qlen == 0 and Qdisc_B-\u003eq.qlen == 1.\nReplace \u0027hfsc\u0027 with other type (for example: \u0027drr\u0027) still lead to the same problem.\nThis violate the design where parent\u0027s qlen should equal to the sum of its childrens\u0027qlen.\n\nBug impact: This issue can be used for user-\u003ekernel privilege escalation when it is reachable."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:19:19.050Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/78285b53266d6d51fa4ff504a23df03852eba84e"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a9723ec27aff5674f1fd4934608937f1d650980"
        },
        {
          "url": "https://git.kernel.org/stable/c/a56a6e8589a9b98d8171611fbcc1e45a15fd2455"
        },
        {
          "url": "https://git.kernel.org/stable/c/020ecb76812a0526f4130ab5aeb6dc7c773e7ab9"
        },
        {
          "url": "https://git.kernel.org/stable/c/79a955ea4a2e5ddf4a36328959de0de496419888"
        },
        {
          "url": "https://git.kernel.org/stable/c/e40cb34b7f247fe2e366fd192700d1b4f38196ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/b6a079c3b6f95378f26e2aeda520cb3176f7067b"
        },
        {
          "url": "https://git.kernel.org/stable/c/647cef20e649c576dff271e018d5d15d998b629d"
        }
      ],
      "title": "pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21702",
    "datePublished": "2025-02-18T14:37:43.429Z",
    "dateReserved": "2024-12-29T08:45:45.748Z",
    "dateUpdated": "2025-11-03T19:35:50.649Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56568 (GCVE-0-2024-56568)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:23 – Updated: 2025-11-03 20:49

Title

iommu/arm-smmu: Defer probe of clients after smmu device bound

Summary

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after the iommu_device_register() for smmu driver probe has executed but before the driver_bound() for smmu driver has been called. Following is how the race occurs: T1:Smmu device probe T2: Client device probe really_probe() arm_smmu_device_probe() iommu_device_register() really_probe() platform_dma_configure() of_dma_configure() of_dma_configure_id() of_iommu_configure() iommu_probe_device() iommu_init_device() arm_smmu_probe_device() arm_smmu_get_by_fwnode() driver_find_device_by_fwnode() driver_find_device() next_device() klist_next() /* null ptr assigned to smmu */ /* null ptr dereference while smmu->streamid_mask */ driver_bound() klist_add_tail() When this null smmu pointer is dereferenced later in arm_smmu_probe_device, the device crashes. Fix this by deferring the probe of the client device until the smmu device has bound to the arm smmu driver. [will: Add comment]

Severity ?

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c2527d07c7e9cda2c…
	https://git.kernel.org/stable/c/dc02407ea952e20c5…
	https://git.kernel.org/stable/c/f8f794f387ad21c46…
	https://git.kernel.org/stable/c/4a9485918a042e311…
	https://git.kernel.org/stable/c/5018696b19bc6c021…
	https://git.kernel.org/stable/c/229e6ee43d2a160a1…

Impacted products

Vendor

Product

Version

Linux

Affected: 021bb8420d44cf56102d44fca9af628625e75482 , < c2527d07c7e9cda2c6165d5edccf74752baac1b0 (git)
Affected: 021bb8420d44cf56102d44fca9af628625e75482 , < dc02407ea952e20c544a078a6be2e6f008327973 (git)
Affected: 021bb8420d44cf56102d44fca9af628625e75482 , < f8f794f387ad21c4696e5cd0626cb6f8a5f6aea5 (git)
Affected: 021bb8420d44cf56102d44fca9af628625e75482 , < 4a9485918a042e3114890dfbe19839a1897f8b2c (git)
Affected: 021bb8420d44cf56102d44fca9af628625e75482 , < 5018696b19bc6c021e934a8a59f4b1dd8c0ac9f8 (git)
Affected: 021bb8420d44cf56102d44fca9af628625e75482 , < 229e6ee43d2a160a1592b83aad620d6027084aad (git)

Linux

Affected: 4.9
Unaffected: 0 , < 4.9 (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.4 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.7,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56568",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:02:09.885077Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:15.959Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:49:37.672Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/iommu/arm/arm-smmu/arm-smmu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c2527d07c7e9cda2c6165d5edccf74752baac1b0",
              "status": "affected",
              "version": "021bb8420d44cf56102d44fca9af628625e75482",
              "versionType": "git"
            },
            {
              "lessThan": "dc02407ea952e20c544a078a6be2e6f008327973",
              "status": "affected",
              "version": "021bb8420d44cf56102d44fca9af628625e75482",
              "versionType": "git"
            },
            {
              "lessThan": "f8f794f387ad21c4696e5cd0626cb6f8a5f6aea5",
              "status": "affected",
              "version": "021bb8420d44cf56102d44fca9af628625e75482",
              "versionType": "git"
            },
            {
              "lessThan": "4a9485918a042e3114890dfbe19839a1897f8b2c",
              "status": "affected",
              "version": "021bb8420d44cf56102d44fca9af628625e75482",
              "versionType": "git"
            },
            {
              "lessThan": "5018696b19bc6c021e934a8a59f4b1dd8c0ac9f8",
              "status": "affected",
              "version": "021bb8420d44cf56102d44fca9af628625e75482",
              "versionType": "git"
            },
            {
              "lessThan": "229e6ee43d2a160a1592b83aad620d6027084aad",
              "status": "affected",
              "version": "021bb8420d44cf56102d44fca9af628625e75482",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/iommu/arm/arm-smmu/arm-smmu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.9"
            },
            {
              "lessThan": "4.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.4",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu: Defer probe of clients after smmu device bound\n\nNull pointer dereference occurs due to a race between smmu\ndriver probe and client driver probe, when of_dma_configure()\nfor client is called after the iommu_device_register() for smmu driver\nprobe has executed but before the driver_bound() for smmu driver\nhas been called.\n\nFollowing is how the race occurs:\n\nT1:Smmu device probe\t\tT2: Client device probe\n\nreally_probe()\narm_smmu_device_probe()\niommu_device_register()\n\t\t\t\t\treally_probe()\n\t\t\t\t\tplatform_dma_configure()\n\t\t\t\t\tof_dma_configure()\n\t\t\t\t\tof_dma_configure_id()\n\t\t\t\t\tof_iommu_configure()\n\t\t\t\t\tiommu_probe_device()\n\t\t\t\t\tiommu_init_device()\n\t\t\t\t\tarm_smmu_probe_device()\n\t\t\t\t\tarm_smmu_get_by_fwnode()\n\t\t\t\t\t\tdriver_find_device_by_fwnode()\n\t\t\t\t\t\tdriver_find_device()\n\t\t\t\t\t\tnext_device()\n\t\t\t\t\t\tklist_next()\n\t\t\t\t\t\t    /* null ptr\n\t\t\t\t\t\t       assigned to smmu */\n\t\t\t\t\t/* null ptr dereference\n\t\t\t\t\t   while smmu-\u003estreamid_mask */\ndriver_bound()\n\tklist_add_tail()\n\nWhen this null smmu pointer is dereferenced later in\narm_smmu_probe_device, the device crashes.\n\nFix this by deferring the probe of the client device\nuntil the smmu device has bound to the arm smmu driver.\n\n[will: Add comment]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:58:34.224Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c2527d07c7e9cda2c6165d5edccf74752baac1b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc02407ea952e20c544a078a6be2e6f008327973"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8f794f387ad21c4696e5cd0626cb6f8a5f6aea5"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a9485918a042e3114890dfbe19839a1897f8b2c"
        },
        {
          "url": "https://git.kernel.org/stable/c/5018696b19bc6c021e934a8a59f4b1dd8c0ac9f8"
        },
        {
          "url": "https://git.kernel.org/stable/c/229e6ee43d2a160a1592b83aad620d6027084aad"
        }
      ],
      "title": "iommu/arm-smmu: Defer probe of clients after smmu device bound",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56568",
    "datePublished": "2024-12-27T14:23:11.733Z",
    "dateReserved": "2024-12-27T14:03:05.996Z",
    "dateUpdated": "2025-11-03T20:49:37.672Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36899 (GCVE-0-2024-36899)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:29 – Updated: 2025-11-03 20:37

Title

gpiolib: cdev: Fix use after free in lineinfo_changed_notify

Summary

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfo_changed_notify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpio_chrdev_release(), watched_lines is freed by bitmap_free(), but the unregistration of lineinfo_changed_nb notifier chain failed due to waiting write rwsem. Additionally, one of the GPIO chip's lines is also in the release process and holds the notifier chain's read rwsem. Consequently, a race condition leads to the use-after-free of watched_lines. Here is the typical stack when issue happened: [free] gpio_chrdev_release() --> bitmap_free(cdev->watched_lines) <-- freed --> blocking_notifier_chain_unregister() --> down_write(&nh->rwsem) <-- waiting rwsem --> __down_write_common() --> rwsem_down_write_slowpath() --> schedule_preempt_disabled() --> schedule() [use] st54spi_gpio_dev_release() --> gpio_free() --> gpiod_free() --> gpiod_free_commit() --> gpiod_line_state_notify() --> blocking_notifier_call_chain() --> down_read(&nh->rwsem); <-- held rwsem --> notifier_call_chain() --> lineinfo_changed_notify() --> test_bit(xxxx, cdev->watched_lines) <-- use after free The side effect of the use-after-free issue is that a GPIO line event is being generated for userspace where it shouldn't. However, since the chrdev is being closed, userspace won't have the chance to read that event anyway. To fix the issue, call the bitmap_free() function after the unregistration of lineinfo_changed_nb notifier chain.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/2dfbb920a89bdc580…
	https://git.kernel.org/stable/c/2d008d4961b039d2e…
	https://git.kernel.org/stable/c/d38c49f7bdf143812…
	https://git.kernel.org/stable/c/95ca7c90eaf5ea8a8…
	https://git.kernel.org/stable/c/ca710b5f40b8b16fd…
	https://git.kernel.org/stable/c/02f6b0e1ec7e0e7d0…

Impacted products

Vendor

Product

Version

Linux

Affected: 51c1064e82e77b39a49889287ca50709303e2f26 , < 2dfbb920a89bdc58087672ad5325dc6c588b6860 (git)
Affected: 51c1064e82e77b39a49889287ca50709303e2f26 , < 2d008d4961b039d2edce8976289773961b7e5fb5 (git)
Affected: 51c1064e82e77b39a49889287ca50709303e2f26 , < d38c49f7bdf14381270736299e2ff68ec248a017 (git)
Affected: 51c1064e82e77b39a49889287ca50709303e2f26 , < 95ca7c90eaf5ea8a8460536535101e3e81160e2a (git)
Affected: 51c1064e82e77b39a49889287ca50709303e2f26 , < ca710b5f40b8b16fdcad50bebd47f50e4c62d239 (git)
Affected: 51c1064e82e77b39a49889287ca50709303e2f26 , < 02f6b0e1ec7e0e7d059dddc893645816552039da (git)

Linux

Affected: 5.7
Unaffected: 0 , < 5.7 (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.127 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36899",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-10T18:48:31.477532Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-10T18:48:41.419Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:37:56.889Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/95ca7c90eaf5ea8a8460536535101e3e81160e2a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ca710b5f40b8b16fdcad50bebd47f50e4c62d239"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/02f6b0e1ec7e0e7d059dddc893645816552039da"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpio/gpiolib-cdev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2dfbb920a89bdc58087672ad5325dc6c588b6860",
              "status": "affected",
              "version": "51c1064e82e77b39a49889287ca50709303e2f26",
              "versionType": "git"
            },
            {
              "lessThan": "2d008d4961b039d2edce8976289773961b7e5fb5",
              "status": "affected",
              "version": "51c1064e82e77b39a49889287ca50709303e2f26",
              "versionType": "git"
            },
            {
              "lessThan": "d38c49f7bdf14381270736299e2ff68ec248a017",
              "status": "affected",
              "version": "51c1064e82e77b39a49889287ca50709303e2f26",
              "versionType": "git"
            },
            {
              "lessThan": "95ca7c90eaf5ea8a8460536535101e3e81160e2a",
              "status": "affected",
              "version": "51c1064e82e77b39a49889287ca50709303e2f26",
              "versionType": "git"
            },
            {
              "lessThan": "ca710b5f40b8b16fdcad50bebd47f50e4c62d239",
              "status": "affected",
              "version": "51c1064e82e77b39a49889287ca50709303e2f26",
              "versionType": "git"
            },
            {
              "lessThan": "02f6b0e1ec7e0e7d059dddc893645816552039da",
              "status": "affected",
              "version": "51c1064e82e77b39a49889287ca50709303e2f26",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpio/gpiolib-cdev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.7"
            },
            {
              "lessThan": "5.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.127",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.127",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: cdev: Fix use after free in lineinfo_changed_notify\n\nThe use-after-free issue occurs as follows: when the GPIO chip device file\nis being closed by invoking gpio_chrdev_release(), watched_lines is freed\nby bitmap_free(), but the unregistration of lineinfo_changed_nb notifier\nchain failed due to waiting write rwsem. Additionally, one of the GPIO\nchip\u0027s lines is also in the release process and holds the notifier chain\u0027s\nread rwsem. Consequently, a race condition leads to the use-after-free of\nwatched_lines.\n\nHere is the typical stack when issue happened:\n\n[free]\ngpio_chrdev_release()\n  --\u003e bitmap_free(cdev-\u003ewatched_lines)                  \u003c-- freed\n  --\u003e blocking_notifier_chain_unregister()\n    --\u003e down_write(\u0026nh-\u003erwsem)                          \u003c-- waiting rwsem\n          --\u003e __down_write_common()\n            --\u003e rwsem_down_write_slowpath()\n                  --\u003e schedule_preempt_disabled()\n                    --\u003e schedule()\n\n[use]\nst54spi_gpio_dev_release()\n  --\u003e gpio_free()\n    --\u003e gpiod_free()\n      --\u003e gpiod_free_commit()\n        --\u003e gpiod_line_state_notify()\n          --\u003e blocking_notifier_call_chain()\n            --\u003e down_read(\u0026nh-\u003erwsem);                  \u003c-- held rwsem\n            --\u003e notifier_call_chain()\n              --\u003e lineinfo_changed_notify()\n                --\u003e test_bit(xxxx, cdev-\u003ewatched_lines) \u003c-- use after free\n\nThe side effect of the use-after-free issue is that a GPIO line event is\nbeing generated for userspace where it shouldn\u0027t. However, since the chrdev\nis being closed, userspace won\u0027t have the chance to read that event anyway.\n\nTo fix the issue, call the bitmap_free() function after the unregistration\nof lineinfo_changed_nb notifier chain."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:11:39.914Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2dfbb920a89bdc58087672ad5325dc6c588b6860"
        },
        {
          "url": "https://git.kernel.org/stable/c/2d008d4961b039d2edce8976289773961b7e5fb5"
        },
        {
          "url": "https://git.kernel.org/stable/c/d38c49f7bdf14381270736299e2ff68ec248a017"
        },
        {
          "url": "https://git.kernel.org/stable/c/95ca7c90eaf5ea8a8460536535101e3e81160e2a"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca710b5f40b8b16fdcad50bebd47f50e4c62d239"
        },
        {
          "url": "https://git.kernel.org/stable/c/02f6b0e1ec7e0e7d059dddc893645816552039da"
        }
      ],
      "title": "gpiolib: cdev: Fix use after free in lineinfo_changed_notify",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36899",
    "datePublished": "2024-05-30T15:29:02.591Z",
    "dateReserved": "2024-05-30T15:25:07.066Z",
    "dateUpdated": "2025-11-03T20:37:56.889Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-47408 (GCVE-0-2024-47408)

Vulnerability from cvelistv5 – Published: 2025-01-11 12:35 – Updated: 2025-11-03 20:39

Title

net/smc: check smcd_v2_ext_offset when receiving proposal msg

Summary

In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcd_v2_ext_offset when receiving proposal msg When receiving proposal msg in server, the field smcd_v2_ext_offset in proposal msg is from the remote client and can not be fully trusted. Once the value of smcd_v2_ext_offset exceed the max value, there has the chance to access wrong address, and crash may happen. This patch checks the value of smcd_v2_ext_offset before using it.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a36364d8d4fabb105…
	https://git.kernel.org/stable/c/e1cc8be2a785a8f1c…
	https://git.kernel.org/stable/c/935caf324b445fe73…
	https://git.kernel.org/stable/c/48d5a8a304a643613…
	https://git.kernel.org/stable/c/9ab332deb671d8f7e…

Impacted products

Vendor

Product

Version

Linux

Affected: 5c21c4ccafe85906db809de3af391fd434df8a27 , < a36364d8d4fabb105001f992fb8ff2d3546203d6 (git)
Affected: 5c21c4ccafe85906db809de3af391fd434df8a27 , < e1cc8be2a785a8f1ce1f597f3e608602c5fccd46 (git)
Affected: 5c21c4ccafe85906db809de3af391fd434df8a27 , < 935caf324b445fe73d7708fae6f7176fb243f357 (git)
Affected: 5c21c4ccafe85906db809de3af391fd434df8a27 , < 48d5a8a304a643613dab376a278f29d3e22f7c34 (git)
Affected: 5c21c4ccafe85906db809de3af391fd434df8a27 , < 9ab332deb671d8f7e66d82a2ff2b3f715bc3a4ad (git)

Linux

Affected: 5.10
Unaffected: 0 , < 5.10 (semver)
Unaffected: 5.15.176 , ≤ 5.15.* (semver)
Unaffected: 6.1.122 , ≤ 6.1.* (semver)
Unaffected: 6.6.68 , ≤ 6.6.* (semver)
Unaffected: 6.12.7 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:39:33.276Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/smc/af_smc.c",
            "net/smc/smc_clc.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a36364d8d4fabb105001f992fb8ff2d3546203d6",
              "status": "affected",
              "version": "5c21c4ccafe85906db809de3af391fd434df8a27",
              "versionType": "git"
            },
            {
              "lessThan": "e1cc8be2a785a8f1ce1f597f3e608602c5fccd46",
              "status": "affected",
              "version": "5c21c4ccafe85906db809de3af391fd434df8a27",
              "versionType": "git"
            },
            {
              "lessThan": "935caf324b445fe73d7708fae6f7176fb243f357",
              "status": "affected",
              "version": "5c21c4ccafe85906db809de3af391fd434df8a27",
              "versionType": "git"
            },
            {
              "lessThan": "48d5a8a304a643613dab376a278f29d3e22f7c34",
              "status": "affected",
              "version": "5c21c4ccafe85906db809de3af391fd434df8a27",
              "versionType": "git"
            },
            {
              "lessThan": "9ab332deb671d8f7e66d82a2ff2b3f715bc3a4ad",
              "status": "affected",
              "version": "5c21c4ccafe85906db809de3af391fd434df8a27",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/smc/af_smc.c",
            "net/smc/smc_clc.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.122",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.68",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.176",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.122",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.68",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.7",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check smcd_v2_ext_offset when receiving proposal msg\n\nWhen receiving proposal msg in server, the field smcd_v2_ext_offset in\nproposal msg is from the remote client and can not be fully trusted.\nOnce the value of smcd_v2_ext_offset exceed the max value, there has\nthe chance to access wrong address, and crash may happen.\n\nThis patch checks the value of smcd_v2_ext_offset before using it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:36:30.974Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a36364d8d4fabb105001f992fb8ff2d3546203d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/e1cc8be2a785a8f1ce1f597f3e608602c5fccd46"
        },
        {
          "url": "https://git.kernel.org/stable/c/935caf324b445fe73d7708fae6f7176fb243f357"
        },
        {
          "url": "https://git.kernel.org/stable/c/48d5a8a304a643613dab376a278f29d3e22f7c34"
        },
        {
          "url": "https://git.kernel.org/stable/c/9ab332deb671d8f7e66d82a2ff2b3f715bc3a4ad"
        }
      ],
      "title": "net/smc: check smcd_v2_ext_offset when receiving proposal msg",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-47408",
    "datePublished": "2025-01-11T12:35:35.284Z",
    "dateReserved": "2025-01-11T12:34:02.588Z",
    "dateUpdated": "2025-11-03T20:39:33.276Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53184 (GCVE-0-2024-53184)

Vulnerability from cvelistv5 – Published: 2024-12-27 13:49 – Updated: 2026-01-05 10:55

Title

um: ubd: Do not use drvdata in release

Summary

In the Linux kernel, the following vulnerability has been resolved: um: ubd: Do not use drvdata in release The drvdata is not available in release. Let's just use container_of() to get the ubd instance. Otherwise, removing a ubd device will result in a crash: RIP: 0033:blk_mq_free_tag_set+0x1f/0xba RSP: 00000000e2083bf0 EFLAGS: 00010246 RAX: 000000006021463a RBX: 0000000000000348 RCX: 0000000062604d00 RDX: 0000000004208060 RSI: 00000000605241a0 RDI: 0000000000000348 RBP: 00000000e2083c10 R08: 0000000062414010 R09: 00000000601603f7 R10: 000000000000133a R11: 000000006038c4bd R12: 0000000000000000 R13: 0000000060213a5c R14: 0000000062405d20 R15: 00000000604f7aa0 Kernel panic - not syncing: Segfault with no mm CPU: 0 PID: 17 Comm: kworker/0:1 Not tainted 6.8.0-rc3-00107-gba3f67c11638 #1 Workqueue: events mc_work_proc Stack: 00000000 604f7ef0 62c5d000 62405d20 e2083c30 6002c776 6002c755 600e47ff e2083c60 6025ffe3 04208060 603d36e0 Call Trace: [<6002c776>] ubd_device_release+0x21/0x55 [<6002c755>] ? ubd_device_release+0x0/0x55 [<600e47ff>] ? kfree+0x0/0x100 [<6025ffe3>] device_release+0x70/0xba [<60381d6a>] kobject_put+0xb5/0xe2 [<6026027b>] put_device+0x19/0x1c [<6026a036>] platform_device_put+0x26/0x29 [<6026ac5a>] platform_device_unregister+0x2c/0x2e [<6002c52e>] ubd_remove+0xb8/0xd6 [<6002bb74>] ? mconsole_reply+0x0/0x50 [<6002b926>] mconsole_remove+0x160/0x1cc [<6002bbbc>] ? mconsole_reply+0x48/0x50 [<6003379c>] ? um_set_signals+0x3b/0x43 [<60061c55>] ? update_min_vruntime+0x14/0x70 [<6006251f>] ? dequeue_task_fair+0x164/0x235 [<600620aa>] ? update_cfs_group+0x0/0x40 [<603a0e77>] ? __schedule+0x0/0x3ed [<60033761>] ? um_set_signals+0x0/0x43 [<6002af6a>] mc_work_proc+0x77/0x91 [<600520b4>] process_scheduled_works+0x1af/0x2c3 [<6004ede3>] ? assign_work+0x0/0x58 [<600527a1>] worker_thread+0x2f7/0x37a [<6004ee3b>] ? set_pf_worker+0x0/0x64 [<6005765d>] ? arch_local_irq_save+0x0/0x2d [<60058e07>] ? kthread_exit+0x0/0x3a [<600524aa>] ? worker_thread+0x0/0x37a [<60058f9f>] kthread+0x130/0x135 [<6002068e>] new_thread_handler+0x85/0xb6

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/23d742a3fcd4781ee…
	https://git.kernel.org/stable/c/300e277e463e63269…
	https://git.kernel.org/stable/c/509ba8746f812e45a…
	https://git.kernel.org/stable/c/5727343348f34e11a…
	https://git.kernel.org/stable/c/a5a75207efae4b558…
	https://git.kernel.org/stable/c/2d194d951895df214…
	https://git.kernel.org/stable/c/e6e5a4cded9bef3a1…
	https://git.kernel.org/stable/c/16cf8511680809a9f…
	https://git.kernel.org/stable/c/5bee35e5389f450a7…

Impacted products

Vendor

Product

Version

Linux

Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < 23d742a3fcd4781eed015a3a93e6a0e3ab1ef2a8 (git)
Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < 300e277e463e6326938dd55ea560eafa0f5c88a5 (git)
Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < 509ba8746f812e45a05034ba18b73db574693d11 (git)
Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < 5727343348f34e11a7c5a2a944d5aa505731d876 (git)
Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < a5a75207efae4b558aaa34c288de7d6f2e926b4b (git)
Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < 2d194d951895df214e066d08146e77cb6e02c1d4 (git)
Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < e6e5a4cded9bef3a1b0a4fac815b7176eb9a18ec (git)
Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < 16cf8511680809a9f20b3dd224c06d482648f9e2 (git)
Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < 5bee35e5389f450a7eea7318deb9073e9414d3b1 (git)

Linux

Affected: 3.6
Unaffected: 0 , < 3.6 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:47:21.339Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/um/drivers/ubd_kern.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "23d742a3fcd4781eed015a3a93e6a0e3ab1ef2a8",
              "status": "affected",
              "version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
              "versionType": "git"
            },
            {
              "lessThan": "300e277e463e6326938dd55ea560eafa0f5c88a5",
              "status": "affected",
              "version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
              "versionType": "git"
            },
            {
              "lessThan": "509ba8746f812e45a05034ba18b73db574693d11",
              "status": "affected",
              "version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
              "versionType": "git"
            },
            {
              "lessThan": "5727343348f34e11a7c5a2a944d5aa505731d876",
              "status": "affected",
              "version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
              "versionType": "git"
            },
            {
              "lessThan": "a5a75207efae4b558aaa34c288de7d6f2e926b4b",
              "status": "affected",
              "version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
              "versionType": "git"
            },
            {
              "lessThan": "2d194d951895df214e066d08146e77cb6e02c1d4",
              "status": "affected",
              "version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
              "versionType": "git"
            },
            {
              "lessThan": "e6e5a4cded9bef3a1b0a4fac815b7176eb9a18ec",
              "status": "affected",
              "version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
              "versionType": "git"
            },
            {
              "lessThan": "16cf8511680809a9f20b3dd224c06d482648f9e2",
              "status": "affected",
              "version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
              "versionType": "git"
            },
            {
              "lessThan": "5bee35e5389f450a7eea7318deb9073e9414d3b1",
              "status": "affected",
              "version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/um/drivers/ubd_kern.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.6"
            },
            {
              "lessThan": "3.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\num: ubd: Do not use drvdata in release\n\nThe drvdata is not available in release. Let\u0027s just use container_of()\nto get the ubd instance. Otherwise, removing a ubd device will result\nin a crash:\n\nRIP: 0033:blk_mq_free_tag_set+0x1f/0xba\nRSP: 00000000e2083bf0  EFLAGS: 00010246\nRAX: 000000006021463a RBX: 0000000000000348 RCX: 0000000062604d00\nRDX: 0000000004208060 RSI: 00000000605241a0 RDI: 0000000000000348\nRBP: 00000000e2083c10 R08: 0000000062414010 R09: 00000000601603f7\nR10: 000000000000133a R11: 000000006038c4bd R12: 0000000000000000\nR13: 0000000060213a5c R14: 0000000062405d20 R15: 00000000604f7aa0\nKernel panic - not syncing: Segfault with no mm\nCPU: 0 PID: 17 Comm: kworker/0:1 Not tainted 6.8.0-rc3-00107-gba3f67c11638 #1\nWorkqueue: events mc_work_proc\nStack:\n 00000000 604f7ef0 62c5d000 62405d20\n e2083c30 6002c776 6002c755 600e47ff\n e2083c60 6025ffe3 04208060 603d36e0\nCall Trace:\n [\u003c6002c776\u003e] ubd_device_release+0x21/0x55\n [\u003c6002c755\u003e] ? ubd_device_release+0x0/0x55\n [\u003c600e47ff\u003e] ? kfree+0x0/0x100\n [\u003c6025ffe3\u003e] device_release+0x70/0xba\n [\u003c60381d6a\u003e] kobject_put+0xb5/0xe2\n [\u003c6026027b\u003e] put_device+0x19/0x1c\n [\u003c6026a036\u003e] platform_device_put+0x26/0x29\n [\u003c6026ac5a\u003e] platform_device_unregister+0x2c/0x2e\n [\u003c6002c52e\u003e] ubd_remove+0xb8/0xd6\n [\u003c6002bb74\u003e] ? mconsole_reply+0x0/0x50\n [\u003c6002b926\u003e] mconsole_remove+0x160/0x1cc\n [\u003c6002bbbc\u003e] ? mconsole_reply+0x48/0x50\n [\u003c6003379c\u003e] ? um_set_signals+0x3b/0x43\n [\u003c60061c55\u003e] ? update_min_vruntime+0x14/0x70\n [\u003c6006251f\u003e] ? dequeue_task_fair+0x164/0x235\n [\u003c600620aa\u003e] ? update_cfs_group+0x0/0x40\n [\u003c603a0e77\u003e] ? __schedule+0x0/0x3ed\n [\u003c60033761\u003e] ? um_set_signals+0x0/0x43\n [\u003c6002af6a\u003e] mc_work_proc+0x77/0x91\n [\u003c600520b4\u003e] process_scheduled_works+0x1af/0x2c3\n [\u003c6004ede3\u003e] ? assign_work+0x0/0x58\n [\u003c600527a1\u003e] worker_thread+0x2f7/0x37a\n [\u003c6004ee3b\u003e] ? set_pf_worker+0x0/0x64\n [\u003c6005765d\u003e] ? arch_local_irq_save+0x0/0x2d\n [\u003c60058e07\u003e] ? kthread_exit+0x0/0x3a\n [\u003c600524aa\u003e] ? worker_thread+0x0/0x37a\n [\u003c60058f9f\u003e] kthread+0x130/0x135\n [\u003c6002068e\u003e] new_thread_handler+0x85/0xb6"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:55:48.077Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/23d742a3fcd4781eed015a3a93e6a0e3ab1ef2a8"
        },
        {
          "url": "https://git.kernel.org/stable/c/300e277e463e6326938dd55ea560eafa0f5c88a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/509ba8746f812e45a05034ba18b73db574693d11"
        },
        {
          "url": "https://git.kernel.org/stable/c/5727343348f34e11a7c5a2a944d5aa505731d876"
        },
        {
          "url": "https://git.kernel.org/stable/c/a5a75207efae4b558aaa34c288de7d6f2e926b4b"
        },
        {
          "url": "https://git.kernel.org/stable/c/2d194d951895df214e066d08146e77cb6e02c1d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/e6e5a4cded9bef3a1b0a4fac815b7176eb9a18ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/16cf8511680809a9f20b3dd224c06d482648f9e2"
        },
        {
          "url": "https://git.kernel.org/stable/c/5bee35e5389f450a7eea7318deb9073e9414d3b1"
        }
      ],
      "title": "um: ubd: Do not use drvdata in release",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53184",
    "datePublished": "2024-12-27T13:49:27.184Z",
    "dateReserved": "2024-11-19T17:17:25.010Z",
    "dateUpdated": "2026-01-05T10:55:48.077Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-57890 (GCVE-0-2024-57890)

Vulnerability from cvelistv5 – Published: 2025-01-15 13:05 – Updated: 2025-11-03 20:55

Title

RDMA/uverbs: Prevent integer overflow issue

Summary

In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Prevent integer overflow issue In the expression "cmd.wqe_size * cmd.wr_count", both variables are u32 values that come from the user so the multiplication can lead to integer wrapping. Then we pass the result to uverbs_request_next_ptr() which also could potentially wrap. The "cmd.sge_count * sizeof(struct ib_uverbs_sge)" multiplication can also overflow on 32bit systems although it's fine on 64bit systems. This patch does two things. First, I've re-arranged the condition in uverbs_request_next_ptr() so that the use controlled variable "len" is on one side of the comparison by itself without any math. Then I've modified all the callers to use size_mul() for the multiplications.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c57721b24bd897338…
	https://git.kernel.org/stable/c/42a6eb4ed7a9a41ba…
	https://git.kernel.org/stable/c/c2f961c46ea0e5274…
	https://git.kernel.org/stable/c/346db03e9926ab711…
	https://git.kernel.org/stable/c/b92667f755749cf10…
	https://git.kernel.org/stable/c/b3ef4ae7133605011…
	https://git.kernel.org/stable/c/d0257e089d1bbd35c…

Impacted products

Vendor

Product

Version

Linux

Affected: 67cdb40ca444c09853ab4d8a41cf547ac26a4de4 , < c57721b24bd897338a81a0ca5fff41600f0f1ad1 (git)
Affected: 67cdb40ca444c09853ab4d8a41cf547ac26a4de4 , < 42a6eb4ed7a9a41ba0b83eb0c7e0225b5fca5608 (git)
Affected: 67cdb40ca444c09853ab4d8a41cf547ac26a4de4 , < c2f961c46ea0e5274c5c320d007c2dd949cf627a (git)
Affected: 67cdb40ca444c09853ab4d8a41cf547ac26a4de4 , < 346db03e9926ab7117ed9bf19665699c037c773c (git)
Affected: 67cdb40ca444c09853ab4d8a41cf547ac26a4de4 , < b92667f755749cf10d9ef1088865c555ae83ffb7 (git)
Affected: 67cdb40ca444c09853ab4d8a41cf547ac26a4de4 , < b3ef4ae713360501182695dd47d6b4f6e1a43eb8 (git)
Affected: 67cdb40ca444c09853ab4d8a41cf547ac26a4de4 , < d0257e089d1bbd35c69b6c97ff73e3690ab149a9 (git)

Linux

Affected: 2.6.15
Unaffected: 0 , < 2.6.15 (semver)
Unaffected: 5.4.289 , ≤ 5.4.* (semver)
Unaffected: 5.10.233 , ≤ 5.10.* (semver)
Unaffected: 5.15.176 , ≤ 5.15.* (semver)
Unaffected: 6.1.124 , ≤ 6.1.* (semver)
Unaffected: 6.6.70 , ≤ 6.6.* (semver)
Unaffected: 6.12.9 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-57890",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:54:43.293040Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-190",
                "description": "CWE-190 Integer Overflow or Wraparound",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:19.385Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:55:02.845Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/core/uverbs_cmd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c57721b24bd897338a81a0ca5fff41600f0f1ad1",
              "status": "affected",
              "version": "67cdb40ca444c09853ab4d8a41cf547ac26a4de4",
              "versionType": "git"
            },
            {
              "lessThan": "42a6eb4ed7a9a41ba0b83eb0c7e0225b5fca5608",
              "status": "affected",
              "version": "67cdb40ca444c09853ab4d8a41cf547ac26a4de4",
              "versionType": "git"
            },
            {
              "lessThan": "c2f961c46ea0e5274c5c320d007c2dd949cf627a",
              "status": "affected",
              "version": "67cdb40ca444c09853ab4d8a41cf547ac26a4de4",
              "versionType": "git"
            },
            {
              "lessThan": "346db03e9926ab7117ed9bf19665699c037c773c",
              "status": "affected",
              "version": "67cdb40ca444c09853ab4d8a41cf547ac26a4de4",
              "versionType": "git"
            },
            {
              "lessThan": "b92667f755749cf10d9ef1088865c555ae83ffb7",
              "status": "affected",
              "version": "67cdb40ca444c09853ab4d8a41cf547ac26a4de4",
              "versionType": "git"
            },
            {
              "lessThan": "b3ef4ae713360501182695dd47d6b4f6e1a43eb8",
              "status": "affected",
              "version": "67cdb40ca444c09853ab4d8a41cf547ac26a4de4",
              "versionType": "git"
            },
            {
              "lessThan": "d0257e089d1bbd35c69b6c97ff73e3690ab149a9",
              "status": "affected",
              "version": "67cdb40ca444c09853ab4d8a41cf547ac26a4de4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/core/uverbs_cmd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.15"
            },
            {
              "lessThan": "2.6.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.289",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.233",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.124",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.70",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.289",
                  "versionStartIncluding": "2.6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.233",
                  "versionStartIncluding": "2.6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.176",
                  "versionStartIncluding": "2.6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.124",
                  "versionStartIncluding": "2.6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.70",
                  "versionStartIncluding": "2.6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.9",
                  "versionStartIncluding": "2.6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/uverbs: Prevent integer overflow issue\n\nIn the expression \"cmd.wqe_size * cmd.wr_count\", both variables are u32\nvalues that come from the user so the multiplication can lead to integer\nwrapping.  Then we pass the result to uverbs_request_next_ptr() which also\ncould potentially wrap.  The \"cmd.sge_count * sizeof(struct ib_uverbs_sge)\"\nmultiplication can also overflow on 32bit systems although it\u0027s fine on\n64bit systems.\n\nThis patch does two things.  First, I\u0027ve re-arranged the condition in\nuverbs_request_next_ptr() so that the use controlled variable \"len\" is on\none side of the comparison by itself without any math.  Then I\u0027ve modified\nall the callers to use size_mul() for the multiplications."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:05:59.389Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c57721b24bd897338a81a0ca5fff41600f0f1ad1"
        },
        {
          "url": "https://git.kernel.org/stable/c/42a6eb4ed7a9a41ba0b83eb0c7e0225b5fca5608"
        },
        {
          "url": "https://git.kernel.org/stable/c/c2f961c46ea0e5274c5c320d007c2dd949cf627a"
        },
        {
          "url": "https://git.kernel.org/stable/c/346db03e9926ab7117ed9bf19665699c037c773c"
        },
        {
          "url": "https://git.kernel.org/stable/c/b92667f755749cf10d9ef1088865c555ae83ffb7"
        },
        {
          "url": "https://git.kernel.org/stable/c/b3ef4ae713360501182695dd47d6b4f6e1a43eb8"
        },
        {
          "url": "https://git.kernel.org/stable/c/d0257e089d1bbd35c69b6c97ff73e3690ab149a9"
        }
      ],
      "title": "RDMA/uverbs: Prevent integer overflow issue",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57890",
    "datePublished": "2025-01-15T13:05:42.690Z",
    "dateReserved": "2025-01-11T14:45:42.027Z",
    "dateUpdated": "2025-11-03T20:55:02.845Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35973 (GCVE-0-2024-35973)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:42 – Updated: 2025-05-04 12:56

Title

geneve: fix header validation in geneve[6]_xmit_skb

Summary

In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve[6]_xmit_skb syzbot is able to trigger an uninit-value in geneve_xmit() [1] Problem : While most ip tunnel helpers (like ip_tunnel_get_dsfield()) uses skb_protocol(skb, true), pskb_inet_may_pull() is only using skb->protocol. If anything else than ETH_P_IPV6 or ETH_P_IP is found in skb->protocol, pskb_inet_may_pull() does nothing at all. If a vlan tag was provided by the caller (af_packet in the syzbot case), the network header might not point to the correct location, and skb linear part could be smaller than expected. Add skb_vlan_inet_prepare() to perform a complete mac validation. Use this in geneve for the moment, I suspect we need to adopt this more broadly. v4 - Jakub reported v3 broke l2_tos_ttl_inherit.sh selftest - Only call __vlan_get_protocol() for vlan types. v2,v3 - Addressed Sabrina comments on v1 and v2 [1] BUG: KMSAN: uninit-value in geneve_xmit_skb drivers/net/geneve.c:910 [inline] BUG: KMSAN: uninit-value in geneve_xmit+0x302d/0x5420 drivers/net/geneve.c:1030 geneve_xmit_skb drivers/net/geneve.c:910 [inline] geneve_xmit+0x302d/0x5420 drivers/net/geneve.c:1030 __netdev_start_xmit include/linux/netdevice.h:4903 [inline] netdev_start_xmit include/linux/netdevice.h:4917 [inline] xmit_one net/core/dev.c:3531 [inline] dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3547 __dev_queue_xmit+0x348d/0x52c0 net/core/dev.c:4335 dev_queue_xmit include/linux/netdevice.h:3091 [inline] packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3081 [inline] packet_sendmsg+0x8bb0/0x9ef0 net/packet/af_packet.c:3113 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 __sys_sendto+0x685/0x830 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2199 do_syscall_64+0xd5/0x1f0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Uninit was created at: slab_post_alloc_hook mm/slub.c:3804 [inline] slab_alloc_node mm/slub.c:3845 [inline] kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577 __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668 alloc_skb include/linux/skbuff.h:1318 [inline] alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504 sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795 packet_alloc_skb net/packet/af_packet.c:2930 [inline] packet_snd net/packet/af_packet.c:3024 [inline] packet_sendmsg+0x722d/0x9ef0 net/packet/af_packet.c:3113 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 __sys_sendto+0x685/0x830 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2199 do_syscall_64+0xd5/0x1f0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 CPU: 0 PID: 5033 Comm: syz-executor346 Not tainted 6.9.0-rc1-syzkaller-00005-g928a87efa423 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/43be590456e1f3566…
	https://git.kernel.org/stable/c/d3adf11d7993518a3…
	https://git.kernel.org/stable/c/10204df9beda4978b…
	https://git.kernel.org/stable/c/3c1ae6de74e3d2d63…
	https://git.kernel.org/stable/c/4a1b65d1e55d53b39…
	https://git.kernel.org/stable/c/190d9efa5773f26d6…
	https://git.kernel.org/stable/c/357163fff3a6e48fe…
	https://git.kernel.org/stable/c/d8a6213d70accb403…

Impacted products

Vendor

Product

Version

Linux

Affected: 35385daa8db320d2d9664930c28e732578b0d7de , < 43be590456e1f3566054ce78ae2dbb68cbe1a536 (git)
Affected: 6f92124d74419797fadfbcd5b7a72c384a6413ad , < d3adf11d7993518a39bd02b383cfe657ccc0023c (git)
Affected: 71ad9260c001b217d704cda88ecea251b2d367da , < 10204df9beda4978bd1d0c2db0d8375bfb03b915 (git)
Affected: d13f048dd40e8577260cd43faea8ec9b77520197 , < 3c1ae6de74e3d2d6333d29a2d3e13e6094596c79 (git)
Affected: d13f048dd40e8577260cd43faea8ec9b77520197 , < 4a1b65d1e55d53b397cb27014208be1e04172670 (git)
Affected: d13f048dd40e8577260cd43faea8ec9b77520197 , < 190d9efa5773f26d6f334b1b8be282c4fa13fd5e (git)
Affected: d13f048dd40e8577260cd43faea8ec9b77520197 , < 357163fff3a6e48fe74745425a32071ec9caf852 (git)
Affected: d13f048dd40e8577260cd43faea8ec9b77520197 , < d8a6213d70accb403b82924a1c229e733433a5ef (git)
Affected: 9a51e36ebf433adf59c051bec33f5aa54640bb4d (git)
Affected: 21815f28af8081b258552c111774ff320cf38d38 (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.156 , ≤ 5.15.* (semver)
Unaffected: 6.1.87 , ≤ 6.1.* (semver)
Unaffected: 6.6.28 , ≤ 6.6.* (semver)
Unaffected: 6.8.7 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35973",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-29T18:16:33.435108Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-29T19:56:09.359Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/43be590456e1f3566054ce78ae2dbb68cbe1a536"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d3adf11d7993518a39bd02b383cfe657ccc0023c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/10204df9beda4978bd1d0c2db0d8375bfb03b915"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3c1ae6de74e3d2d6333d29a2d3e13e6094596c79"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4a1b65d1e55d53b397cb27014208be1e04172670"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/190d9efa5773f26d6f334b1b8be282c4fa13fd5e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/357163fff3a6e48fe74745425a32071ec9caf852"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d8a6213d70accb403b82924a1c229e733433a5ef"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/geneve.c",
            "include/net/ip_tunnels.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "43be590456e1f3566054ce78ae2dbb68cbe1a536",
              "status": "affected",
              "version": "35385daa8db320d2d9664930c28e732578b0d7de",
              "versionType": "git"
            },
            {
              "lessThan": "d3adf11d7993518a39bd02b383cfe657ccc0023c",
              "status": "affected",
              "version": "6f92124d74419797fadfbcd5b7a72c384a6413ad",
              "versionType": "git"
            },
            {
              "lessThan": "10204df9beda4978bd1d0c2db0d8375bfb03b915",
              "status": "affected",
              "version": "71ad9260c001b217d704cda88ecea251b2d367da",
              "versionType": "git"
            },
            {
              "lessThan": "3c1ae6de74e3d2d6333d29a2d3e13e6094596c79",
              "status": "affected",
              "version": "d13f048dd40e8577260cd43faea8ec9b77520197",
              "versionType": "git"
            },
            {
              "lessThan": "4a1b65d1e55d53b397cb27014208be1e04172670",
              "status": "affected",
              "version": "d13f048dd40e8577260cd43faea8ec9b77520197",
              "versionType": "git"
            },
            {
              "lessThan": "190d9efa5773f26d6f334b1b8be282c4fa13fd5e",
              "status": "affected",
              "version": "d13f048dd40e8577260cd43faea8ec9b77520197",
              "versionType": "git"
            },
            {
              "lessThan": "357163fff3a6e48fe74745425a32071ec9caf852",
              "status": "affected",
              "version": "d13f048dd40e8577260cd43faea8ec9b77520197",
              "versionType": "git"
            },
            {
              "lessThan": "d8a6213d70accb403b82924a1c229e733433a5ef",
              "status": "affected",
              "version": "d13f048dd40e8577260cd43faea8ec9b77520197",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "9a51e36ebf433adf59c051bec33f5aa54640bb4d",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "21815f28af8081b258552c111774ff320cf38d38",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/geneve.c",
            "include/net/ip_tunnels.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.156",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "4.19.191",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "5.4.119",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.10.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.156",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.87",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.28",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.7",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.11.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.12.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: fix header validation in geneve[6]_xmit_skb\n\nsyzbot is able to trigger an uninit-value in geneve_xmit() [1]\n\nProblem : While most ip tunnel helpers (like ip_tunnel_get_dsfield())\nuses skb_protocol(skb, true), pskb_inet_may_pull() is only using\nskb-\u003eprotocol.\n\nIf anything else than ETH_P_IPV6 or ETH_P_IP is found in skb-\u003eprotocol,\npskb_inet_may_pull() does nothing at all.\n\nIf a vlan tag was provided by the caller (af_packet in the syzbot case),\nthe network header might not point to the correct location, and skb\nlinear part could be smaller than expected.\n\nAdd skb_vlan_inet_prepare() to perform a complete mac validation.\n\nUse this in geneve for the moment, I suspect we need to adopt this\nmore broadly.\n\nv4 - Jakub reported v3 broke l2_tos_ttl_inherit.sh selftest\n   - Only call __vlan_get_protocol() for vlan types.\n\nv2,v3 - Addressed Sabrina comments on v1 and v2\n\n[1]\n\nBUG: KMSAN: uninit-value in geneve_xmit_skb drivers/net/geneve.c:910 [inline]\n BUG: KMSAN: uninit-value in geneve_xmit+0x302d/0x5420 drivers/net/geneve.c:1030\n  geneve_xmit_skb drivers/net/geneve.c:910 [inline]\n  geneve_xmit+0x302d/0x5420 drivers/net/geneve.c:1030\n  __netdev_start_xmit include/linux/netdevice.h:4903 [inline]\n  netdev_start_xmit include/linux/netdevice.h:4917 [inline]\n  xmit_one net/core/dev.c:3531 [inline]\n  dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3547\n  __dev_queue_xmit+0x348d/0x52c0 net/core/dev.c:4335\n  dev_queue_xmit include/linux/netdevice.h:3091 [inline]\n  packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n  packet_snd net/packet/af_packet.c:3081 [inline]\n  packet_sendmsg+0x8bb0/0x9ef0 net/packet/af_packet.c:3113\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2191\n  __do_sys_sendto net/socket.c:2203 [inline]\n  __se_sys_sendto net/socket.c:2199 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2199\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n  slab_post_alloc_hook mm/slub.c:3804 [inline]\n  slab_alloc_node mm/slub.c:3845 [inline]\n  kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888\n  kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577\n  __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668\n  alloc_skb include/linux/skbuff.h:1318 [inline]\n  alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504\n  sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795\n  packet_alloc_skb net/packet/af_packet.c:2930 [inline]\n  packet_snd net/packet/af_packet.c:3024 [inline]\n  packet_sendmsg+0x722d/0x9ef0 net/packet/af_packet.c:3113\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2191\n  __do_sys_sendto net/socket.c:2203 [inline]\n  __se_sys_sendto net/socket.c:2199 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2199\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nCPU: 0 PID: 5033 Comm: syz-executor346 Not tainted 6.9.0-rc1-syzkaller-00005-g928a87efa423 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:56:09.345Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/43be590456e1f3566054ce78ae2dbb68cbe1a536"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3adf11d7993518a39bd02b383cfe657ccc0023c"
        },
        {
          "url": "https://git.kernel.org/stable/c/10204df9beda4978bd1d0c2db0d8375bfb03b915"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c1ae6de74e3d2d6333d29a2d3e13e6094596c79"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a1b65d1e55d53b397cb27014208be1e04172670"
        },
        {
          "url": "https://git.kernel.org/stable/c/190d9efa5773f26d6f334b1b8be282c4fa13fd5e"
        },
        {
          "url": "https://git.kernel.org/stable/c/357163fff3a6e48fe74745425a32071ec9caf852"
        },
        {
          "url": "https://git.kernel.org/stable/c/d8a6213d70accb403b82924a1c229e733433a5ef"
        }
      ],
      "title": "geneve: fix header validation in geneve[6]_xmit_skb",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35973",
    "datePublished": "2024-05-20T09:42:00.475Z",
    "dateReserved": "2024-05-17T13:50:33.142Z",
    "dateUpdated": "2025-05-04T12:56:09.345Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-56670 (GCVE-0-2024-56670)

Vulnerability from cvelistv5 – Published: 2024-12-27 15:06 – Updated: 2025-11-03 20:52

Title

usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer Considering that in some extreme cases, when u_serial driver is accessed by multiple threads, Thread A is executing the open operation and calling the gs_open, Thread B is executing the disconnect operation and calling the gserial_disconnect function,The port->port_usb pointer will be set to NULL. E.g. Thread A Thread B gs_open() gadget_unbind_driver() gs_start_io() composite_disconnect() gs_start_rx() gserial_disconnect() ... ... spin_unlock(&port->port_lock) status = usb_ep_queue() spin_lock(&port->port_lock) spin_lock(&port->port_lock) port->port_usb = NULL gs_free_requests(port->port_usb->in) spin_unlock(&port->port_lock) Crash This causes thread A to access a null pointer (port->port_usb is null) when calling the gs_free_requests function, causing a crash. If port_usb is NULL, the release request will be skipped as it will be done by gserial_disconnect. So add a null pointer check to gs_start_io before attempting to access the value of the pointer port->port_usb. Call trace: gs_start_io+0x164/0x25c gs_open+0x108/0x13c tty_open+0x314/0x638 chrdev_open+0x1b8/0x258 do_dentry_open+0x2c4/0x700 vfs_open+0x2c/0x3c path_openat+0xa64/0xc60 do_filp_open+0xb8/0x164 do_sys_openat2+0x84/0xf0 __arm64_sys_openat+0x70/0x9c invoke_syscall+0x58/0x114 el0_svc_common+0x80/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x38/0x68

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4efdfdc32d8d6307f…
	https://git.kernel.org/stable/c/28b3c03a6790de1f6…
	https://git.kernel.org/stable/c/1247e1df086aa6c17…
	https://git.kernel.org/stable/c/c83213b6649d22656…
	https://git.kernel.org/stable/c/8ca07a3d18f39b166…
	https://git.kernel.org/stable/c/dd6b0ca6025f64ccb…
	https://git.kernel.org/stable/c/4cfbca86f6a8b801f…

Impacted products

Vendor

Product

Version

Linux

Affected: c1dca562be8ada614ef193aa246c6f8705bcd6b9 , < 4efdfdc32d8d6307f968cd99f1db64468471bab1 (git)
Affected: c1dca562be8ada614ef193aa246c6f8705bcd6b9 , < 28b3c03a6790de1f6f2683919ad657840f0f0f58 (git)
Affected: c1dca562be8ada614ef193aa246c6f8705bcd6b9 , < 1247e1df086aa6c17ab53cd1bedce70dd7132765 (git)
Affected: c1dca562be8ada614ef193aa246c6f8705bcd6b9 , < c83213b6649d22656b3a4e92544ceeea8a2c6c07 (git)
Affected: c1dca562be8ada614ef193aa246c6f8705bcd6b9 , < 8ca07a3d18f39b1669927ef536e485787e856df6 (git)
Affected: c1dca562be8ada614ef193aa246c6f8705bcd6b9 , < dd6b0ca6025f64ccb465a6a3460c5b0307ed9c44 (git)
Affected: c1dca562be8ada614ef193aa246c6f8705bcd6b9 , < 4cfbca86f6a8b801f3254e0e3c8f2b1d2d64be2b (git)

Linux

Affected: 2.6.27
Unaffected: 0 , < 2.6.27 (semver)
Unaffected: 5.4.288 , ≤ 5.4.* (semver)
Unaffected: 5.10.232 , ≤ 5.10.* (semver)
Unaffected: 5.15.175 , ≤ 5.15.* (semver)
Unaffected: 6.1.121 , ≤ 6.1.* (semver)
Unaffected: 6.6.67 , ≤ 6.6.* (semver)
Unaffected: 6.12.6 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56670",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:59:37.791870Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:09.242Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:52:17.369Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/function/u_serial.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4efdfdc32d8d6307f968cd99f1db64468471bab1",
              "status": "affected",
              "version": "c1dca562be8ada614ef193aa246c6f8705bcd6b9",
              "versionType": "git"
            },
            {
              "lessThan": "28b3c03a6790de1f6f2683919ad657840f0f0f58",
              "status": "affected",
              "version": "c1dca562be8ada614ef193aa246c6f8705bcd6b9",
              "versionType": "git"
            },
            {
              "lessThan": "1247e1df086aa6c17ab53cd1bedce70dd7132765",
              "status": "affected",
              "version": "c1dca562be8ada614ef193aa246c6f8705bcd6b9",
              "versionType": "git"
            },
            {
              "lessThan": "c83213b6649d22656b3a4e92544ceeea8a2c6c07",
              "status": "affected",
              "version": "c1dca562be8ada614ef193aa246c6f8705bcd6b9",
              "versionType": "git"
            },
            {
              "lessThan": "8ca07a3d18f39b1669927ef536e485787e856df6",
              "status": "affected",
              "version": "c1dca562be8ada614ef193aa246c6f8705bcd6b9",
              "versionType": "git"
            },
            {
              "lessThan": "dd6b0ca6025f64ccb465a6a3460c5b0307ed9c44",
              "status": "affected",
              "version": "c1dca562be8ada614ef193aa246c6f8705bcd6b9",
              "versionType": "git"
            },
            {
              "lessThan": "4cfbca86f6a8b801f3254e0e3c8f2b1d2d64be2b",
              "status": "affected",
              "version": "c1dca562be8ada614ef193aa246c6f8705bcd6b9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/function/u_serial.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.27"
            },
            {
              "lessThan": "2.6.27",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.288",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.232",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.175",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.121",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.67",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.288",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.232",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.175",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.121",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.67",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.6",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer\n\nConsidering that in some extreme cases,\nwhen u_serial driver is accessed by multiple threads,\nThread A is executing the open operation and calling the gs_open,\nThread B is executing the disconnect operation and calling the\ngserial_disconnect function,The port-\u003eport_usb pointer will be set to NULL.\n\nE.g.\n    Thread A                                 Thread B\n    gs_open()                                gadget_unbind_driver()\n    gs_start_io()                            composite_disconnect()\n    gs_start_rx()                            gserial_disconnect()\n    ...                                      ...\n    spin_unlock(\u0026port-\u003eport_lock)\n    status = usb_ep_queue()                  spin_lock(\u0026port-\u003eport_lock)\n    spin_lock(\u0026port-\u003eport_lock)              port-\u003eport_usb = NULL\n    gs_free_requests(port-\u003eport_usb-\u003ein)     spin_unlock(\u0026port-\u003eport_lock)\n    Crash\n\nThis causes thread A to access a null pointer (port-\u003eport_usb is null)\nwhen calling the gs_free_requests function, causing a crash.\n\nIf port_usb is NULL, the release request will be skipped as it\nwill be done by gserial_disconnect.\n\nSo add a null pointer check to gs_start_io before attempting\nto access the value of the pointer port-\u003eport_usb.\n\nCall trace:\n gs_start_io+0x164/0x25c\n gs_open+0x108/0x13c\n tty_open+0x314/0x638\n chrdev_open+0x1b8/0x258\n do_dentry_open+0x2c4/0x700\n vfs_open+0x2c/0x3c\n path_openat+0xa64/0xc60\n do_filp_open+0xb8/0x164\n do_sys_openat2+0x84/0xf0\n __arm64_sys_openat+0x70/0x9c\n invoke_syscall+0x58/0x114\n el0_svc_common+0x80/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x38/0x68"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:01:40.207Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4efdfdc32d8d6307f968cd99f1db64468471bab1"
        },
        {
          "url": "https://git.kernel.org/stable/c/28b3c03a6790de1f6f2683919ad657840f0f0f58"
        },
        {
          "url": "https://git.kernel.org/stable/c/1247e1df086aa6c17ab53cd1bedce70dd7132765"
        },
        {
          "url": "https://git.kernel.org/stable/c/c83213b6649d22656b3a4e92544ceeea8a2c6c07"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ca07a3d18f39b1669927ef536e485787e856df6"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd6b0ca6025f64ccb465a6a3460c5b0307ed9c44"
        },
        {
          "url": "https://git.kernel.org/stable/c/4cfbca86f6a8b801f3254e0e3c8f2b1d2d64be2b"
        }
      ],
      "title": "usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56670",
    "datePublished": "2024-12-27T15:06:31.611Z",
    "dateReserved": "2024-12-27T15:00:39.844Z",
    "dateUpdated": "2025-11-03T20:52:17.369Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56777 (GCVE-0-2024-56777)

Vulnerability from cvelistv5 – Published: 2025-01-08 17:49 – Updated: 2025-11-03 20:54

Title

drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f5804567cf9605d6e…
	https://git.kernel.org/stable/c/b79612ed6bc1a184c…
	https://git.kernel.org/stable/c/997b64c3f4c1827c5…
	https://git.kernel.org/stable/c/3cf2e7c448e246f7e…
	https://git.kernel.org/stable/c/e965e771b069421c2…

Impacted products

Vendor

Product

Version

Linux

Affected: dd86dc2f9ae1102f46115be1f1422265c15540f1 , < f5804567cf9605d6e5ec46c0bb786f7d50f18c13 (git)
Affected: dd86dc2f9ae1102f46115be1f1422265c15540f1 , < b79612ed6bc1a184c45427105c851b5b2d4342ca (git)
Affected: dd86dc2f9ae1102f46115be1f1422265c15540f1 , < 997b64c3f4c1827c5cfda8ae7f5d13f78d28b541 (git)
Affected: dd86dc2f9ae1102f46115be1f1422265c15540f1 , < 3cf2e7c448e246f7e700c7aa47450d1e27579559 (git)
Affected: dd86dc2f9ae1102f46115be1f1422265c15540f1 , < e965e771b069421c233d674c3c8cd8c7f7245f42 (git)

Linux

Affected: 4.6
Unaffected: 0 , < 4.6 (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.12.4 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56777",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:56:35.251436Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:24.441Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:54:12.562Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/sti/sti_gdp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f5804567cf9605d6e5ec46c0bb786f7d50f18c13",
              "status": "affected",
              "version": "dd86dc2f9ae1102f46115be1f1422265c15540f1",
              "versionType": "git"
            },
            {
              "lessThan": "b79612ed6bc1a184c45427105c851b5b2d4342ca",
              "status": "affected",
              "version": "dd86dc2f9ae1102f46115be1f1422265c15540f1",
              "versionType": "git"
            },
            {
              "lessThan": "997b64c3f4c1827c5cfda8ae7f5d13f78d28b541",
              "status": "affected",
              "version": "dd86dc2f9ae1102f46115be1f1422265c15540f1",
              "versionType": "git"
            },
            {
              "lessThan": "3cf2e7c448e246f7e700c7aa47450d1e27579559",
              "status": "affected",
              "version": "dd86dc2f9ae1102f46115be1f1422265c15540f1",
              "versionType": "git"
            },
            {
              "lessThan": "e965e771b069421c233d674c3c8cd8c7f7245f42",
              "status": "affected",
              "version": "dd86dc2f9ae1102f46115be1f1422265c15540f1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/sti/sti_gdp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.6"
            },
            {
              "lessThan": "4.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.4",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check\n\nThe return value of drm_atomic_get_crtc_state() needs to be\nchecked. To avoid use of error pointer \u0027crtc_state\u0027 in case\nof the failure."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:04:29.866Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f5804567cf9605d6e5ec46c0bb786f7d50f18c13"
        },
        {
          "url": "https://git.kernel.org/stable/c/b79612ed6bc1a184c45427105c851b5b2d4342ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/997b64c3f4c1827c5cfda8ae7f5d13f78d28b541"
        },
        {
          "url": "https://git.kernel.org/stable/c/3cf2e7c448e246f7e700c7aa47450d1e27579559"
        },
        {
          "url": "https://git.kernel.org/stable/c/e965e771b069421c233d674c3c8cd8c7f7245f42"
        }
      ],
      "title": "drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56777",
    "datePublished": "2025-01-08T17:49:15.483Z",
    "dateReserved": "2024-12-29T11:26:39.766Z",
    "dateUpdated": "2025-11-03T20:54:12.562Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56640 (GCVE-0-2024-56640)

Vulnerability from cvelistv5 – Published: 2024-12-27 15:02 – Updated: 2025-11-03 20:51

Title

net/smc: fix LGR and link use-after-free issue

Summary

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix LGR and link use-after-free issue We encountered a LGR/link use-after-free issue, which manifested as the LGR/link refcnt reaching 0 early and entering the clear process, making resource access unsafe. refcount_t: addition on 0; use-after-free. WARNING: CPU: 14 PID: 107447 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x140 Workqueue: events smc_lgr_terminate_work [smc] Call trace: refcount_warn_saturate+0x9c/0x140 __smc_lgr_terminate.part.45+0x2a8/0x370 [smc] smc_lgr_terminate_work+0x28/0x30 [smc] process_one_work+0x1b8/0x420 worker_thread+0x158/0x510 kthread+0x114/0x118 or refcount_t: underflow; use-after-free. WARNING: CPU: 6 PID: 93140 at lib/refcount.c:28 refcount_warn_saturate+0xf0/0x140 Workqueue: smc_hs_wq smc_listen_work [smc] Call trace: refcount_warn_saturate+0xf0/0x140 smcr_link_put+0x1cc/0x1d8 [smc] smc_conn_free+0x110/0x1b0 [smc] smc_conn_abort+0x50/0x60 [smc] smc_listen_find_device+0x75c/0x790 [smc] smc_listen_work+0x368/0x8a0 [smc] process_one_work+0x1b8/0x420 worker_thread+0x158/0x510 kthread+0x114/0x118 It is caused by repeated release of LGR/link refcnt. One suspect is that smc_conn_free() is called repeatedly because some smc_conn_free() from server listening path are not protected by sock lock. e.g. Calls under socklock | smc_listen_work ------------------------------------------------------- lock_sock(sk) | smc_conn_abort smc_conn_free | \- smc_conn_free \- smcr_link_put | \- smcr_link_put (duplicated) release_sock(sk) So here add sock lock protection in smc_listen_work() path, making it exclusive with other connection operations.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f502a88fdd415647a…
	https://git.kernel.org/stable/c/0cf598548a6c36d90…
	https://git.kernel.org/stable/c/673d606683ac70bc0…
	https://git.kernel.org/stable/c/6f0ae06a234a78ae1…
	https://git.kernel.org/stable/c/2c7f14ed9c19ec0f1…

Impacted products

Vendor

Product

Version

Linux

Affected: 3b2dec2603d5b06ad3af71c1164ca0b92df3d2a8 , < f502a88fdd415647a1f2dc45fac71b9c522a052b (git)
Affected: 3b2dec2603d5b06ad3af71c1164ca0b92df3d2a8 , < 0cf598548a6c36d90681d53c6b77d52363f2f295 (git)
Affected: 3b2dec2603d5b06ad3af71c1164ca0b92df3d2a8 , < 673d606683ac70bc074ca6676b938bff18635226 (git)
Affected: 3b2dec2603d5b06ad3af71c1164ca0b92df3d2a8 , < 6f0ae06a234a78ae137064f2c89135ac078a00eb (git)
Affected: 3b2dec2603d5b06ad3af71c1164ca0b92df3d2a8 , < 2c7f14ed9c19ec0f149479d1c2842ec1f9bf76d7 (git)

Linux

Affected: 4.18
Unaffected: 0 , < 4.18 (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56640",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T15:41:51.231757Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T15:45:22.074Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:51:40.000Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/smc/af_smc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f502a88fdd415647a1f2dc45fac71b9c522a052b",
              "status": "affected",
              "version": "3b2dec2603d5b06ad3af71c1164ca0b92df3d2a8",
              "versionType": "git"
            },
            {
              "lessThan": "0cf598548a6c36d90681d53c6b77d52363f2f295",
              "status": "affected",
              "version": "3b2dec2603d5b06ad3af71c1164ca0b92df3d2a8",
              "versionType": "git"
            },
            {
              "lessThan": "673d606683ac70bc074ca6676b938bff18635226",
              "status": "affected",
              "version": "3b2dec2603d5b06ad3af71c1164ca0b92df3d2a8",
              "versionType": "git"
            },
            {
              "lessThan": "6f0ae06a234a78ae137064f2c89135ac078a00eb",
              "status": "affected",
              "version": "3b2dec2603d5b06ad3af71c1164ca0b92df3d2a8",
              "versionType": "git"
            },
            {
              "lessThan": "2c7f14ed9c19ec0f149479d1c2842ec1f9bf76d7",
              "status": "affected",
              "version": "3b2dec2603d5b06ad3af71c1164ca0b92df3d2a8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/smc/af_smc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.18"
            },
            {
              "lessThan": "4.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix LGR and link use-after-free issue\n\nWe encountered a LGR/link use-after-free issue, which manifested as\nthe LGR/link refcnt reaching 0 early and entering the clear process,\nmaking resource access unsafe.\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 14 PID: 107447 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x140\n Workqueue: events smc_lgr_terminate_work [smc]\n Call trace:\n  refcount_warn_saturate+0x9c/0x140\n  __smc_lgr_terminate.part.45+0x2a8/0x370 [smc]\n  smc_lgr_terminate_work+0x28/0x30 [smc]\n  process_one_work+0x1b8/0x420\n  worker_thread+0x158/0x510\n  kthread+0x114/0x118\n\nor\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 6 PID: 93140 at lib/refcount.c:28 refcount_warn_saturate+0xf0/0x140\n Workqueue: smc_hs_wq smc_listen_work [smc]\n Call trace:\n  refcount_warn_saturate+0xf0/0x140\n  smcr_link_put+0x1cc/0x1d8 [smc]\n  smc_conn_free+0x110/0x1b0 [smc]\n  smc_conn_abort+0x50/0x60 [smc]\n  smc_listen_find_device+0x75c/0x790 [smc]\n  smc_listen_work+0x368/0x8a0 [smc]\n  process_one_work+0x1b8/0x420\n  worker_thread+0x158/0x510\n  kthread+0x114/0x118\n\nIt is caused by repeated release of LGR/link refcnt. One suspect is that\nsmc_conn_free() is called repeatedly because some smc_conn_free() from\nserver listening path are not protected by sock lock.\n\ne.g.\n\nCalls under socklock        | smc_listen_work\n-------------------------------------------------------\nlock_sock(sk)               | smc_conn_abort\nsmc_conn_free               | \\- smc_conn_free\n\\- smcr_link_put            |    \\- smcr_link_put (duplicated)\nrelease_sock(sk)\n\nSo here add sock lock protection in smc_listen_work() path, making it\nexclusive with other connection operations."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:00:47.260Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f502a88fdd415647a1f2dc45fac71b9c522a052b"
        },
        {
          "url": "https://git.kernel.org/stable/c/0cf598548a6c36d90681d53c6b77d52363f2f295"
        },
        {
          "url": "https://git.kernel.org/stable/c/673d606683ac70bc074ca6676b938bff18635226"
        },
        {
          "url": "https://git.kernel.org/stable/c/6f0ae06a234a78ae137064f2c89135ac078a00eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/2c7f14ed9c19ec0f149479d1c2842ec1f9bf76d7"
        }
      ],
      "title": "net/smc: fix LGR and link use-after-free issue",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56640",
    "datePublished": "2024-12-27T15:02:42.253Z",
    "dateReserved": "2024-12-27T15:00:39.839Z",
    "dateUpdated": "2025-11-03T20:51:40.000Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-52332 (GCVE-0-2024-52332)

Vulnerability from cvelistv5 – Published: 2025-01-11 12:25 – Updated: 2025-11-03 20:45

Title

igb: Fix potential invalid memory access in igb_init_module()

Summary

In the Linux kernel, the following vulnerability has been resolved: igb: Fix potential invalid memory access in igb_init_module() The pci_register_driver() can fail and when this happened, the dca_notifier needs to be unregistered, otherwise the dca_notifier can be called when igb fails to install, resulting to invalid memory access.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4458046617dfadc35…
	https://git.kernel.org/stable/c/e0155b1b1509d0ef4…
	https://git.kernel.org/stable/c/4fe517643f529e805…
	https://git.kernel.org/stable/c/8009cdcc493fa30d4…
	https://git.kernel.org/stable/c/f309733a8c9da7d42…
	https://git.kernel.org/stable/c/992fd34122de377b4…
	https://git.kernel.org/stable/c/0566f83d206c7a864…

Impacted products

Vendor

Product

Version

Linux

Affected: bbd98fe48a43464b4a044bc4cbeefad284d6aa80 , < 4458046617dfadc351162dbaea1945c57eebdf36 (git)
Affected: bbd98fe48a43464b4a044bc4cbeefad284d6aa80 , < e0155b1b1509d0ef4799bd1cd73309ca466df3f3 (git)
Affected: bbd98fe48a43464b4a044bc4cbeefad284d6aa80 , < 4fe517643f529e805bb6b890a4331c100e8f2484 (git)
Affected: bbd98fe48a43464b4a044bc4cbeefad284d6aa80 , < 8009cdcc493fa30d4572016daf2d6999da4d6c54 (git)
Affected: bbd98fe48a43464b4a044bc4cbeefad284d6aa80 , < f309733a8c9da7d4266a8a3755020b738a570cae (git)
Affected: bbd98fe48a43464b4a044bc4cbeefad284d6aa80 , < 992fd34122de377b45cb75b64fc7f17fc1e6ed2f (git)
Affected: bbd98fe48a43464b4a044bc4cbeefad284d6aa80 , < 0566f83d206c7a864abcd741fe39d6e0ae5eef29 (git)

Linux

Affected: 2.6.29
Unaffected: 0 , < 2.6.29 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:45:31.870Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/igb/igb_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4458046617dfadc351162dbaea1945c57eebdf36",
              "status": "affected",
              "version": "bbd98fe48a43464b4a044bc4cbeefad284d6aa80",
              "versionType": "git"
            },
            {
              "lessThan": "e0155b1b1509d0ef4799bd1cd73309ca466df3f3",
              "status": "affected",
              "version": "bbd98fe48a43464b4a044bc4cbeefad284d6aa80",
              "versionType": "git"
            },
            {
              "lessThan": "4fe517643f529e805bb6b890a4331c100e8f2484",
              "status": "affected",
              "version": "bbd98fe48a43464b4a044bc4cbeefad284d6aa80",
              "versionType": "git"
            },
            {
              "lessThan": "8009cdcc493fa30d4572016daf2d6999da4d6c54",
              "status": "affected",
              "version": "bbd98fe48a43464b4a044bc4cbeefad284d6aa80",
              "versionType": "git"
            },
            {
              "lessThan": "f309733a8c9da7d4266a8a3755020b738a570cae",
              "status": "affected",
              "version": "bbd98fe48a43464b4a044bc4cbeefad284d6aa80",
              "versionType": "git"
            },
            {
              "lessThan": "992fd34122de377b45cb75b64fc7f17fc1e6ed2f",
              "status": "affected",
              "version": "bbd98fe48a43464b4a044bc4cbeefad284d6aa80",
              "versionType": "git"
            },
            {
              "lessThan": "0566f83d206c7a864abcd741fe39d6e0ae5eef29",
              "status": "affected",
              "version": "bbd98fe48a43464b4a044bc4cbeefad284d6aa80",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/igb/igb_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.29"
            },
            {
              "lessThan": "2.6.29",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Fix potential invalid memory access in igb_init_module()\n\nThe pci_register_driver() can fail and when this happened, the dca_notifier\nneeds to be unregistered, otherwise the dca_notifier can be called when\nigb fails to install, resulting to invalid memory access."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:51:22.265Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4458046617dfadc351162dbaea1945c57eebdf36"
        },
        {
          "url": "https://git.kernel.org/stable/c/e0155b1b1509d0ef4799bd1cd73309ca466df3f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/4fe517643f529e805bb6b890a4331c100e8f2484"
        },
        {
          "url": "https://git.kernel.org/stable/c/8009cdcc493fa30d4572016daf2d6999da4d6c54"
        },
        {
          "url": "https://git.kernel.org/stable/c/f309733a8c9da7d4266a8a3755020b738a570cae"
        },
        {
          "url": "https://git.kernel.org/stable/c/992fd34122de377b45cb75b64fc7f17fc1e6ed2f"
        },
        {
          "url": "https://git.kernel.org/stable/c/0566f83d206c7a864abcd741fe39d6e0ae5eef29"
        }
      ],
      "title": "igb: Fix potential invalid memory access in igb_init_module()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-52332",
    "datePublished": "2025-01-11T12:25:21.014Z",
    "dateReserved": "2025-01-09T09:50:31.799Z",
    "dateUpdated": "2025-11-03T20:45:31.870Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56595 (GCVE-0-2024-56595)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:51 – Updated: 2026-01-05 10:55

Title

jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree

Summary

In the Linux kernel, the following vulnerability has been resolved: jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree When the value of lp is 0 at the beginning of the for loop, it will become negative in the next assignment and we should bail out.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-129 - Improper Validation of Array Index

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b15000bcbecf27e0f…
	https://git.kernel.org/stable/c/368a533152220b0a6…
	https://git.kernel.org/stable/c/a3d408870bc19b794…
	https://git.kernel.org/stable/c/491487eeddccc4bb4…
	https://git.kernel.org/stable/c/3b5d21b56c3774bc8…
	https://git.kernel.org/stable/c/8a4311bbde702362f…
	https://git.kernel.org/stable/c/a174706ba4dad895c…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b15000bcbecf27e0f7c0f149a409e5b865e28ca2 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 368a533152220b0a6f1142327d96c6b6361f3002 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a3d408870bc19b794646871bc4c3a5daa66f91c5 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 491487eeddccc4bb49f2e59d8c8f35bec89c15ca (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3b5d21b56c3774bc84eab0a93aaac22a4475e2c4 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8a4311bbde702362fe7412045d06ab6767235dac (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a174706ba4dad895c40b1d2277bade16dfacdcd9 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56595",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:01:35.642931Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-129",
                "description": "CWE-129 Improper Validation of Array Index",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:14.184Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:50:23.828Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/jfs_dmap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b15000bcbecf27e0f7c0f149a409e5b865e28ca2",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "368a533152220b0a6f1142327d96c6b6361f3002",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a3d408870bc19b794646871bc4c3a5daa66f91c5",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "491487eeddccc4bb49f2e59d8c8f35bec89c15ca",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3b5d21b56c3774bc84eab0a93aaac22a4475e2c4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8a4311bbde702362fe7412045d06ab6767235dac",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a174706ba4dad895c40b1d2277bade16dfacdcd9",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/jfs_dmap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add a check to prevent array-index-out-of-bounds in dbAdjTree\n\nWhen the value of lp is 0 at the beginning of the for loop, it will\nbecome negative in the next assignment and we should bail out."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:55:57.569Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b15000bcbecf27e0f7c0f149a409e5b865e28ca2"
        },
        {
          "url": "https://git.kernel.org/stable/c/368a533152220b0a6f1142327d96c6b6361f3002"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3d408870bc19b794646871bc4c3a5daa66f91c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/491487eeddccc4bb49f2e59d8c8f35bec89c15ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/3b5d21b56c3774bc84eab0a93aaac22a4475e2c4"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a4311bbde702362fe7412045d06ab6767235dac"
        },
        {
          "url": "https://git.kernel.org/stable/c/a174706ba4dad895c40b1d2277bade16dfacdcd9"
        }
      ],
      "title": "jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56595",
    "datePublished": "2024-12-27T14:51:02.371Z",
    "dateReserved": "2024-12-27T14:03:06.010Z",
    "dateUpdated": "2026-01-05T10:55:57.569Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21687 (GCVE-0-2025-21687)

Vulnerability from cvelistv5 – Published: 2025-02-10 15:58 – Updated: 2025-11-03 20:59

Title

vfio/platform: check the bounds of read/write syscalls

Summary

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: check the bounds of read/write syscalls count and offset are passed from user space and not checked, only offset is capped to 40 bits, which can be used to read/write out of bounds of the device.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f21636f24b6786c8b…
	https://git.kernel.org/stable/c/9377cdc118cf32724…
	https://git.kernel.org/stable/c/d19a8650fd3d7aed8…
	https://git.kernel.org/stable/c/ed81d82bb6e9df3a1…
	https://git.kernel.org/stable/c/92340e6c5122d823a…
	https://git.kernel.org/stable/c/f65ce06387f8c1fb5…
	https://git.kernel.org/stable/c/6bcb8a5b70b80143d…
	https://git.kernel.org/stable/c/1485932496a1b0252…
	https://git.kernel.org/stable/c/c981c32c38af80737…
	https://git.kernel.org/stable/c/a20fcaa230f747245…
	https://git.kernel.org/stable/c/665cfd1083866f873…
	https://git.kernel.org/stable/c/ce9ff21ea89d191e4…

Impacted products

Vendor

Product

Version

Linux

Affected: 6e3f264560099869f68830cb14b3b3e71e5ac76a , < f21636f24b6786c8b13f1af4319fa75ffcf17f38 (git)
Affected: 6e3f264560099869f68830cb14b3b3e71e5ac76a , < 9377cdc118cf327248f1a9dde7b87de067681dc9 (git)
Affected: 6e3f264560099869f68830cb14b3b3e71e5ac76a , < d19a8650fd3d7aed8d1af1d9a77f979a8430eba1 (git)
Affected: 6e3f264560099869f68830cb14b3b3e71e5ac76a , < ed81d82bb6e9df3a137f2c343ed689e6c68268ef (git)
Affected: 6e3f264560099869f68830cb14b3b3e71e5ac76a , < 92340e6c5122d823ad064984ef7513eba9204048 (git)
Affected: 6e3f264560099869f68830cb14b3b3e71e5ac76a , < f65ce06387f8c1fb54bd59e18a8428248ec68eaf (git)
Affected: 6e3f264560099869f68830cb14b3b3e71e5ac76a , < 6bcb8a5b70b80143db9bf12dfa7d53636f824d53 (git)
Affected: 6e3f264560099869f68830cb14b3b3e71e5ac76a , < 1485932496a1b025235af8aa1e21988d6b7ccd54 (git)
Affected: 6e3f264560099869f68830cb14b3b3e71e5ac76a , < c981c32c38af80737a2fedc16e270546d139ccdd (git)
Affected: 6e3f264560099869f68830cb14b3b3e71e5ac76a , < a20fcaa230f7472456d12cf761ed13938e320ac3 (git)
Affected: 6e3f264560099869f68830cb14b3b3e71e5ac76a , < 665cfd1083866f87301bbd232cb8ba48dcf4acce (git)
Affected: 6e3f264560099869f68830cb14b3b3e71e5ac76a , < ce9ff21ea89d191e477a02ad7eabf4f996b80a69 (git)

Linux

Affected: 4.1
Unaffected: 0 , < 4.1 (semver)
Unaffected: 5.4.290 , ≤ 5.4.* (semver)
Unaffected: 5.4.291 , ≤ 5.4.* (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.10.235 , ≤ 5.10.* (semver)
Unaffected: 5.15.178 , ≤ 5.15.* (semver)
Unaffected: 5.15.179 , ≤ 5.15.* (semver)
Unaffected: 6.1.128 , ≤ 6.1.* (semver)
Unaffected: 6.1.129 , ≤ 6.1.* (semver)
Unaffected: 6.6.75 , ≤ 6.6.* (semver)
Unaffected: 6.12.12 , ≤ 6.12.* (semver)
Unaffected: 6.13.1 , ≤ 6.13.* (semver)
Unaffected: 6.14 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:59:05.163Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/vfio/platform/vfio_platform_common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f21636f24b6786c8b13f1af4319fa75ffcf17f38",
              "status": "affected",
              "version": "6e3f264560099869f68830cb14b3b3e71e5ac76a",
              "versionType": "git"
            },
            {
              "lessThan": "9377cdc118cf327248f1a9dde7b87de067681dc9",
              "status": "affected",
              "version": "6e3f264560099869f68830cb14b3b3e71e5ac76a",
              "versionType": "git"
            },
            {
              "lessThan": "d19a8650fd3d7aed8d1af1d9a77f979a8430eba1",
              "status": "affected",
              "version": "6e3f264560099869f68830cb14b3b3e71e5ac76a",
              "versionType": "git"
            },
            {
              "lessThan": "ed81d82bb6e9df3a137f2c343ed689e6c68268ef",
              "status": "affected",
              "version": "6e3f264560099869f68830cb14b3b3e71e5ac76a",
              "versionType": "git"
            },
            {
              "lessThan": "92340e6c5122d823ad064984ef7513eba9204048",
              "status": "affected",
              "version": "6e3f264560099869f68830cb14b3b3e71e5ac76a",
              "versionType": "git"
            },
            {
              "lessThan": "f65ce06387f8c1fb54bd59e18a8428248ec68eaf",
              "status": "affected",
              "version": "6e3f264560099869f68830cb14b3b3e71e5ac76a",
              "versionType": "git"
            },
            {
              "lessThan": "6bcb8a5b70b80143db9bf12dfa7d53636f824d53",
              "status": "affected",
              "version": "6e3f264560099869f68830cb14b3b3e71e5ac76a",
              "versionType": "git"
            },
            {
              "lessThan": "1485932496a1b025235af8aa1e21988d6b7ccd54",
              "status": "affected",
              "version": "6e3f264560099869f68830cb14b3b3e71e5ac76a",
              "versionType": "git"
            },
            {
              "lessThan": "c981c32c38af80737a2fedc16e270546d139ccdd",
              "status": "affected",
              "version": "6e3f264560099869f68830cb14b3b3e71e5ac76a",
              "versionType": "git"
            },
            {
              "lessThan": "a20fcaa230f7472456d12cf761ed13938e320ac3",
              "status": "affected",
              "version": "6e3f264560099869f68830cb14b3b3e71e5ac76a",
              "versionType": "git"
            },
            {
              "lessThan": "665cfd1083866f87301bbd232cb8ba48dcf4acce",
              "status": "affected",
              "version": "6e3f264560099869f68830cb14b3b3e71e5ac76a",
              "versionType": "git"
            },
            {
              "lessThan": "ce9ff21ea89d191e477a02ad7eabf4f996b80a69",
              "status": "affected",
              "version": "6e3f264560099869f68830cb14b3b3e71e5ac76a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/vfio/platform/vfio_platform_common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.290",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.291",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.178",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.179",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.129",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.290",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.291",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.235",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.178",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.179",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.128",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.129",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.75",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.12",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.1",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: check the bounds of read/write syscalls\n\ncount and offset are passed from user space and not checked, only\noffset is capped to 40 bits, which can be used to read/write out of\nbounds of the device."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:19:03.532Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f21636f24b6786c8b13f1af4319fa75ffcf17f38"
        },
        {
          "url": "https://git.kernel.org/stable/c/9377cdc118cf327248f1a9dde7b87de067681dc9"
        },
        {
          "url": "https://git.kernel.org/stable/c/d19a8650fd3d7aed8d1af1d9a77f979a8430eba1"
        },
        {
          "url": "https://git.kernel.org/stable/c/ed81d82bb6e9df3a137f2c343ed689e6c68268ef"
        },
        {
          "url": "https://git.kernel.org/stable/c/92340e6c5122d823ad064984ef7513eba9204048"
        },
        {
          "url": "https://git.kernel.org/stable/c/f65ce06387f8c1fb54bd59e18a8428248ec68eaf"
        },
        {
          "url": "https://git.kernel.org/stable/c/6bcb8a5b70b80143db9bf12dfa7d53636f824d53"
        },
        {
          "url": "https://git.kernel.org/stable/c/1485932496a1b025235af8aa1e21988d6b7ccd54"
        },
        {
          "url": "https://git.kernel.org/stable/c/c981c32c38af80737a2fedc16e270546d139ccdd"
        },
        {
          "url": "https://git.kernel.org/stable/c/a20fcaa230f7472456d12cf761ed13938e320ac3"
        },
        {
          "url": "https://git.kernel.org/stable/c/665cfd1083866f87301bbd232cb8ba48dcf4acce"
        },
        {
          "url": "https://git.kernel.org/stable/c/ce9ff21ea89d191e477a02ad7eabf4f996b80a69"
        }
      ],
      "title": "vfio/platform: check the bounds of read/write syscalls",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21687",
    "datePublished": "2025-02-10T15:58:43.944Z",
    "dateReserved": "2024-12-29T08:45:45.741Z",
    "dateUpdated": "2025-11-03T20:59:05.163Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53156 (GCVE-0-2024-53156)

Vulnerability from cvelistv5 – Published: 2024-12-24 11:28 – Updated: 2025-11-03 20:46

Title

wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc_hst.c:26:51 index 255 is out of range for type 'htc_endpoint [22]' CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-dirty #14 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: events request_firmware_work_func Call Trace: <TASK> dump_stack_lvl+0x180/0x1b0 __ubsan_handle_out_of_bounds+0xd4/0x130 htc_issue_send.constprop.0+0x20c/0x230 ? _raw_spin_unlock_irqrestore+0x3c/0x70 ath9k_wmi_cmd+0x41d/0x610 ? mark_held_locks+0x9f/0xe0 ... Since this bug has been confirmed to be caused by insufficient verification of conn_rsp_epid, I think it would be appropriate to add a range check for conn_rsp_epid to htc_connect_service() to prevent the bug from occurring.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-129 - Improper Validation of Array Index

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5f177fb9d01355ac1…
	https://git.kernel.org/stable/c/cb480ae80fd4d0f1a…
	https://git.kernel.org/stable/c/c941af142200d975d…
	https://git.kernel.org/stable/c/8965db7fe2e913ee0…
	https://git.kernel.org/stable/c/70eae50d2156cb6e0…
	https://git.kernel.org/stable/c/b6551479daf2bfa80…
	https://git.kernel.org/stable/c/3fe99b9690b99606d…
	https://git.kernel.org/stable/c/bc981179ab5d1a271…
	https://git.kernel.org/stable/c/8619593634cbdf5ab…

Impacted products

Vendor

Product

Version

Linux

Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < 5f177fb9d01355ac183e65ad8909ea8ef734e0cf (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < cb480ae80fd4d0f1ac9e107ce799183beee5124b (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < c941af142200d975dd3be632aeb490f4cb91dae4 (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < 8965db7fe2e913ee0802b05fc94c6d6aa74e0596 (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < 70eae50d2156cb6e078d0d78809b49bf2f4c7540 (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < b6551479daf2bfa80bfd5d9016b02a810e508bfb (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < 3fe99b9690b99606d3743c9961ebee865cfa1ab8 (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < bc981179ab5d1a2715f35e3db4e4bb822bacc849 (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < 8619593634cbdf5abf43f5714df49b04e4ef09ab (git)

Linux

Affected: 2.6.35
Unaffected: 0 , < 2.6.35 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-53156",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:09:36.136027Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-129",
                "description": "CWE-129 Improper Validation of Array Index",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:17:08.690Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:46:44.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath9k/htc_hst.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5f177fb9d01355ac183e65ad8909ea8ef734e0cf",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "cb480ae80fd4d0f1ac9e107ce799183beee5124b",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "c941af142200d975dd3be632aeb490f4cb91dae4",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "8965db7fe2e913ee0802b05fc94c6d6aa74e0596",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "70eae50d2156cb6e078d0d78809b49bf2f4c7540",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "b6551479daf2bfa80bfd5d9016b02a810e508bfb",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "3fe99b9690b99606d3743c9961ebee865cfa1ab8",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "bc981179ab5d1a2715f35e3db4e4bb822bacc849",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "8619593634cbdf5abf43f5714df49b04e4ef09ab",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath9k/htc_hst.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.35"
            },
            {
              "lessThan": "2.6.35",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()\n\nI found the following bug in my fuzzer:\n\n  UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc_hst.c:26:51\n  index 255 is out of range for type \u0027htc_endpoint [22]\u0027\n  CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-dirty #14\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n  Workqueue: events request_firmware_work_func\n  Call Trace:\n   \u003cTASK\u003e\n   dump_stack_lvl+0x180/0x1b0\n   __ubsan_handle_out_of_bounds+0xd4/0x130\n   htc_issue_send.constprop.0+0x20c/0x230\n   ? _raw_spin_unlock_irqrestore+0x3c/0x70\n   ath9k_wmi_cmd+0x41d/0x610\n   ? mark_held_locks+0x9f/0xe0\n   ...\n\nSince this bug has been confirmed to be caused by insufficient verification\nof conn_rsp_epid, I think it would be appropriate to add a range check for\nconn_rsp_epid to htc_connect_service() to prevent the bug from occurring."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:54:28.709Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5f177fb9d01355ac183e65ad8909ea8ef734e0cf"
        },
        {
          "url": "https://git.kernel.org/stable/c/cb480ae80fd4d0f1ac9e107ce799183beee5124b"
        },
        {
          "url": "https://git.kernel.org/stable/c/c941af142200d975dd3be632aeb490f4cb91dae4"
        },
        {
          "url": "https://git.kernel.org/stable/c/8965db7fe2e913ee0802b05fc94c6d6aa74e0596"
        },
        {
          "url": "https://git.kernel.org/stable/c/70eae50d2156cb6e078d0d78809b49bf2f4c7540"
        },
        {
          "url": "https://git.kernel.org/stable/c/b6551479daf2bfa80bfd5d9016b02a810e508bfb"
        },
        {
          "url": "https://git.kernel.org/stable/c/3fe99b9690b99606d3743c9961ebee865cfa1ab8"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc981179ab5d1a2715f35e3db4e4bb822bacc849"
        },
        {
          "url": "https://git.kernel.org/stable/c/8619593634cbdf5abf43f5714df49b04e4ef09ab"
        }
      ],
      "title": "wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53156",
    "datePublished": "2024-12-24T11:28:55.275Z",
    "dateReserved": "2024-11-19T17:17:25.001Z",
    "dateUpdated": "2025-11-03T20:46:44.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56558 (GCVE-0-2024-56558)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:23 – Updated: 2025-11-03 20:49

Title

nfsd: make sure exp active before svc_export_show

Summary

In the Linux kernel, the following vulnerability has been resolved: nfsd: make sure exp active before svc_export_show The function `e_show` was called with protection from RCU. This only ensures that `exp` will not be freed. Therefore, the reference count for `exp` can drop to zero, which will trigger a refcount use-after-free warning when `exp_get` is called. To resolve this issue, use `cache_get_rcu` to ensure that `exp` remains active. ------------[ cut here ]------------ refcount_t: addition on 0; use-after-free. WARNING: CPU: 3 PID: 819 at lib/refcount.c:25 refcount_warn_saturate+0xb1/0x120 CPU: 3 UID: 0 PID: 819 Comm: cat Not tainted 6.12.0-rc3+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 RIP: 0010:refcount_warn_saturate+0xb1/0x120 ... Call Trace: <TASK> e_show+0x20b/0x230 [nfsd] seq_read_iter+0x589/0x770 seq_read+0x1e5/0x270 vfs_read+0x125/0x530 ksys_read+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e2fa0d0e327279a8d…
	https://git.kernel.org/stable/c/7fd29d284b55c2274…
	https://git.kernel.org/stable/c/6cefcadd34e3c71c8…
	https://git.kernel.org/stable/c/7d8f7816bebcd2e74…
	https://git.kernel.org/stable/c/1cecfdbc6bfc89c51…
	https://git.kernel.org/stable/c/7365d1f8de63cffdb…
	https://git.kernel.org/stable/c/be8f982c369c965fa…

Impacted products

Vendor

Product

Version

Linux

Affected: bf18f163e89c52e09c96534db45c4274273a0b34 , < e2fa0d0e327279a8defb87b263cd0bf288fd9261 (git)
Affected: bf18f163e89c52e09c96534db45c4274273a0b34 , < 7fd29d284b55c2274f7a748e6c5f25b4758b8da5 (git)
Affected: bf18f163e89c52e09c96534db45c4274273a0b34 , < 6cefcadd34e3c71c81ea64b899a0daa86314a51a (git)
Affected: bf18f163e89c52e09c96534db45c4274273a0b34 , < 7d8f7816bebcd2e7400bb4d786eccb8f33c9f9ec (git)
Affected: bf18f163e89c52e09c96534db45c4274273a0b34 , < 1cecfdbc6bfc89c516d286884c7f29267b95de2b (git)
Affected: bf18f163e89c52e09c96534db45c4274273a0b34 , < 7365d1f8de63cffdbbaa2287ce0205438e1a922f (git)
Affected: bf18f163e89c52e09c96534db45c4274273a0b34 , < be8f982c369c965faffa198b46060f8853e0f1f0 (git)

Linux

Affected: 3.17
Unaffected: 0 , < 3.17 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.12.4 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56558",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T15:42:49.247633Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T15:45:24.949Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:49:29.154Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/export.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e2fa0d0e327279a8defb87b263cd0bf288fd9261",
              "status": "affected",
              "version": "bf18f163e89c52e09c96534db45c4274273a0b34",
              "versionType": "git"
            },
            {
              "lessThan": "7fd29d284b55c2274f7a748e6c5f25b4758b8da5",
              "status": "affected",
              "version": "bf18f163e89c52e09c96534db45c4274273a0b34",
              "versionType": "git"
            },
            {
              "lessThan": "6cefcadd34e3c71c81ea64b899a0daa86314a51a",
              "status": "affected",
              "version": "bf18f163e89c52e09c96534db45c4274273a0b34",
              "versionType": "git"
            },
            {
              "lessThan": "7d8f7816bebcd2e7400bb4d786eccb8f33c9f9ec",
              "status": "affected",
              "version": "bf18f163e89c52e09c96534db45c4274273a0b34",
              "versionType": "git"
            },
            {
              "lessThan": "1cecfdbc6bfc89c516d286884c7f29267b95de2b",
              "status": "affected",
              "version": "bf18f163e89c52e09c96534db45c4274273a0b34",
              "versionType": "git"
            },
            {
              "lessThan": "7365d1f8de63cffdbbaa2287ce0205438e1a922f",
              "status": "affected",
              "version": "bf18f163e89c52e09c96534db45c4274273a0b34",
              "versionType": "git"
            },
            {
              "lessThan": "be8f982c369c965faffa198b46060f8853e0f1f0",
              "status": "affected",
              "version": "bf18f163e89c52e09c96534db45c4274273a0b34",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/export.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.17"
            },
            {
              "lessThan": "3.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.4",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: make sure exp active before svc_export_show\n\nThe function `e_show` was called with protection from RCU. This only\nensures that `exp` will not be freed. Therefore, the reference count for\n`exp` can drop to zero, which will trigger a refcount use-after-free\nwarning when `exp_get` is called. To resolve this issue, use\n`cache_get_rcu` to ensure that `exp` remains active.\n\n------------[ cut here ]------------\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 3 PID: 819 at lib/refcount.c:25\nrefcount_warn_saturate+0xb1/0x120\nCPU: 3 UID: 0 PID: 819 Comm: cat Not tainted 6.12.0-rc3+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xb1/0x120\n...\nCall Trace:\n \u003cTASK\u003e\n e_show+0x20b/0x230 [nfsd]\n seq_read_iter+0x589/0x770\n seq_read+0x1e5/0x270\n vfs_read+0x125/0x530\n ksys_read+0xc1/0x160\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:58:18.903Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e2fa0d0e327279a8defb87b263cd0bf288fd9261"
        },
        {
          "url": "https://git.kernel.org/stable/c/7fd29d284b55c2274f7a748e6c5f25b4758b8da5"
        },
        {
          "url": "https://git.kernel.org/stable/c/6cefcadd34e3c71c81ea64b899a0daa86314a51a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7d8f7816bebcd2e7400bb4d786eccb8f33c9f9ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/1cecfdbc6bfc89c516d286884c7f29267b95de2b"
        },
        {
          "url": "https://git.kernel.org/stable/c/7365d1f8de63cffdbbaa2287ce0205438e1a922f"
        },
        {
          "url": "https://git.kernel.org/stable/c/be8f982c369c965faffa198b46060f8853e0f1f0"
        }
      ],
      "title": "nfsd: make sure exp active before svc_export_show",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56558",
    "datePublished": "2024-12-27T14:23:03.902Z",
    "dateReserved": "2024-12-27T14:03:05.992Z",
    "dateUpdated": "2025-11-03T20:49:29.154Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56746 (GCVE-0-2024-56746)

Vulnerability from cvelistv5 – Published: 2024-12-29 11:30 – Updated: 2025-11-03 20:53

Title

fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()

Summary

In the Linux kernel, the following vulnerability has been resolved: fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() When information such as info->screen_base is not ready, calling sh7760fb_free_mem() does not release memory correctly. Call dma_free_coherent() instead.

Severity ?

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-401 - Missing Release of Memory after Effective Lifetime

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0d3fb3b3e9d66f7b6…
	https://git.kernel.org/stable/c/d48cbfa90dce50603…
	https://git.kernel.org/stable/c/29216bb390e36daee…
	https://git.kernel.org/stable/c/f4fbd70e15fafe36a…
	https://git.kernel.org/stable/c/40f4326ed05a3b353…
	https://git.kernel.org/stable/c/3dd9df8e5f34c6fc4…
	https://git.kernel.org/stable/c/d10cd53e5a7fb3b7c…
	https://git.kernel.org/stable/c/bad37309c8b8bf1cf…
	https://git.kernel.org/stable/c/f89d17ae2ac42931b…

Impacted products

Vendor

Product

Version

Linux

Affected: 4a25e41831ee851c1365d8b41decc22493b18e6d , < 0d3fb3b3e9d66f7b6346e3b90bc0ff48683539ce (git)
Affected: 4a25e41831ee851c1365d8b41decc22493b18e6d , < d48cbfa90dce506030151915fa3346d67f964af4 (git)
Affected: 4a25e41831ee851c1365d8b41decc22493b18e6d , < 29216bb390e36daeebef66abaa02d9751330252b (git)
Affected: 4a25e41831ee851c1365d8b41decc22493b18e6d , < f4fbd70e15fafe36a7583954ce189aaf5536aeec (git)
Affected: 4a25e41831ee851c1365d8b41decc22493b18e6d , < 40f4326ed05a3b3537556ff2a844958b9e779a98 (git)
Affected: 4a25e41831ee851c1365d8b41decc22493b18e6d , < 3dd9df8e5f34c6fc4217a7498c1fb3c352d4afc2 (git)
Affected: 4a25e41831ee851c1365d8b41decc22493b18e6d , < d10cd53e5a7fb3b7c6f83d4d9a5ea1d97a3ed9a5 (git)
Affected: 4a25e41831ee851c1365d8b41decc22493b18e6d , < bad37309c8b8bf1cfc893750df0951a804009ca0 (git)
Affected: 4a25e41831ee851c1365d8b41decc22493b18e6d , < f89d17ae2ac42931be2a0153fecbf8533280c927 (git)

Linux

Affected: 2.6.27
Unaffected: 0 , < 2.6.27 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "LOW",
              "baseScore": 3.3,
              "baseSeverity": "LOW",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56746",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-17T20:10:09.532798Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-401",
                "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-17T20:15:51.862Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:53:35.738Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/sh7760fb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0d3fb3b3e9d66f7b6346e3b90bc0ff48683539ce",
              "status": "affected",
              "version": "4a25e41831ee851c1365d8b41decc22493b18e6d",
              "versionType": "git"
            },
            {
              "lessThan": "d48cbfa90dce506030151915fa3346d67f964af4",
              "status": "affected",
              "version": "4a25e41831ee851c1365d8b41decc22493b18e6d",
              "versionType": "git"
            },
            {
              "lessThan": "29216bb390e36daeebef66abaa02d9751330252b",
              "status": "affected",
              "version": "4a25e41831ee851c1365d8b41decc22493b18e6d",
              "versionType": "git"
            },
            {
              "lessThan": "f4fbd70e15fafe36a7583954ce189aaf5536aeec",
              "status": "affected",
              "version": "4a25e41831ee851c1365d8b41decc22493b18e6d",
              "versionType": "git"
            },
            {
              "lessThan": "40f4326ed05a3b3537556ff2a844958b9e779a98",
              "status": "affected",
              "version": "4a25e41831ee851c1365d8b41decc22493b18e6d",
              "versionType": "git"
            },
            {
              "lessThan": "3dd9df8e5f34c6fc4217a7498c1fb3c352d4afc2",
              "status": "affected",
              "version": "4a25e41831ee851c1365d8b41decc22493b18e6d",
              "versionType": "git"
            },
            {
              "lessThan": "d10cd53e5a7fb3b7c6f83d4d9a5ea1d97a3ed9a5",
              "status": "affected",
              "version": "4a25e41831ee851c1365d8b41decc22493b18e6d",
              "versionType": "git"
            },
            {
              "lessThan": "bad37309c8b8bf1cfc893750df0951a804009ca0",
              "status": "affected",
              "version": "4a25e41831ee851c1365d8b41decc22493b18e6d",
              "versionType": "git"
            },
            {
              "lessThan": "f89d17ae2ac42931be2a0153fecbf8533280c927",
              "status": "affected",
              "version": "4a25e41831ee851c1365d8b41decc22493b18e6d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/sh7760fb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.27"
            },
            {
              "lessThan": "2.6.27",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()\n\nWhen information such as info-\u003escreen_base is not ready, calling\nsh7760fb_free_mem() does not release memory correctly. Call\ndma_free_coherent() instead."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:03:44.694Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0d3fb3b3e9d66f7b6346e3b90bc0ff48683539ce"
        },
        {
          "url": "https://git.kernel.org/stable/c/d48cbfa90dce506030151915fa3346d67f964af4"
        },
        {
          "url": "https://git.kernel.org/stable/c/29216bb390e36daeebef66abaa02d9751330252b"
        },
        {
          "url": "https://git.kernel.org/stable/c/f4fbd70e15fafe36a7583954ce189aaf5536aeec"
        },
        {
          "url": "https://git.kernel.org/stable/c/40f4326ed05a3b3537556ff2a844958b9e779a98"
        },
        {
          "url": "https://git.kernel.org/stable/c/3dd9df8e5f34c6fc4217a7498c1fb3c352d4afc2"
        },
        {
          "url": "https://git.kernel.org/stable/c/d10cd53e5a7fb3b7c6f83d4d9a5ea1d97a3ed9a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/bad37309c8b8bf1cfc893750df0951a804009ca0"
        },
        {
          "url": "https://git.kernel.org/stable/c/f89d17ae2ac42931be2a0153fecbf8533280c927"
        }
      ],
      "title": "fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56746",
    "datePublished": "2024-12-29T11:30:13.074Z",
    "dateReserved": "2024-12-29T11:26:39.758Z",
    "dateUpdated": "2025-11-03T20:53:35.738Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56724 (GCVE-0-2024-56724)

Vulnerability from cvelistv5 – Published: 2024-12-29 11:30 – Updated: 2025-11-03 20:53

Title

mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device

Summary

In the Linux kernel, the following vulnerability has been resolved: mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has (inherited) flaws. This was unveiled when platform_get_irq() had started WARN() on IRQ 0 that is supposed to be a Linux IRQ number (also known as vIRQ). Rework the driver to respect IRQ domain when creating each MFD device separately, as the domain is not the same for all of them.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b7c7c400de85d915e…
	https://git.kernel.org/stable/c/c472b55cc0bc3df80…
	https://git.kernel.org/stable/c/da498e02c92e6d82d…
	https://git.kernel.org/stable/c/56acf415772ee7e10…
	https://git.kernel.org/stable/c/1b734ad0e33648c39…
	https://git.kernel.org/stable/c/2310f5336f32eac9a…
	https://git.kernel.org/stable/c/5bc6d0da4a32fe34a…
	https://git.kernel.org/stable/c/9b79d59e6b2b515eb…

Impacted products

Vendor

Product

Version

Linux

Affected: 957ae5098185e763b5c06be6c3b4b6e98c048712 , < b7c7c400de85d915e0da7c2c363553a801c47349 (git)
Affected: 957ae5098185e763b5c06be6c3b4b6e98c048712 , < c472b55cc0bc3df805db6a14f50a084884cf18ee (git)
Affected: 957ae5098185e763b5c06be6c3b4b6e98c048712 , < da498e02c92e6d82df8001438dd583b90c570815 (git)
Affected: 957ae5098185e763b5c06be6c3b4b6e98c048712 , < 56acf415772ee7e10e448b371f52b249aa2d0f7b (git)
Affected: 957ae5098185e763b5c06be6c3b4b6e98c048712 , < 1b734ad0e33648c3988c6a37c2ac16c2d63eda06 (git)
Affected: 957ae5098185e763b5c06be6c3b4b6e98c048712 , < 2310f5336f32eac9ada2d59b965d578efe25c4bf (git)
Affected: 957ae5098185e763b5c06be6c3b4b6e98c048712 , < 5bc6d0da4a32fe34a9960de577e0b7de3454de0c (git)
Affected: 957ae5098185e763b5c06be6c3b4b6e98c048712 , < 9b79d59e6b2b515eb9a22bc469ef7b8f0904fc73 (git)

Linux

Affected: 4.10
Unaffected: 0 , < 4.10 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56724",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:58:06.176479Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:05.521Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:53:19.358Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/mfd/intel_soc_pmic_bxtwc.c",
            "drivers/platform/x86/intel/bxtwc_tmu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b7c7c400de85d915e0da7c2c363553a801c47349",
              "status": "affected",
              "version": "957ae5098185e763b5c06be6c3b4b6e98c048712",
              "versionType": "git"
            },
            {
              "lessThan": "c472b55cc0bc3df805db6a14f50a084884cf18ee",
              "status": "affected",
              "version": "957ae5098185e763b5c06be6c3b4b6e98c048712",
              "versionType": "git"
            },
            {
              "lessThan": "da498e02c92e6d82df8001438dd583b90c570815",
              "status": "affected",
              "version": "957ae5098185e763b5c06be6c3b4b6e98c048712",
              "versionType": "git"
            },
            {
              "lessThan": "56acf415772ee7e10e448b371f52b249aa2d0f7b",
              "status": "affected",
              "version": "957ae5098185e763b5c06be6c3b4b6e98c048712",
              "versionType": "git"
            },
            {
              "lessThan": "1b734ad0e33648c3988c6a37c2ac16c2d63eda06",
              "status": "affected",
              "version": "957ae5098185e763b5c06be6c3b4b6e98c048712",
              "versionType": "git"
            },
            {
              "lessThan": "2310f5336f32eac9ada2d59b965d578efe25c4bf",
              "status": "affected",
              "version": "957ae5098185e763b5c06be6c3b4b6e98c048712",
              "versionType": "git"
            },
            {
              "lessThan": "5bc6d0da4a32fe34a9960de577e0b7de3454de0c",
              "status": "affected",
              "version": "957ae5098185e763b5c06be6c3b4b6e98c048712",
              "versionType": "git"
            },
            {
              "lessThan": "9b79d59e6b2b515eb9a22bc469ef7b8f0904fc73",
              "status": "affected",
              "version": "957ae5098185e763b5c06be6c3b4b6e98c048712",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/mfd/intel_soc_pmic_bxtwc.c",
            "drivers/platform/x86/intel/bxtwc_tmu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device\n\nWhile design wise the idea of converting the driver to use\nthe hierarchy of the IRQ chips is correct, the implementation\nhas (inherited) flaws. This was unveiled when platform_get_irq()\nhad started WARN() on IRQ 0 that is supposed to be a Linux\nIRQ number (also known as vIRQ).\n\nRework the driver to respect IRQ domain when creating each MFD\ndevice separately, as the domain is not the same for all of them."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:03:24.976Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b7c7c400de85d915e0da7c2c363553a801c47349"
        },
        {
          "url": "https://git.kernel.org/stable/c/c472b55cc0bc3df805db6a14f50a084884cf18ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/da498e02c92e6d82df8001438dd583b90c570815"
        },
        {
          "url": "https://git.kernel.org/stable/c/56acf415772ee7e10e448b371f52b249aa2d0f7b"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b734ad0e33648c3988c6a37c2ac16c2d63eda06"
        },
        {
          "url": "https://git.kernel.org/stable/c/2310f5336f32eac9ada2d59b965d578efe25c4bf"
        },
        {
          "url": "https://git.kernel.org/stable/c/5bc6d0da4a32fe34a9960de577e0b7de3454de0c"
        },
        {
          "url": "https://git.kernel.org/stable/c/9b79d59e6b2b515eb9a22bc469ef7b8f0904fc73"
        }
      ],
      "title": "mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56724",
    "datePublished": "2024-12-29T11:30:01.641Z",
    "dateReserved": "2024-12-27T15:00:39.859Z",
    "dateUpdated": "2025-11-03T20:53:19.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21665 (GCVE-0-2025-21665)

Vulnerability from cvelistv5 – Published: 2025-01-31 11:25 – Updated: 2025-11-03 20:58

Title

filemap: avoid truncating 64-bit offset to 32 bits

Summary

In the Linux kernel, the following vulnerability has been resolved: filemap: avoid truncating 64-bit offset to 32 bits On 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a 64-bit value to 32 bits, leading to a possible infinite loop when writing to an xfs filesystem.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/64e5fd96330df2ad2…
	https://git.kernel.org/stable/c/80fc836f3ebe2f2d2…
	https://git.kernel.org/stable/c/09528bb1a4123e2a2…
	https://git.kernel.org/stable/c/280f1fb89afc01e73…
	https://git.kernel.org/stable/c/f505e6c91e7a22d10…

Impacted products

Vendor

Product

Version

Linux

Affected: 54fa39ac2e00b1b8c2a7fe72e648773ffa48f76d , < 64e5fd96330df2ad278d1c4edcca581f26e5f76e (git)
Affected: 54fa39ac2e00b1b8c2a7fe72e648773ffa48f76d , < 80fc836f3ebe2f2d2d2c80c698b7667974285a04 (git)
Affected: 54fa39ac2e00b1b8c2a7fe72e648773ffa48f76d , < 09528bb1a4123e2a234eac2bc45a0e51e78dab43 (git)
Affected: 54fa39ac2e00b1b8c2a7fe72e648773ffa48f76d , < 280f1fb89afc01e7376f59ae611d54ca69e9f967 (git)
Affected: 54fa39ac2e00b1b8c2a7fe72e648773ffa48f76d , < f505e6c91e7a22d10316665a86d79f84d9f0ba76 (git)

Linux

Affected: 5.12
Unaffected: 0 , < 5.12 (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.127 , ≤ 6.1.* (semver)
Unaffected: 6.6.74 , ≤ 6.6.* (semver)
Unaffected: 6.12.11 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-21665",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:52:27.434323Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-835",
                "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:12.855Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:58:41.781Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/filemap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "64e5fd96330df2ad278d1c4edcca581f26e5f76e",
              "status": "affected",
              "version": "54fa39ac2e00b1b8c2a7fe72e648773ffa48f76d",
              "versionType": "git"
            },
            {
              "lessThan": "80fc836f3ebe2f2d2d2c80c698b7667974285a04",
              "status": "affected",
              "version": "54fa39ac2e00b1b8c2a7fe72e648773ffa48f76d",
              "versionType": "git"
            },
            {
              "lessThan": "09528bb1a4123e2a234eac2bc45a0e51e78dab43",
              "status": "affected",
              "version": "54fa39ac2e00b1b8c2a7fe72e648773ffa48f76d",
              "versionType": "git"
            },
            {
              "lessThan": "280f1fb89afc01e7376f59ae611d54ca69e9f967",
              "status": "affected",
              "version": "54fa39ac2e00b1b8c2a7fe72e648773ffa48f76d",
              "versionType": "git"
            },
            {
              "lessThan": "f505e6c91e7a22d10316665a86d79f84d9f0ba76",
              "status": "affected",
              "version": "54fa39ac2e00b1b8c2a7fe72e648773ffa48f76d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "mm/filemap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.12"
            },
            {
              "lessThan": "5.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.127",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.74",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.127",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.74",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.11",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilemap: avoid truncating 64-bit offset to 32 bits\n\nOn 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a\n64-bit value to 32 bits, leading to a possible infinite loop when writing\nto an xfs filesystem."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:18:31.947Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/64e5fd96330df2ad278d1c4edcca581f26e5f76e"
        },
        {
          "url": "https://git.kernel.org/stable/c/80fc836f3ebe2f2d2d2c80c698b7667974285a04"
        },
        {
          "url": "https://git.kernel.org/stable/c/09528bb1a4123e2a234eac2bc45a0e51e78dab43"
        },
        {
          "url": "https://git.kernel.org/stable/c/280f1fb89afc01e7376f59ae611d54ca69e9f967"
        },
        {
          "url": "https://git.kernel.org/stable/c/f505e6c91e7a22d10316665a86d79f84d9f0ba76"
        }
      ],
      "title": "filemap: avoid truncating 64-bit offset to 32 bits",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21665",
    "datePublished": "2025-01-31T11:25:30.468Z",
    "dateReserved": "2024-12-29T08:45:45.733Z",
    "dateUpdated": "2025-11-03T20:58:41.781Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-57900 (GCVE-0-2024-57900)

Vulnerability from cvelistv5 – Published: 2025-01-15 13:05 – Updated: 2025-11-03 20:55

Title

ila: serialize calls to nf_register_net_hooks()

Summary

In the Linux kernel, the following vulnerability has been resolved: ila: serialize calls to nf_register_net_hooks() syzbot found a race in ila_add_mapping() [1] commit 031ae72825ce ("ila: call nf_unregister_net_hooks() sooner") attempted to fix a similar issue. Looking at the syzbot repro, we have concurrent ILA_CMD_ADD commands. Add a mutex to make sure at most one thread is calling nf_register_net_hooks(). [1] BUG: KASAN: slab-use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline] BUG: KASAN: slab-use-after-free in __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604 Read of size 4 at addr ffff888028f40008 by task dhcpcd/5501 CPU: 1 UID: 0 PID: 5501 Comm: dhcpcd Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xc3/0x620 mm/kasan/report.c:489 kasan_report+0xd9/0x110 mm/kasan/report.c:602 rht_key_hashfn include/linux/rhashtable.h:159 [inline] __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604 rhashtable_lookup include/linux/rhashtable.h:646 [inline] rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline] ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:127 [inline] ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline] ila_nf_input+0x1ee/0x620 net/ipv6/ila/ila_xlat.c:185 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xbb/0x200 net/netfilter/core.c:626 nf_hook.constprop.0+0x42e/0x750 include/linux/netfilter.h:269 NF_HOOK include/linux/netfilter.h:312 [inline] ipv6_rcv+0xa4/0x680 net/ipv6/ip6_input.c:309 __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5672 __netif_receive_skb+0x1d/0x160 net/core/dev.c:5785 process_backlog+0x443/0x15f0 net/core/dev.c:6117 __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6883 napi_poll net/core/dev.c:6952 [inline] net_rx_action+0xa94/0x1010 net/core/dev.c:7074 handle_softirqs+0x213/0x8f0 kernel/softirq.c:561 __do_softirq kernel/softirq.c:595 [inline] invoke_softirq kernel/softirq.c:435 [inline] __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1638f430f8900f237…
	https://git.kernel.org/stable/c/d3017895e393536b2…
	https://git.kernel.org/stable/c/ad0677c37c14fa289…
	https://git.kernel.org/stable/c/eba25e21dce7ec70e…
	https://git.kernel.org/stable/c/17e8fa894345e8d2c…
	https://git.kernel.org/stable/c/3d1b63cf468e446b9…
	https://git.kernel.org/stable/c/260466b576bca0081…

Impacted products

Vendor

Product

Version

Linux

Affected: 7f00feaf107645d95a6d87e99b4d141ac0a08efd , < 1638f430f8900f2375f5de45508fbe553997e190 (git)
Affected: 7f00feaf107645d95a6d87e99b4d141ac0a08efd , < d3017895e393536b234cf80a83fc463c08a28137 (git)
Affected: 7f00feaf107645d95a6d87e99b4d141ac0a08efd , < ad0677c37c14fa28913daea92d139644d7acf04e (git)
Affected: 7f00feaf107645d95a6d87e99b4d141ac0a08efd , < eba25e21dce7ec70e2b3f121b2f3a25a4ec43eca (git)
Affected: 7f00feaf107645d95a6d87e99b4d141ac0a08efd , < 17e8fa894345e8d2c7a7642482267b275c3d4553 (git)
Affected: 7f00feaf107645d95a6d87e99b4d141ac0a08efd , < 3d1b63cf468e446b9feaf4e4e73182b9cc82f460 (git)
Affected: 7f00feaf107645d95a6d87e99b4d141ac0a08efd , < 260466b576bca0081a7d4acecc8e93687aa22d0e (git)

Linux

Affected: 4.5
Unaffected: 0 , < 4.5 (semver)
Unaffected: 5.4.289 , ≤ 5.4.* (semver)
Unaffected: 5.10.233 , ≤ 5.10.* (semver)
Unaffected: 5.15.176 , ≤ 5.15.* (semver)
Unaffected: 6.1.124 , ≤ 6.1.* (semver)
Unaffected: 6.6.70 , ≤ 6.6.* (semver)
Unaffected: 6.12.9 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-57900",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T13:56:44.602768Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-13T14:04:27.590Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:55:16.236Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ila/ila_xlat.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1638f430f8900f2375f5de45508fbe553997e190",
              "status": "affected",
              "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd",
              "versionType": "git"
            },
            {
              "lessThan": "d3017895e393536b234cf80a83fc463c08a28137",
              "status": "affected",
              "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd",
              "versionType": "git"
            },
            {
              "lessThan": "ad0677c37c14fa28913daea92d139644d7acf04e",
              "status": "affected",
              "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd",
              "versionType": "git"
            },
            {
              "lessThan": "eba25e21dce7ec70e2b3f121b2f3a25a4ec43eca",
              "status": "affected",
              "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd",
              "versionType": "git"
            },
            {
              "lessThan": "17e8fa894345e8d2c7a7642482267b275c3d4553",
              "status": "affected",
              "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd",
              "versionType": "git"
            },
            {
              "lessThan": "3d1b63cf468e446b9feaf4e4e73182b9cc82f460",
              "status": "affected",
              "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd",
              "versionType": "git"
            },
            {
              "lessThan": "260466b576bca0081a7d4acecc8e93687aa22d0e",
              "status": "affected",
              "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ila/ila_xlat.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.5"
            },
            {
              "lessThan": "4.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.289",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.233",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.124",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.70",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.289",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.233",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.176",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.124",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.70",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.9",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: serialize calls to nf_register_net_hooks()\n\nsyzbot found a race in ila_add_mapping() [1]\n\ncommit 031ae72825ce (\"ila: call nf_unregister_net_hooks() sooner\")\nattempted to fix a similar issue.\n\nLooking at the syzbot repro, we have concurrent ILA_CMD_ADD commands.\n\nAdd a mutex to make sure at most one thread is calling nf_register_net_hooks().\n\n[1]\n BUG: KASAN: slab-use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: slab-use-after-free in __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\nRead of size 4 at addr ffff888028f40008 by task dhcpcd/5501\n\nCPU: 1 UID: 0 PID: 5501 Comm: dhcpcd Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n  __dump_stack lib/dump_stack.c:94 [inline]\n  dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n  print_address_description mm/kasan/report.c:378 [inline]\n  print_report+0xc3/0x620 mm/kasan/report.c:489\n  kasan_report+0xd9/0x110 mm/kasan/report.c:602\n  rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n  __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n  rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n  ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:127 [inline]\n  ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n  ila_nf_input+0x1ee/0x620 net/ipv6/ila/ila_xlat.c:185\n  nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n  nf_hook_slow+0xbb/0x200 net/netfilter/core.c:626\n  nf_hook.constprop.0+0x42e/0x750 include/linux/netfilter.h:269\n  NF_HOOK include/linux/netfilter.h:312 [inline]\n  ipv6_rcv+0xa4/0x680 net/ipv6/ip6_input.c:309\n  __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5672\n  __netif_receive_skb+0x1d/0x160 net/core/dev.c:5785\n  process_backlog+0x443/0x15f0 net/core/dev.c:6117\n  __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6883\n  napi_poll net/core/dev.c:6952 [inline]\n  net_rx_action+0xa94/0x1010 net/core/dev.c:7074\n  handle_softirqs+0x213/0x8f0 kernel/softirq.c:561\n  __do_softirq kernel/softirq.c:595 [inline]\n  invoke_softirq kernel/softirq.c:435 [inline]\n  __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662\n  irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n  instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n  sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:06:12.424Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1638f430f8900f2375f5de45508fbe553997e190"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3017895e393536b234cf80a83fc463c08a28137"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad0677c37c14fa28913daea92d139644d7acf04e"
        },
        {
          "url": "https://git.kernel.org/stable/c/eba25e21dce7ec70e2b3f121b2f3a25a4ec43eca"
        },
        {
          "url": "https://git.kernel.org/stable/c/17e8fa894345e8d2c7a7642482267b275c3d4553"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d1b63cf468e446b9feaf4e4e73182b9cc82f460"
        },
        {
          "url": "https://git.kernel.org/stable/c/260466b576bca0081a7d4acecc8e93687aa22d0e"
        }
      ],
      "title": "ila: serialize calls to nf_register_net_hooks()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57900",
    "datePublished": "2025-01-15T13:05:51.798Z",
    "dateReserved": "2025-01-11T14:45:42.030Z",
    "dateUpdated": "2025-11-03T20:55:16.236Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21699 (GCVE-0-2025-21699)

Vulnerability from cvelistv5 – Published: 2025-02-12 13:52 – Updated: 2026-01-02 15:28

Title

gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag

Summary

In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag Truncate an inode's address space when flipping the GFS2_DIF_JDATA flag: depending on that flag, the pages in the address space will either use buffer heads or iomap_folio_state structs, and we cannot mix the two.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8c41abc11aa8438c9…
	https://git.kernel.org/stable/c/4e3ded34f3f3c9d7e…
	https://git.kernel.org/stable/c/2a40a140e11fec699…
	https://git.kernel.org/stable/c/4dd57d1f0e9844311…
	https://git.kernel.org/stable/c/4516febe325342555…
	https://git.kernel.org/stable/c/5bb1fd0855bb0abc7…
	https://git.kernel.org/stable/c/7c9d9223802fbed4d…

Impacted products

Vendor

Product

Version

Linux

Affected: 2164f9b9186962ffb7c687e18ec6f5255525f09d , < 8c41abc11aa8438c9ed2d973f97e66674c0355df (git)
Affected: 2164f9b9186962ffb7c687e18ec6f5255525f09d , < 4e3ded34f3f3c9d7ed2aac7be8cf51153646574a (git)
Affected: 2164f9b9186962ffb7c687e18ec6f5255525f09d , < 2a40a140e11fec699e128170ccaa98b6b82cb503 (git)
Affected: 2164f9b9186962ffb7c687e18ec6f5255525f09d , < 4dd57d1f0e9844311c635a7fb39abce4f2ac5a61 (git)
Affected: 2164f9b9186962ffb7c687e18ec6f5255525f09d , < 4516febe325342555bb09ca5b396fb816d655821 (git)
Affected: 2164f9b9186962ffb7c687e18ec6f5255525f09d , < 5bb1fd0855bb0abc7d97e44758d6ffed7882d2d0 (git)
Affected: 2164f9b9186962ffb7c687e18ec6f5255525f09d , < 7c9d9223802fbed4dee1ae301661bf346964c9d2 (git)

Linux

Affected: 5.10
Unaffected: 0 , < 5.10 (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.178 , ≤ 5.15.* (semver)
Unaffected: 6.1.128 , ≤ 6.1.* (semver)
Unaffected: 6.6.75 , ≤ 6.6.* (semver)
Unaffected: 6.12.12 , ≤ 6.12.* (semver)
Unaffected: 6.13.1 , ≤ 6.13.* (semver)
Unaffected: 6.14 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-21699",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:51:04.949443Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:09.197Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:59:23.304Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/gfs2/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8c41abc11aa8438c9ed2d973f97e66674c0355df",
              "status": "affected",
              "version": "2164f9b9186962ffb7c687e18ec6f5255525f09d",
              "versionType": "git"
            },
            {
              "lessThan": "4e3ded34f3f3c9d7ed2aac7be8cf51153646574a",
              "status": "affected",
              "version": "2164f9b9186962ffb7c687e18ec6f5255525f09d",
              "versionType": "git"
            },
            {
              "lessThan": "2a40a140e11fec699e128170ccaa98b6b82cb503",
              "status": "affected",
              "version": "2164f9b9186962ffb7c687e18ec6f5255525f09d",
              "versionType": "git"
            },
            {
              "lessThan": "4dd57d1f0e9844311c635a7fb39abce4f2ac5a61",
              "status": "affected",
              "version": "2164f9b9186962ffb7c687e18ec6f5255525f09d",
              "versionType": "git"
            },
            {
              "lessThan": "4516febe325342555bb09ca5b396fb816d655821",
              "status": "affected",
              "version": "2164f9b9186962ffb7c687e18ec6f5255525f09d",
              "versionType": "git"
            },
            {
              "lessThan": "5bb1fd0855bb0abc7d97e44758d6ffed7882d2d0",
              "status": "affected",
              "version": "2164f9b9186962ffb7c687e18ec6f5255525f09d",
              "versionType": "git"
            },
            {
              "lessThan": "7c9d9223802fbed4dee1ae301661bf346964c9d2",
              "status": "affected",
              "version": "2164f9b9186962ffb7c687e18ec6f5255525f09d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/gfs2/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.178",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.178",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.128",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.75",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.12",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.1",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n\nTruncate an inode\u0027s address space when flipping the GFS2_DIF_JDATA flag:\ndepending on that flag, the pages in the address space will either use\nbuffer heads or iomap_folio_state structs, and we cannot mix the two."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-02T15:28:27.961Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8c41abc11aa8438c9ed2d973f97e66674c0355df"
        },
        {
          "url": "https://git.kernel.org/stable/c/4e3ded34f3f3c9d7ed2aac7be8cf51153646574a"
        },
        {
          "url": "https://git.kernel.org/stable/c/2a40a140e11fec699e128170ccaa98b6b82cb503"
        },
        {
          "url": "https://git.kernel.org/stable/c/4dd57d1f0e9844311c635a7fb39abce4f2ac5a61"
        },
        {
          "url": "https://git.kernel.org/stable/c/4516febe325342555bb09ca5b396fb816d655821"
        },
        {
          "url": "https://git.kernel.org/stable/c/5bb1fd0855bb0abc7d97e44758d6ffed7882d2d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/7c9d9223802fbed4dee1ae301661bf346964c9d2"
        }
      ],
      "title": "gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21699",
    "datePublished": "2025-02-12T13:52:50.962Z",
    "dateReserved": "2024-12-29T08:45:45.748Z",
    "dateUpdated": "2026-01-02T15:28:27.961Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56694 (GCVE-0-2024-56694)

Vulnerability from cvelistv5 – Published: 2024-12-28 09:46 – Updated: 2025-11-03 20:52

Title

bpf: fix recursive lock when verdict program return SK_PASS

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf: fix recursive lock when verdict program return SK_PASS When the stream_verdict program returns SK_PASS, it places the received skb into its own receive queue, but a recursive lock eventually occurs, leading to an operating system deadlock. This issue has been present since v6.9. ''' sk_psock_strp_data_ready write_lock_bh(&sk->sk_callback_lock) strp_data_ready strp_read_sock read_sock -> tcp_read_sock strp_recv cb.rcv_msg -> sk_psock_strp_read # now stream_verdict return SK_PASS without peer sock assign __SK_PASS = sk_psock_map_verd(SK_PASS, NULL) sk_psock_verdict_apply sk_psock_skb_ingress_self sk_psock_skb_ingress_enqueue sk_psock_data_ready read_lock_bh(&sk->sk_callback_lock) <= dead lock ''' This topic has been discussed before, but it has not been fixed. Previous discussion: https://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/221109ba2127eabd0…
	https://git.kernel.org/stable/c/6694f7acd625ed854…
	https://git.kernel.org/stable/c/386efa339e08563dd…
	https://git.kernel.org/stable/c/da2bc8a0c8f3ac66f…
	https://git.kernel.org/stable/c/01f1b88acfd79103d…
	https://git.kernel.org/stable/c/f84c5ef6ca23cc2f7…
	https://git.kernel.org/stable/c/8ca2a1eeadf098621…

Impacted products

Vendor

Product

Version

Linux

Affected: c0809c128dad4c3413818384eb06a341633db973 , < 221109ba2127eabd0aa64718543638b58b15df56 (git)
Affected: 5965bc7535fb87510b724e5465ccc1a1cf00916d , < 6694f7acd625ed854bf6342926e771d65dad7f69 (git)
Affected: 39dc9e1442385d6e9be0b6491ee488dddd55ae27 , < 386efa339e08563dd33e83bc951aea5d407fe578 (git)
Affected: b397a0ab8582c533ec0c6b732392f141fc364f87 , < da2bc8a0c8f3ac66fdf980fc59936f851a083561 (git)
Affected: 6648e613226e18897231ab5e42ffc29e63fa3365 , < 01f1b88acfd79103da0610b45471f6c88ea98d72 (git)
Affected: 6648e613226e18897231ab5e42ffc29e63fa3365 , < f84c5ef6ca23cc2f72f3b830d74f67944684bb05 (git)
Affected: 6648e613226e18897231ab5e42ffc29e63fa3365 , < 8ca2a1eeadf09862190b2810697702d803ceef2d (git)
Affected: 772d5729b5ff0df0d37b32db600ce635b2172f80 (git)

Linux

Affected: 6.9
Unaffected: 0 , < 6.9 (semver)
Unaffected: 5.10.233 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:52:43.997Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/skmsg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "221109ba2127eabd0aa64718543638b58b15df56",
              "status": "affected",
              "version": "c0809c128dad4c3413818384eb06a341633db973",
              "versionType": "git"
            },
            {
              "lessThan": "6694f7acd625ed854bf6342926e771d65dad7f69",
              "status": "affected",
              "version": "5965bc7535fb87510b724e5465ccc1a1cf00916d",
              "versionType": "git"
            },
            {
              "lessThan": "386efa339e08563dd33e83bc951aea5d407fe578",
              "status": "affected",
              "version": "39dc9e1442385d6e9be0b6491ee488dddd55ae27",
              "versionType": "git"
            },
            {
              "lessThan": "da2bc8a0c8f3ac66fdf980fc59936f851a083561",
              "status": "affected",
              "version": "b397a0ab8582c533ec0c6b732392f141fc364f87",
              "versionType": "git"
            },
            {
              "lessThan": "01f1b88acfd79103da0610b45471f6c88ea98d72",
              "status": "affected",
              "version": "6648e613226e18897231ab5e42ffc29e63fa3365",
              "versionType": "git"
            },
            {
              "lessThan": "f84c5ef6ca23cc2f72f3b830d74f67944684bb05",
              "status": "affected",
              "version": "6648e613226e18897231ab5e42ffc29e63fa3365",
              "versionType": "git"
            },
            {
              "lessThan": "8ca2a1eeadf09862190b2810697702d803ceef2d",
              "status": "affected",
              "version": "6648e613226e18897231ab5e42ffc29e63fa3365",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "772d5729b5ff0df0d37b32db600ce635b2172f80",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/skmsg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.9"
            },
            {
              "lessThan": "6.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.233",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.233",
                  "versionStartIncluding": "5.10.223",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.15.159",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "6.1.91",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "6.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.8.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix recursive lock when verdict program return SK_PASS\n\nWhen the stream_verdict program returns SK_PASS, it places the received skb\ninto its own receive queue, but a recursive lock eventually occurs, leading\nto an operating system deadlock. This issue has been present since v6.9.\n\n\u0027\u0027\u0027\nsk_psock_strp_data_ready\n    write_lock_bh(\u0026sk-\u003esk_callback_lock)\n    strp_data_ready\n      strp_read_sock\n        read_sock -\u003e tcp_read_sock\n          strp_recv\n            cb.rcv_msg -\u003e sk_psock_strp_read\n              # now stream_verdict return SK_PASS without peer sock assign\n              __SK_PASS = sk_psock_map_verd(SK_PASS, NULL)\n              sk_psock_verdict_apply\n                sk_psock_skb_ingress_self\n                  sk_psock_skb_ingress_enqueue\n                    sk_psock_data_ready\n                      read_lock_bh(\u0026sk-\u003esk_callback_lock) \u003c= dead lock\n\n\u0027\u0027\u0027\n\nThis topic has been discussed before, but it has not been fixed.\nPrevious discussion:\nhttps://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-19T12:39:23.772Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/221109ba2127eabd0aa64718543638b58b15df56"
        },
        {
          "url": "https://git.kernel.org/stable/c/6694f7acd625ed854bf6342926e771d65dad7f69"
        },
        {
          "url": "https://git.kernel.org/stable/c/386efa339e08563dd33e83bc951aea5d407fe578"
        },
        {
          "url": "https://git.kernel.org/stable/c/da2bc8a0c8f3ac66fdf980fc59936f851a083561"
        },
        {
          "url": "https://git.kernel.org/stable/c/01f1b88acfd79103da0610b45471f6c88ea98d72"
        },
        {
          "url": "https://git.kernel.org/stable/c/f84c5ef6ca23cc2f72f3b830d74f67944684bb05"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ca2a1eeadf09862190b2810697702d803ceef2d"
        }
      ],
      "title": "bpf: fix recursive lock when verdict program return SK_PASS",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56694",
    "datePublished": "2024-12-28T09:46:18.826Z",
    "dateReserved": "2024-12-27T15:00:39.849Z",
    "dateUpdated": "2025-11-03T20:52:43.997Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56622 (GCVE-0-2024-56622)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:51 – Updated: 2025-11-03 20:51

Title

scsi: ufs: core: sysfs: Prevent div by zero

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: sysfs: Prevent div by zero Prevent a division by 0 when monitoring is not enabled.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-369 - Divide By Zero

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/87bf3ea841a5d77be…
	https://git.kernel.org/stable/c/7b21233e5f72d10f0…
	https://git.kernel.org/stable/c/0069928727c2e95ca…
	https://git.kernel.org/stable/c/9c191055c7abea491…
	https://git.kernel.org/stable/c/eb48e9fc0028bed94…

Impacted products

Vendor

Product

Version

Linux

Affected: 1d8613a23f3c3b8f0101e453ff150e05a0d1cd4f , < 87bf3ea841a5d77beae6bb85af36b2b3848407ee (git)
Affected: 1d8613a23f3c3b8f0101e453ff150e05a0d1cd4f , < 7b21233e5f72d10f08310689f993c1dbdfde9f2c (git)
Affected: 1d8613a23f3c3b8f0101e453ff150e05a0d1cd4f , < 0069928727c2e95ca26c738fbe6e4b241aeaaf08 (git)
Affected: 1d8613a23f3c3b8f0101e453ff150e05a0d1cd4f , < 9c191055c7abea4912fdb83cb9b261732b25a0c8 (git)
Affected: 1d8613a23f3c3b8f0101e453ff150e05a0d1cd4f , < eb48e9fc0028bed94a40a9352d065909f19e333c (git)

Linux

Affected: 5.14
Unaffected: 0 , < 5.14 (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56622",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:00:56.344358Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-369",
                "description": "CWE-369 Divide By Zero",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:12.688Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:51:09.596Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/ufs/core/ufs-sysfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "87bf3ea841a5d77beae6bb85af36b2b3848407ee",
              "status": "affected",
              "version": "1d8613a23f3c3b8f0101e453ff150e05a0d1cd4f",
              "versionType": "git"
            },
            {
              "lessThan": "7b21233e5f72d10f08310689f993c1dbdfde9f2c",
              "status": "affected",
              "version": "1d8613a23f3c3b8f0101e453ff150e05a0d1cd4f",
              "versionType": "git"
            },
            {
              "lessThan": "0069928727c2e95ca26c738fbe6e4b241aeaaf08",
              "status": "affected",
              "version": "1d8613a23f3c3b8f0101e453ff150e05a0d1cd4f",
              "versionType": "git"
            },
            {
              "lessThan": "9c191055c7abea4912fdb83cb9b261732b25a0c8",
              "status": "affected",
              "version": "1d8613a23f3c3b8f0101e453ff150e05a0d1cd4f",
              "versionType": "git"
            },
            {
              "lessThan": "eb48e9fc0028bed94a40a9352d065909f19e333c",
              "status": "affected",
              "version": "1d8613a23f3c3b8f0101e453ff150e05a0d1cd4f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/ufs/core/ufs-sysfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: sysfs: Prevent div by zero\n\nPrevent a division by 0 when monitoring is not enabled."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:00:10.332Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/87bf3ea841a5d77beae6bb85af36b2b3848407ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/7b21233e5f72d10f08310689f993c1dbdfde9f2c"
        },
        {
          "url": "https://git.kernel.org/stable/c/0069928727c2e95ca26c738fbe6e4b241aeaaf08"
        },
        {
          "url": "https://git.kernel.org/stable/c/9c191055c7abea4912fdb83cb9b261732b25a0c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/eb48e9fc0028bed94a40a9352d065909f19e333c"
        }
      ],
      "title": "scsi: ufs: core: sysfs: Prevent div by zero",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56622",
    "datePublished": "2024-12-27T14:51:25.671Z",
    "dateReserved": "2024-12-27T14:03:06.017Z",
    "dateUpdated": "2025-11-03T20:51:09.596Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36476 (GCVE-0-2024-36476)

Vulnerability from cvelistv5 – Published: 2025-01-15 13:10 – Updated: 2025-11-03 20:37

Title

RDMA/rtrs: Ensure 'ib_sge list' is accessible

Summary

In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ib_sge list' is accessible Move the declaration of the 'ib_sge list' variable outside the 'always_invalidate' block to ensure it remains accessible for use throughout the function. Previously, 'ib_sge list' was declared within the 'always_invalidate' block, limiting its accessibility, then caused a 'BUG: kernel NULL pointer dereference'[1]. ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2d0 ? search_module_extables+0x19/0x60 ? search_bpf_extables+0x5f/0x80 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? memcpy_orig+0xd5/0x140 rxe_mr_copy+0x1c3/0x200 [rdma_rxe] ? rxe_pool_get_index+0x4b/0x80 [rdma_rxe] copy_data+0xa5/0x230 [rdma_rxe] rxe_requester+0xd9b/0xf70 [rdma_rxe] ? finish_task_switch.isra.0+0x99/0x2e0 rxe_sender+0x13/0x40 [rdma_rxe] do_task+0x68/0x1e0 [rdma_rxe] process_one_work+0x177/0x330 worker_thread+0x252/0x390 ? __pfx_worker_thread+0x10/0x10 This change ensures the variable is available for subsequent operations that require it. [1] https://lore.kernel.org/linux-rdma/6a1f3e8f-deb0-49f9-bc69-a9b03ecfcda7@fujitsu.com/

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7eaa71f56a6f7ab87…
	https://git.kernel.org/stable/c/143378075904e78b3…
	https://git.kernel.org/stable/c/32e1e748a85bd52b2…
	https://git.kernel.org/stable/c/b238f61cc394d5fef…
	https://git.kernel.org/stable/c/6ffb5c1885195ae52…
	https://git.kernel.org/stable/c/fb514b31395946022…

Impacted products

Vendor

Product

Version

Linux

Affected: 9cb837480424e78ed585376f944088246685aec3 , < 7eaa71f56a6f7ab87957213472dc6d4055862722 (git)
Affected: 9cb837480424e78ed585376f944088246685aec3 , < 143378075904e78b3b2a810099bcc3b3d82d762f (git)
Affected: 9cb837480424e78ed585376f944088246685aec3 , < 32e1e748a85bd52b20b3857d80fd166d22fa455a (git)
Affected: 9cb837480424e78ed585376f944088246685aec3 , < b238f61cc394d5fef27b26d7d9aa383ebfddabb0 (git)
Affected: 9cb837480424e78ed585376f944088246685aec3 , < 6ffb5c1885195ae5211a12b4acd2d51843ca41b0 (git)
Affected: 9cb837480424e78ed585376f944088246685aec3 , < fb514b31395946022f13a08e06a435f53cf9e8b3 (git)

Linux

Affected: 5.8
Unaffected: 0 , < 5.8 (semver)
Unaffected: 5.10.233 , ≤ 5.10.* (semver)
Unaffected: 5.15.176 , ≤ 5.15.* (semver)
Unaffected: 6.1.124 , ≤ 6.1.* (semver)
Unaffected: 6.6.70 , ≤ 6.6.* (semver)
Unaffected: 6.12.9 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36476",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:54:29.846906Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:18.837Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:37:45.505Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/ulp/rtrs/rtrs-srv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7eaa71f56a6f7ab87957213472dc6d4055862722",
              "status": "affected",
              "version": "9cb837480424e78ed585376f944088246685aec3",
              "versionType": "git"
            },
            {
              "lessThan": "143378075904e78b3b2a810099bcc3b3d82d762f",
              "status": "affected",
              "version": "9cb837480424e78ed585376f944088246685aec3",
              "versionType": "git"
            },
            {
              "lessThan": "32e1e748a85bd52b20b3857d80fd166d22fa455a",
              "status": "affected",
              "version": "9cb837480424e78ed585376f944088246685aec3",
              "versionType": "git"
            },
            {
              "lessThan": "b238f61cc394d5fef27b26d7d9aa383ebfddabb0",
              "status": "affected",
              "version": "9cb837480424e78ed585376f944088246685aec3",
              "versionType": "git"
            },
            {
              "lessThan": "6ffb5c1885195ae5211a12b4acd2d51843ca41b0",
              "status": "affected",
              "version": "9cb837480424e78ed585376f944088246685aec3",
              "versionType": "git"
            },
            {
              "lessThan": "fb514b31395946022f13a08e06a435f53cf9e8b3",
              "status": "affected",
              "version": "9cb837480424e78ed585376f944088246685aec3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/ulp/rtrs/rtrs-srv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            },
            {
              "lessThan": "5.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.233",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.124",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.70",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.233",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.176",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.124",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.70",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.9",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rtrs: Ensure \u0027ib_sge list\u0027 is accessible\n\nMove the declaration of the \u0027ib_sge list\u0027 variable outside the\n\u0027always_invalidate\u0027 block to ensure it remains accessible for use\nthroughout the function.\n\nPreviously, \u0027ib_sge list\u0027 was declared within the \u0027always_invalidate\u0027\nblock, limiting its accessibility, then caused a\n\u0027BUG: kernel NULL pointer dereference\u0027[1].\n ? __die_body.cold+0x19/0x27\n ? page_fault_oops+0x15a/0x2d0\n ? search_module_extables+0x19/0x60\n ? search_bpf_extables+0x5f/0x80\n ? exc_page_fault+0x7e/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? memcpy_orig+0xd5/0x140\n rxe_mr_copy+0x1c3/0x200 [rdma_rxe]\n ? rxe_pool_get_index+0x4b/0x80 [rdma_rxe]\n copy_data+0xa5/0x230 [rdma_rxe]\n rxe_requester+0xd9b/0xf70 [rdma_rxe]\n ? finish_task_switch.isra.0+0x99/0x2e0\n rxe_sender+0x13/0x40 [rdma_rxe]\n do_task+0x68/0x1e0 [rdma_rxe]\n process_one_work+0x177/0x330\n worker_thread+0x252/0x390\n ? __pfx_worker_thread+0x10/0x10\n\nThis change ensures the variable is available for subsequent operations\nthat require it.\n\n[1] https://lore.kernel.org/linux-rdma/6a1f3e8f-deb0-49f9-bc69-a9b03ecfcda7@fujitsu.com/"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:11:05.567Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7eaa71f56a6f7ab87957213472dc6d4055862722"
        },
        {
          "url": "https://git.kernel.org/stable/c/143378075904e78b3b2a810099bcc3b3d82d762f"
        },
        {
          "url": "https://git.kernel.org/stable/c/32e1e748a85bd52b20b3857d80fd166d22fa455a"
        },
        {
          "url": "https://git.kernel.org/stable/c/b238f61cc394d5fef27b26d7d9aa383ebfddabb0"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ffb5c1885195ae5211a12b4acd2d51843ca41b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb514b31395946022f13a08e06a435f53cf9e8b3"
        }
      ],
      "title": "RDMA/rtrs: Ensure \u0027ib_sge list\u0027 is accessible",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36476",
    "datePublished": "2025-01-15T13:10:20.507Z",
    "dateReserved": "2025-01-15T13:08:59.730Z",
    "dateUpdated": "2025-11-03T20:37:45.505Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-50304 (GCVE-0-2024-50304)

Vulnerability from cvelistv5 – Published: 2024-11-19 17:19 – Updated: 2025-11-03 20:45

Title

ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()

Summary

In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() The per-netns IP tunnel hash table is protected by the RTNL mutex and ip_tunnel_find() is only called from the control path where the mutex is taken. Add a lockdep expression to hlist_for_each_entry_rcu() in ip_tunnel_find() in order to validate that the mutex is held and to silence the suspicious RCU usage warning [1]. [1] WARNING: suspicious RCU usage 6.12.0-rc3-custom-gd95d9a31aceb #139 Not tainted ----------------------------- net/ipv4/ip_tunnel.c:221 RCU-list traversed in non-reader section!! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by ip/362: #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60 stack backtrace: CPU: 12 UID: 0 PID: 362 Comm: ip Not tainted 6.12.0-rc3-custom-gd95d9a31aceb #139 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 Call Trace: <TASK> dump_stack_lvl+0xba/0x110 lockdep_rcu_suspicious.cold+0x4f/0xd6 ip_tunnel_find+0x435/0x4d0 ip_tunnel_newlink+0x517/0x7a0 ipgre_newlink+0x14c/0x170 __rtnl_newlink+0x1173/0x19c0 rtnl_newlink+0x6c/0xa0 rtnetlink_rcv_msg+0x3cc/0xf60 netlink_rcv_skb+0x171/0x450 netlink_unicast+0x539/0x7f0 netlink_sendmsg+0x8c1/0xd80 ____sys_sendmsg+0x8f9/0xc20 ___sys_sendmsg+0x197/0x1e0 __sys_sendmsg+0x122/0x1f0 do_syscall_64+0xbb/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/31bd7378c6fe100a8…
	https://git.kernel.org/stable/c/6ac5dfa575136da8d…
	https://git.kernel.org/stable/c/ce11424026cbf87d5…
	https://git.kernel.org/stable/c/e0500e4373cd3d5ea…
	https://git.kernel.org/stable/c/f20fe2cfe06ca1b00…
	https://git.kernel.org/stable/c/90e0569dd3d32f4f4…

Impacted products

Vendor

Product

Version

Linux

Affected: c54419321455631079c7d6e60bc732dd0c5914c5 , < 31bd7378c6fe100a8af0e996ea0b5dafd3579df6 (git)
Affected: c54419321455631079c7d6e60bc732dd0c5914c5 , < 6ac5dfa575136da8dd8a9e7c1437c41f3a593993 (git)
Affected: c54419321455631079c7d6e60bc732dd0c5914c5 , < ce11424026cbf87d5861b09e5e33565ff7f2ec8d (git)
Affected: c54419321455631079c7d6e60bc732dd0c5914c5 , < e0500e4373cd3d5eace1f1712444ab830b82c114 (git)
Affected: c54419321455631079c7d6e60bc732dd0c5914c5 , < f20fe2cfe06ca1b008b09da4f2b4e0c5547ccef6 (git)
Affected: c54419321455631079c7d6e60bc732dd0c5914c5 , < 90e0569dd3d32f4f4d2ca691d3fa5a8a14a13c12 (git)

Linux

Affected: 3.10
Unaffected: 0 , < 3.10 (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.178 , ≤ 5.15.* (semver)
Unaffected: 6.1.128 , ≤ 6.1.* (semver)
Unaffected: 6.6.75 , ≤ 6.6.* (semver)
Unaffected: 6.11.7 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:45:10.648Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/ip_tunnel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "31bd7378c6fe100a8af0e996ea0b5dafd3579df6",
              "status": "affected",
              "version": "c54419321455631079c7d6e60bc732dd0c5914c5",
              "versionType": "git"
            },
            {
              "lessThan": "6ac5dfa575136da8dd8a9e7c1437c41f3a593993",
              "status": "affected",
              "version": "c54419321455631079c7d6e60bc732dd0c5914c5",
              "versionType": "git"
            },
            {
              "lessThan": "ce11424026cbf87d5861b09e5e33565ff7f2ec8d",
              "status": "affected",
              "version": "c54419321455631079c7d6e60bc732dd0c5914c5",
              "versionType": "git"
            },
            {
              "lessThan": "e0500e4373cd3d5eace1f1712444ab830b82c114",
              "status": "affected",
              "version": "c54419321455631079c7d6e60bc732dd0c5914c5",
              "versionType": "git"
            },
            {
              "lessThan": "f20fe2cfe06ca1b008b09da4f2b4e0c5547ccef6",
              "status": "affected",
              "version": "c54419321455631079c7d6e60bc732dd0c5914c5",
              "versionType": "git"
            },
            {
              "lessThan": "90e0569dd3d32f4f4d2ca691d3fa5a8a14a13c12",
              "status": "affected",
              "version": "c54419321455631079c7d6e60bc732dd0c5914c5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/ip_tunnel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.10"
            },
            {
              "lessThan": "3.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.178",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.178",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.128",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.75",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.7",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()\n\nThe per-netns IP tunnel hash table is protected by the RTNL mutex and\nip_tunnel_find() is only called from the control path where the mutex is\ntaken.\n\nAdd a lockdep expression to hlist_for_each_entry_rcu() in\nip_tunnel_find() in order to validate that the mutex is held and to\nsilence the suspicious RCU usage warning [1].\n\n[1]\nWARNING: suspicious RCU usage\n6.12.0-rc3-custom-gd95d9a31aceb #139 Not tainted\n-----------------------------\nnet/ipv4/ip_tunnel.c:221 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n1 lock held by ip/362:\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60\n\nstack backtrace:\nCPU: 12 UID: 0 PID: 362 Comm: ip Not tainted 6.12.0-rc3-custom-gd95d9a31aceb #139\nHardware name: Bochs Bochs, BIOS Bochs 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xba/0x110\n lockdep_rcu_suspicious.cold+0x4f/0xd6\n ip_tunnel_find+0x435/0x4d0\n ip_tunnel_newlink+0x517/0x7a0\n ipgre_newlink+0x14c/0x170\n __rtnl_newlink+0x1173/0x19c0\n rtnl_newlink+0x6c/0xa0\n rtnetlink_rcv_msg+0x3cc/0xf60\n netlink_rcv_skb+0x171/0x450\n netlink_unicast+0x539/0x7f0\n netlink_sendmsg+0x8c1/0xd80\n ____sys_sendmsg+0x8f9/0xc20\n ___sys_sendmsg+0x197/0x1e0\n __sys_sendmsg+0x122/0x1f0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:51:17.560Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/31bd7378c6fe100a8af0e996ea0b5dafd3579df6"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ac5dfa575136da8dd8a9e7c1437c41f3a593993"
        },
        {
          "url": "https://git.kernel.org/stable/c/ce11424026cbf87d5861b09e5e33565ff7f2ec8d"
        },
        {
          "url": "https://git.kernel.org/stable/c/e0500e4373cd3d5eace1f1712444ab830b82c114"
        },
        {
          "url": "https://git.kernel.org/stable/c/f20fe2cfe06ca1b008b09da4f2b4e0c5547ccef6"
        },
        {
          "url": "https://git.kernel.org/stable/c/90e0569dd3d32f4f4d2ca691d3fa5a8a14a13c12"
        }
      ],
      "title": "ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50304",
    "datePublished": "2024-11-19T17:19:30.242Z",
    "dateReserved": "2024-10-21T19:36:19.987Z",
    "dateUpdated": "2025-11-03T20:45:10.648Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53158 (GCVE-0-2024-53158)

Vulnerability from cvelistv5 – Published: 2024-12-24 11:28 – Updated: 2025-11-03 20:46

Title

soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()

Summary

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from clk_round_rate() is the same as on the previous iteration. However, that check doesn't make sense on the first iteration through the loop. It leads to reading before the start of these->clk_perf_tbl[] array.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/37cdd4f0c266560b7…
	https://git.kernel.org/stable/c/7a3465b79ef0539aa…
	https://git.kernel.org/stable/c/748557ca7dc94695a…
	https://git.kernel.org/stable/c/f4b7bf5a50f1fa255…
	https://git.kernel.org/stable/c/b0a9c6ccaf88c4701…
	https://git.kernel.org/stable/c/c24e019ca12d9ec81…
	https://git.kernel.org/stable/c/56eda41dcce0ec4d3…
	https://git.kernel.org/stable/c/351bb7f9ecb9d1f09…
	https://git.kernel.org/stable/c/78261cb08f06c93d3…

Impacted products

Vendor

Product

Version

Linux

Affected: eddac5af06546d2e7a0730e3dc02dde3dc91098a , < 37cdd4f0c266560b7b924c42361eeae3dc5f0c3e (git)
Affected: eddac5af06546d2e7a0730e3dc02dde3dc91098a , < 7a3465b79ef0539aa10b310ac3cc35e0ae25b79e (git)
Affected: eddac5af06546d2e7a0730e3dc02dde3dc91098a , < 748557ca7dc94695a6e209eb68fce365da9a3bb3 (git)
Affected: eddac5af06546d2e7a0730e3dc02dde3dc91098a , < f4b7bf5a50f1fa25560f0b66a13563465542861b (git)
Affected: eddac5af06546d2e7a0730e3dc02dde3dc91098a , < b0a9c6ccaf88c4701787f61ecd2ec0eb014a0677 (git)
Affected: eddac5af06546d2e7a0730e3dc02dde3dc91098a , < c24e019ca12d9ec814af04b30a64dd7173fb20fe (git)
Affected: eddac5af06546d2e7a0730e3dc02dde3dc91098a , < 56eda41dcce0ec4d3418b4f85037bdea181486cc (git)
Affected: eddac5af06546d2e7a0730e3dc02dde3dc91098a , < 351bb7f9ecb9d1f09bd7767491a2b8d07f4f1ea4 (git)
Affected: eddac5af06546d2e7a0730e3dc02dde3dc91098a , < 78261cb08f06c93d362cab5c5034bf5899bc7552 (git)

Linux

Affected: 4.18
Unaffected: 0 , < 4.18 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-53158",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:09:29.207001Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:17:08.402Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:46:49.804Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/soc/qcom/qcom-geni-se.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "37cdd4f0c266560b7b924c42361eeae3dc5f0c3e",
              "status": "affected",
              "version": "eddac5af06546d2e7a0730e3dc02dde3dc91098a",
              "versionType": "git"
            },
            {
              "lessThan": "7a3465b79ef0539aa10b310ac3cc35e0ae25b79e",
              "status": "affected",
              "version": "eddac5af06546d2e7a0730e3dc02dde3dc91098a",
              "versionType": "git"
            },
            {
              "lessThan": "748557ca7dc94695a6e209eb68fce365da9a3bb3",
              "status": "affected",
              "version": "eddac5af06546d2e7a0730e3dc02dde3dc91098a",
              "versionType": "git"
            },
            {
              "lessThan": "f4b7bf5a50f1fa25560f0b66a13563465542861b",
              "status": "affected",
              "version": "eddac5af06546d2e7a0730e3dc02dde3dc91098a",
              "versionType": "git"
            },
            {
              "lessThan": "b0a9c6ccaf88c4701787f61ecd2ec0eb014a0677",
              "status": "affected",
              "version": "eddac5af06546d2e7a0730e3dc02dde3dc91098a",
              "versionType": "git"
            },
            {
              "lessThan": "c24e019ca12d9ec814af04b30a64dd7173fb20fe",
              "status": "affected",
              "version": "eddac5af06546d2e7a0730e3dc02dde3dc91098a",
              "versionType": "git"
            },
            {
              "lessThan": "56eda41dcce0ec4d3418b4f85037bdea181486cc",
              "status": "affected",
              "version": "eddac5af06546d2e7a0730e3dc02dde3dc91098a",
              "versionType": "git"
            },
            {
              "lessThan": "351bb7f9ecb9d1f09bd7767491a2b8d07f4f1ea4",
              "status": "affected",
              "version": "eddac5af06546d2e7a0730e3dc02dde3dc91098a",
              "versionType": "git"
            },
            {
              "lessThan": "78261cb08f06c93d362cab5c5034bf5899bc7552",
              "status": "affected",
              "version": "eddac5af06546d2e7a0730e3dc02dde3dc91098a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/soc/qcom/qcom-geni-se.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.18"
            },
            {
              "lessThan": "4.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()\n\nThis loop is supposed to break if the frequency returned from\nclk_round_rate() is the same as on the previous iteration.  However,\nthat check doesn\u0027t make sense on the first iteration through the loop.\nIt leads to reading before the start of these-\u003eclk_perf_tbl[] array."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:54:31.758Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/37cdd4f0c266560b7b924c42361eeae3dc5f0c3e"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a3465b79ef0539aa10b310ac3cc35e0ae25b79e"
        },
        {
          "url": "https://git.kernel.org/stable/c/748557ca7dc94695a6e209eb68fce365da9a3bb3"
        },
        {
          "url": "https://git.kernel.org/stable/c/f4b7bf5a50f1fa25560f0b66a13563465542861b"
        },
        {
          "url": "https://git.kernel.org/stable/c/b0a9c6ccaf88c4701787f61ecd2ec0eb014a0677"
        },
        {
          "url": "https://git.kernel.org/stable/c/c24e019ca12d9ec814af04b30a64dd7173fb20fe"
        },
        {
          "url": "https://git.kernel.org/stable/c/56eda41dcce0ec4d3418b4f85037bdea181486cc"
        },
        {
          "url": "https://git.kernel.org/stable/c/351bb7f9ecb9d1f09bd7767491a2b8d07f4f1ea4"
        },
        {
          "url": "https://git.kernel.org/stable/c/78261cb08f06c93d362cab5c5034bf5899bc7552"
        }
      ],
      "title": "soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53158",
    "datePublished": "2024-12-24T11:28:57.160Z",
    "dateReserved": "2024-11-19T17:17:25.001Z",
    "dateUpdated": "2025-11-03T20:46:49.804Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56602 (GCVE-0-2024-56602)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:51 – Updated: 2026-01-05 10:56

Title

net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()

Summary

In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() sock_init_data() attaches the allocated sk object to the provided sock object. If ieee802154_create() fails later, the allocated sk object is freed, but the dangling pointer remains in the provided sock object, which may allow use-after-free. Clear the sk pointer in the sock object on error.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1d5fe782c0ff068d8…
	https://git.kernel.org/stable/c/14959fd7538b3be6d…
	https://git.kernel.org/stable/c/2b46994a6e76c8cc5…
	https://git.kernel.org/stable/c/e8bd6c5f5dc2234b4…
	https://git.kernel.org/stable/c/b4982fbf13042e3bb…
	https://git.kernel.org/stable/c/03caa9bfb9fde97fb…
	https://git.kernel.org/stable/c/b4fcd63f6ef79c73c…

Impacted products

Vendor

Product

Version

Linux

Affected: 9ec7671603573ede31207eb5b0b3e1aa211b2854 , < 1d5fe782c0ff068d80933f9cfd0fd39d5434bbc9 (git)
Affected: 9ec7671603573ede31207eb5b0b3e1aa211b2854 , < 14959fd7538b3be6d7617d9e60e404d6a8d4fd1f (git)
Affected: 9ec7671603573ede31207eb5b0b3e1aa211b2854 , < 2b46994a6e76c8cc5556772932b9b60d03a55cd8 (git)
Affected: 9ec7671603573ede31207eb5b0b3e1aa211b2854 , < e8bd6c5f5dc2234b4ea714380aedeea12a781754 (git)
Affected: 9ec7671603573ede31207eb5b0b3e1aa211b2854 , < b4982fbf13042e3bb33e04eddfea8b1506b5ea65 (git)
Affected: 9ec7671603573ede31207eb5b0b3e1aa211b2854 , < 03caa9bfb9fde97fb53d33decd7364514e6825cb (git)
Affected: 9ec7671603573ede31207eb5b0b3e1aa211b2854 , < b4fcd63f6ef79c73cafae8cf4a114def5fc3d80d (git)

Linux

Affected: 2.6.31
Unaffected: 0 , < 2.6.31 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56602",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T15:42:21.145830Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T15:45:23.837Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:50:43.809Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ieee802154/socket.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1d5fe782c0ff068d80933f9cfd0fd39d5434bbc9",
              "status": "affected",
              "version": "9ec7671603573ede31207eb5b0b3e1aa211b2854",
              "versionType": "git"
            },
            {
              "lessThan": "14959fd7538b3be6d7617d9e60e404d6a8d4fd1f",
              "status": "affected",
              "version": "9ec7671603573ede31207eb5b0b3e1aa211b2854",
              "versionType": "git"
            },
            {
              "lessThan": "2b46994a6e76c8cc5556772932b9b60d03a55cd8",
              "status": "affected",
              "version": "9ec7671603573ede31207eb5b0b3e1aa211b2854",
              "versionType": "git"
            },
            {
              "lessThan": "e8bd6c5f5dc2234b4ea714380aedeea12a781754",
              "status": "affected",
              "version": "9ec7671603573ede31207eb5b0b3e1aa211b2854",
              "versionType": "git"
            },
            {
              "lessThan": "b4982fbf13042e3bb33e04eddfea8b1506b5ea65",
              "status": "affected",
              "version": "9ec7671603573ede31207eb5b0b3e1aa211b2854",
              "versionType": "git"
            },
            {
              "lessThan": "03caa9bfb9fde97fb53d33decd7364514e6825cb",
              "status": "affected",
              "version": "9ec7671603573ede31207eb5b0b3e1aa211b2854",
              "versionType": "git"
            },
            {
              "lessThan": "b4fcd63f6ef79c73cafae8cf4a114def5fc3d80d",
              "status": "affected",
              "version": "9ec7671603573ede31207eb5b0b3e1aa211b2854",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ieee802154/socket.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.31"
            },
            {
              "lessThan": "2.6.31",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ieee802154: do not leave a dangling sk pointer in ieee802154_create()\n\nsock_init_data() attaches the allocated sk object to the provided sock\nobject. If ieee802154_create() fails later, the allocated sk object is\nfreed, but the dangling pointer remains in the provided sock object, which\nmay allow use-after-free.\n\nClear the sk pointer in the sock object on error."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:56:04.215Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1d5fe782c0ff068d80933f9cfd0fd39d5434bbc9"
        },
        {
          "url": "https://git.kernel.org/stable/c/14959fd7538b3be6d7617d9e60e404d6a8d4fd1f"
        },
        {
          "url": "https://git.kernel.org/stable/c/2b46994a6e76c8cc5556772932b9b60d03a55cd8"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8bd6c5f5dc2234b4ea714380aedeea12a781754"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4982fbf13042e3bb33e04eddfea8b1506b5ea65"
        },
        {
          "url": "https://git.kernel.org/stable/c/03caa9bfb9fde97fb53d33decd7364514e6825cb"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4fcd63f6ef79c73cafae8cf4a114def5fc3d80d"
        }
      ],
      "title": "net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56602",
    "datePublished": "2024-12-27T14:51:08.174Z",
    "dateReserved": "2024-12-27T14:03:06.011Z",
    "dateUpdated": "2026-01-05T10:56:04.215Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53135 (GCVE-0-2024-53135)

Vulnerability from cvelistv5 – Published: 2024-12-04 14:20 – Updated: 2025-11-03 22:29

Title

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

Summary

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Hide KVM's pt_mode module param behind CONFIG_BROKEN, i.e. disable support for virtualizing Intel PT via guest/host mode unless BROKEN=y. There are myriad bugs in the implementation, some of which are fatal to the guest, and others which put the stability and health of the host at risk. For guest fatalities, the most glaring issue is that KVM fails to ensure tracing is disabled, and *stays* disabled prior to VM-Enter, which is necessary as hardware disallows loading (the guest's) RTIT_CTL if tracing is enabled (enforced via a VMX consistency check). Per the SDM: If the logical processor is operating with Intel PT enabled (if IA32_RTIT_CTL.TraceEn = 1) at the time of VM entry, the "load IA32_RTIT_CTL" VM-entry control must be 0. On the host side, KVM doesn't validate the guest CPUID configuration provided by userspace, and even worse, uses the guest configuration to decide what MSRs to save/load at VM-Enter and VM-Exit. E.g. configuring guest CPUID to enumerate more address ranges than are supported in hardware will result in KVM trying to passthrough, save, and load non-existent MSRs, which generates a variety of WARNs, ToPA ERRORs in the host, a potential deadlock, etc.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c3742319d021f5aa3…
	https://git.kernel.org/stable/c/d4b42f926adcce4e5…
	https://git.kernel.org/stable/c/b8a1d572478b6f239…
	https://git.kernel.org/stable/c/e6716f4230a878495…
	https://git.kernel.org/stable/c/d28b059ee4779b510…
	https://git.kernel.org/stable/c/b91bb0ce5cd7005b3…
	https://git.kernel.org/stable/c/aa0d42cacf093a6fc…

Impacted products

Vendor

Product

Version

Linux

Affected: f99e3daf94ff35dd4a878d32ff66e1fd35223ad6 , < c3742319d021f5aa3a0a8c828485fee14753f6de (git)
Affected: f99e3daf94ff35dd4a878d32ff66e1fd35223ad6 , < d4b42f926adcce4e5ec193c714afd9d37bba8e5b (git)
Affected: f99e3daf94ff35dd4a878d32ff66e1fd35223ad6 , < b8a1d572478b6f239061ee9578b2451bf2f021c2 (git)
Affected: f99e3daf94ff35dd4a878d32ff66e1fd35223ad6 , < e6716f4230a8784957273ddd27326264b27b9313 (git)
Affected: f99e3daf94ff35dd4a878d32ff66e1fd35223ad6 , < d28b059ee4779b5102c5da6e929762520510e406 (git)
Affected: f99e3daf94ff35dd4a878d32ff66e1fd35223ad6 , < b91bb0ce5cd7005b376eac690ec664c1b56372ec (git)
Affected: f99e3daf94ff35dd4a878d32ff66e1fd35223ad6 , < aa0d42cacf093a6fcca872edc954f6f812926a17 (git)

Linux

Affected: 5.0
Unaffected: 0 , < 5.0 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.119 , ≤ 6.1.* (semver)
Unaffected: 6.6.63 , ≤ 6.6.* (semver)
Unaffected: 6.11.10 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:29:37.797Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kvm/vmx/vmx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c3742319d021f5aa3a0a8c828485fee14753f6de",
              "status": "affected",
              "version": "f99e3daf94ff35dd4a878d32ff66e1fd35223ad6",
              "versionType": "git"
            },
            {
              "lessThan": "d4b42f926adcce4e5ec193c714afd9d37bba8e5b",
              "status": "affected",
              "version": "f99e3daf94ff35dd4a878d32ff66e1fd35223ad6",
              "versionType": "git"
            },
            {
              "lessThan": "b8a1d572478b6f239061ee9578b2451bf2f021c2",
              "status": "affected",
              "version": "f99e3daf94ff35dd4a878d32ff66e1fd35223ad6",
              "versionType": "git"
            },
            {
              "lessThan": "e6716f4230a8784957273ddd27326264b27b9313",
              "status": "affected",
              "version": "f99e3daf94ff35dd4a878d32ff66e1fd35223ad6",
              "versionType": "git"
            },
            {
              "lessThan": "d28b059ee4779b5102c5da6e929762520510e406",
              "status": "affected",
              "version": "f99e3daf94ff35dd4a878d32ff66e1fd35223ad6",
              "versionType": "git"
            },
            {
              "lessThan": "b91bb0ce5cd7005b376eac690ec664c1b56372ec",
              "status": "affected",
              "version": "f99e3daf94ff35dd4a878d32ff66e1fd35223ad6",
              "versionType": "git"
            },
            {
              "lessThan": "aa0d42cacf093a6fcca872edc954f6f812926a17",
              "status": "affected",
              "version": "f99e3daf94ff35dd4a878d32ff66e1fd35223ad6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kvm/vmx/vmx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.119",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.63",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.10",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN\n\nHide KVM\u0027s pt_mode module param behind CONFIG_BROKEN, i.e. disable support\nfor virtualizing Intel PT via guest/host mode unless BROKEN=y.  There are\nmyriad bugs in the implementation, some of which are fatal to the guest,\nand others which put the stability and health of the host at risk.\n\nFor guest fatalities, the most glaring issue is that KVM fails to ensure\ntracing is disabled, and *stays* disabled prior to VM-Enter, which is\nnecessary as hardware disallows loading (the guest\u0027s) RTIT_CTL if tracing\nis enabled (enforced via a VMX consistency check).  Per the SDM:\n\n  If the logical processor is operating with Intel PT enabled (if\n  IA32_RTIT_CTL.TraceEn = 1) at the time of VM entry, the \"load\n  IA32_RTIT_CTL\" VM-entry control must be 0.\n\nOn the host side, KVM doesn\u0027t validate the guest CPUID configuration\nprovided by userspace, and even worse, uses the guest configuration to\ndecide what MSRs to save/load at VM-Enter and VM-Exit.  E.g. configuring\nguest CPUID to enumerate more address ranges than are supported in hardware\nwill result in KVM trying to passthrough, save, and load non-existent MSRs,\nwhich generates a variety of WARNs, ToPA ERRORs in the host, a potential\ndeadlock, etc."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:53:55.150Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c3742319d021f5aa3a0a8c828485fee14753f6de"
        },
        {
          "url": "https://git.kernel.org/stable/c/d4b42f926adcce4e5ec193c714afd9d37bba8e5b"
        },
        {
          "url": "https://git.kernel.org/stable/c/b8a1d572478b6f239061ee9578b2451bf2f021c2"
        },
        {
          "url": "https://git.kernel.org/stable/c/e6716f4230a8784957273ddd27326264b27b9313"
        },
        {
          "url": "https://git.kernel.org/stable/c/d28b059ee4779b5102c5da6e929762520510e406"
        },
        {
          "url": "https://git.kernel.org/stable/c/b91bb0ce5cd7005b376eac690ec664c1b56372ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa0d42cacf093a6fcca872edc954f6f812926a17"
        }
      ],
      "title": "KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53135",
    "datePublished": "2024-12-04T14:20:40.815Z",
    "dateReserved": "2024-11-19T17:17:24.996Z",
    "dateUpdated": "2025-11-03T22:29:37.797Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53155 (GCVE-0-2024-53155)

Vulnerability from cvelistv5 – Published: 2024-12-24 11:28 – Updated: 2025-11-03 20:46

Title

ocfs2: fix uninitialized value in ocfs2_file_read_iter()

Summary

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix uninitialized value in ocfs2_file_read_iter() Syzbot has reported the following KMSAN splat: BUG: KMSAN: uninit-value in ocfs2_file_read_iter+0x9a4/0xf80 ocfs2_file_read_iter+0x9a4/0xf80 __io_read+0x8d4/0x20f0 io_read+0x3e/0xf0 io_issue_sqe+0x42b/0x22c0 io_wq_submit_work+0xaf9/0xdc0 io_worker_handle_work+0xd13/0x2110 io_wq_worker+0x447/0x1410 ret_from_fork+0x6f/0x90 ret_from_fork_asm+0x1a/0x30 Uninit was created at: __alloc_pages_noprof+0x9a7/0xe00 alloc_pages_mpol_noprof+0x299/0x990 alloc_pages_noprof+0x1bf/0x1e0 allocate_slab+0x33a/0x1250 ___slab_alloc+0x12ef/0x35e0 kmem_cache_alloc_bulk_noprof+0x486/0x1330 __io_alloc_req_refill+0x84/0x560 io_submit_sqes+0x172f/0x2f30 __se_sys_io_uring_enter+0x406/0x41c0 __x64_sys_io_uring_enter+0x11f/0x1a0 x64_sys_call+0x2b54/0x3ba0 do_syscall_64+0xcd/0x1e0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Since an instance of 'struct kiocb' may be passed from the block layer with 'private' field uninitialized, introduce 'ocfs2_iocb_init_rw_locked()' and use it from where 'ocfs2_dio_end_io()' might take care, i.e. in 'ocfs2_file_read_iter()' and 'ocfs2_file_write_iter()'.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-908 - Use of Uninitialized Resource

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/6c8f8d1e595dabd53…
	https://git.kernel.org/stable/c/f4078ef38d3163e6b…
	https://git.kernel.org/stable/c/66b7ddd1804e2c421…
	https://git.kernel.org/stable/c/8c966150d5abff58c…
	https://git.kernel.org/stable/c/83f8713a0ef1d55d6…
	https://git.kernel.org/stable/c/8e0de82ed18ba0e71…
	https://git.kernel.org/stable/c/366c933c2ab34dd65…
	https://git.kernel.org/stable/c/dc78efe556fed162d…
	https://git.kernel.org/stable/c/adc77b19f62d7e80f…

Impacted products

Vendor

Product

Version

Linux

Affected: 7cdfc3a1c3971c9125c317cb8c2525745851798e , < 6c8f8d1e595dabd5389817f6d798cc8bd95c40ab (git)
Affected: 7cdfc3a1c3971c9125c317cb8c2525745851798e , < f4078ef38d3163e6be47403a619558b19c4bfccd (git)
Affected: 7cdfc3a1c3971c9125c317cb8c2525745851798e , < 66b7ddd1804e2c4216dd7ead8eeb746cdbb3b62f (git)
Affected: 7cdfc3a1c3971c9125c317cb8c2525745851798e , < 8c966150d5abff58c3c2bdb9a6e63fd773782905 (git)
Affected: 7cdfc3a1c3971c9125c317cb8c2525745851798e , < 83f8713a0ef1d55d6a287bcfadcaab8245ac5098 (git)
Affected: 7cdfc3a1c3971c9125c317cb8c2525745851798e , < 8e0de82ed18ba0e71f817adbd81317fd1032ca5a (git)
Affected: 7cdfc3a1c3971c9125c317cb8c2525745851798e , < 366c933c2ab34dd6551acc03b4872726b7605143 (git)
Affected: 7cdfc3a1c3971c9125c317cb8c2525745851798e , < dc78efe556fed162d48736ef24066f42e463e27c (git)
Affected: 7cdfc3a1c3971c9125c317cb8c2525745851798e , < adc77b19f62d7e80f98400b2fca9d700d2afdd6f (git)

Linux

Affected: 2.6.22
Unaffected: 0 , < 2.6.22 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-53155",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:09:39.803725Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-908",
                "description": "CWE-908 Use of Uninitialized Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:17:08.814Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:46:41.159Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/aops.h",
            "fs/ocfs2/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6c8f8d1e595dabd5389817f6d798cc8bd95c40ab",
              "status": "affected",
              "version": "7cdfc3a1c3971c9125c317cb8c2525745851798e",
              "versionType": "git"
            },
            {
              "lessThan": "f4078ef38d3163e6be47403a619558b19c4bfccd",
              "status": "affected",
              "version": "7cdfc3a1c3971c9125c317cb8c2525745851798e",
              "versionType": "git"
            },
            {
              "lessThan": "66b7ddd1804e2c4216dd7ead8eeb746cdbb3b62f",
              "status": "affected",
              "version": "7cdfc3a1c3971c9125c317cb8c2525745851798e",
              "versionType": "git"
            },
            {
              "lessThan": "8c966150d5abff58c3c2bdb9a6e63fd773782905",
              "status": "affected",
              "version": "7cdfc3a1c3971c9125c317cb8c2525745851798e",
              "versionType": "git"
            },
            {
              "lessThan": "83f8713a0ef1d55d6a287bcfadcaab8245ac5098",
              "status": "affected",
              "version": "7cdfc3a1c3971c9125c317cb8c2525745851798e",
              "versionType": "git"
            },
            {
              "lessThan": "8e0de82ed18ba0e71f817adbd81317fd1032ca5a",
              "status": "affected",
              "version": "7cdfc3a1c3971c9125c317cb8c2525745851798e",
              "versionType": "git"
            },
            {
              "lessThan": "366c933c2ab34dd6551acc03b4872726b7605143",
              "status": "affected",
              "version": "7cdfc3a1c3971c9125c317cb8c2525745851798e",
              "versionType": "git"
            },
            {
              "lessThan": "dc78efe556fed162d48736ef24066f42e463e27c",
              "status": "affected",
              "version": "7cdfc3a1c3971c9125c317cb8c2525745851798e",
              "versionType": "git"
            },
            {
              "lessThan": "adc77b19f62d7e80f98400b2fca9d700d2afdd6f",
              "status": "affected",
              "version": "7cdfc3a1c3971c9125c317cb8c2525745851798e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/aops.h",
            "fs/ocfs2/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.22"
            },
            {
              "lessThan": "2.6.22",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix uninitialized value in ocfs2_file_read_iter()\n\nSyzbot has reported the following KMSAN splat:\n\nBUG: KMSAN: uninit-value in ocfs2_file_read_iter+0x9a4/0xf80\n ocfs2_file_read_iter+0x9a4/0xf80\n __io_read+0x8d4/0x20f0\n io_read+0x3e/0xf0\n io_issue_sqe+0x42b/0x22c0\n io_wq_submit_work+0xaf9/0xdc0\n io_worker_handle_work+0xd13/0x2110\n io_wq_worker+0x447/0x1410\n ret_from_fork+0x6f/0x90\n ret_from_fork_asm+0x1a/0x30\n\nUninit was created at:\n __alloc_pages_noprof+0x9a7/0xe00\n alloc_pages_mpol_noprof+0x299/0x990\n alloc_pages_noprof+0x1bf/0x1e0\n allocate_slab+0x33a/0x1250\n ___slab_alloc+0x12ef/0x35e0\n kmem_cache_alloc_bulk_noprof+0x486/0x1330\n __io_alloc_req_refill+0x84/0x560\n io_submit_sqes+0x172f/0x2f30\n __se_sys_io_uring_enter+0x406/0x41c0\n __x64_sys_io_uring_enter+0x11f/0x1a0\n x64_sys_call+0x2b54/0x3ba0\n do_syscall_64+0xcd/0x1e0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nSince an instance of \u0027struct kiocb\u0027 may be passed from the block layer\nwith \u0027private\u0027 field uninitialized, introduce \u0027ocfs2_iocb_init_rw_locked()\u0027\nand use it from where \u0027ocfs2_dio_end_io()\u0027 might take care, i.e. in\n\u0027ocfs2_file_read_iter()\u0027 and \u0027ocfs2_file_write_iter()\u0027."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:54:26.934Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6c8f8d1e595dabd5389817f6d798cc8bd95c40ab"
        },
        {
          "url": "https://git.kernel.org/stable/c/f4078ef38d3163e6be47403a619558b19c4bfccd"
        },
        {
          "url": "https://git.kernel.org/stable/c/66b7ddd1804e2c4216dd7ead8eeb746cdbb3b62f"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c966150d5abff58c3c2bdb9a6e63fd773782905"
        },
        {
          "url": "https://git.kernel.org/stable/c/83f8713a0ef1d55d6a287bcfadcaab8245ac5098"
        },
        {
          "url": "https://git.kernel.org/stable/c/8e0de82ed18ba0e71f817adbd81317fd1032ca5a"
        },
        {
          "url": "https://git.kernel.org/stable/c/366c933c2ab34dd6551acc03b4872726b7605143"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc78efe556fed162d48736ef24066f42e463e27c"
        },
        {
          "url": "https://git.kernel.org/stable/c/adc77b19f62d7e80f98400b2fca9d700d2afdd6f"
        }
      ],
      "title": "ocfs2: fix uninitialized value in ocfs2_file_read_iter()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53155",
    "datePublished": "2024-12-24T11:28:54.241Z",
    "dateReserved": "2024-11-19T17:17:25.001Z",
    "dateUpdated": "2025-11-03T20:46:41.159Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56578 (GCVE-0-2024-56578)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:23 – Updated: 2025-11-03 20:49

Title

media: imx-jpeg: Set video drvdata before register video device

Summary

In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Set video drvdata before register video device The video drvdata should be set before the video device is registered, otherwise video_drvdata() may return NULL in the open() file ops, and led to oops.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f68bb1210fbea2525…
	https://git.kernel.org/stable/c/b88556e82dc18cb70…
	https://git.kernel.org/stable/c/68efeff2f7fccdfed…
	https://git.kernel.org/stable/c/5ade59d28eade4919…
	https://git.kernel.org/stable/c/d2b7ecc26bd5406d5…

Impacted products

Vendor

Product

Version

Linux

Affected: 2db16c6ed72ce644d5639b3ed15e5817442db4ba , < f68bb1210fbea252552d97242757f69a219e942b (git)
Affected: 2db16c6ed72ce644d5639b3ed15e5817442db4ba , < b88556e82dc18cb708744d062770853a2d5095b2 (git)
Affected: 2db16c6ed72ce644d5639b3ed15e5817442db4ba , < 68efeff2f7fccdfedc55f92e92be32997127d16e (git)
Affected: 2db16c6ed72ce644d5639b3ed15e5817442db4ba , < 5ade59d28eade49194eb09765afdeb0ba717c39a (git)
Affected: 2db16c6ed72ce644d5639b3ed15e5817442db4ba , < d2b7ecc26bd5406d5ba927be1748aa99c568696c (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.12.4 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56578",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:01:53.412942Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:14.854Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:49:53.815Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f68bb1210fbea252552d97242757f69a219e942b",
              "status": "affected",
              "version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
              "versionType": "git"
            },
            {
              "lessThan": "b88556e82dc18cb708744d062770853a2d5095b2",
              "status": "affected",
              "version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
              "versionType": "git"
            },
            {
              "lessThan": "68efeff2f7fccdfedc55f92e92be32997127d16e",
              "status": "affected",
              "version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
              "versionType": "git"
            },
            {
              "lessThan": "5ade59d28eade49194eb09765afdeb0ba717c39a",
              "status": "affected",
              "version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
              "versionType": "git"
            },
            {
              "lessThan": "d2b7ecc26bd5406d5ba927be1748aa99c568696c",
              "status": "affected",
              "version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.4",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:58:53.416Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f68bb1210fbea252552d97242757f69a219e942b"
        },
        {
          "url": "https://git.kernel.org/stable/c/b88556e82dc18cb708744d062770853a2d5095b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/68efeff2f7fccdfedc55f92e92be32997127d16e"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ade59d28eade49194eb09765afdeb0ba717c39a"
        },
        {
          "url": "https://git.kernel.org/stable/c/d2b7ecc26bd5406d5ba927be1748aa99c568696c"
        }
      ],
      "title": "media: imx-jpeg: Set video drvdata before register video device",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56578",
    "datePublished": "2024-12-27T14:23:20.659Z",
    "dateReserved": "2024-12-27T14:03:05.999Z",
    "dateUpdated": "2025-11-03T20:49:53.815Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-50051 (GCVE-0-2024-50051)

Vulnerability from cvelistv5 – Published: 2025-01-11 12:25 – Updated: 2025-11-03 20:43

Title

spi: mpc52xx: Add cancel_work_sync before module remove

Summary

In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: Add cancel_work_sync before module remove If we remove the module which will call mpc52xx_spi_remove it will free 'ms' through spi_unregister_controller. while the work ms->work will be used. The sequence of operations that may lead to a UAF bug. Fix it by ensuring that the work is canceled before proceeding with the cleanup in mpc52xx_spi_remove.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d0cde3911cf24e1bc…
	https://git.kernel.org/stable/c/e0c6ce8424095c2da…
	https://git.kernel.org/stable/c/cd5106c77d6d6828a…
	https://git.kernel.org/stable/c/373d55a47dc662e5e…
	https://git.kernel.org/stable/c/f65d85bc1ffd8a2c1…
	https://git.kernel.org/stable/c/90b72189de2cddacb…
	https://git.kernel.org/stable/c/984836621aad98802…

Impacted products

Vendor

Product

Version

Linux

Affected: ca632f556697d45d67ed5cada7cedf3ddfe0db4b , < d0cde3911cf24e1bcdd4caa1d1b9ef57589db5a1 (git)
Affected: ca632f556697d45d67ed5cada7cedf3ddfe0db4b , < e0c6ce8424095c2da32a063d3fc027494c689817 (git)
Affected: ca632f556697d45d67ed5cada7cedf3ddfe0db4b , < cd5106c77d6d6828aa82449f01f4eb436d602a21 (git)
Affected: ca632f556697d45d67ed5cada7cedf3ddfe0db4b , < 373d55a47dc662e5e30d12ad5d334312f757c1f1 (git)
Affected: ca632f556697d45d67ed5cada7cedf3ddfe0db4b , < f65d85bc1ffd8a2c194bb2cd65e35ed3648ddd59 (git)
Affected: ca632f556697d45d67ed5cada7cedf3ddfe0db4b , < 90b72189de2cddacb26250579da0510b29a8b82b (git)
Affected: ca632f556697d45d67ed5cada7cedf3ddfe0db4b , < 984836621aad98802d92c4a3047114cf518074c8 (git)

Linux

Affected: 3.1
Unaffected: 0 , < 3.1 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-50051",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-10T17:12:07.926078Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-10T17:21:06.363Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:43:19.203Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/spi/spi-mpc52xx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d0cde3911cf24e1bcdd4caa1d1b9ef57589db5a1",
              "status": "affected",
              "version": "ca632f556697d45d67ed5cada7cedf3ddfe0db4b",
              "versionType": "git"
            },
            {
              "lessThan": "e0c6ce8424095c2da32a063d3fc027494c689817",
              "status": "affected",
              "version": "ca632f556697d45d67ed5cada7cedf3ddfe0db4b",
              "versionType": "git"
            },
            {
              "lessThan": "cd5106c77d6d6828aa82449f01f4eb436d602a21",
              "status": "affected",
              "version": "ca632f556697d45d67ed5cada7cedf3ddfe0db4b",
              "versionType": "git"
            },
            {
              "lessThan": "373d55a47dc662e5e30d12ad5d334312f757c1f1",
              "status": "affected",
              "version": "ca632f556697d45d67ed5cada7cedf3ddfe0db4b",
              "versionType": "git"
            },
            {
              "lessThan": "f65d85bc1ffd8a2c194bb2cd65e35ed3648ddd59",
              "status": "affected",
              "version": "ca632f556697d45d67ed5cada7cedf3ddfe0db4b",
              "versionType": "git"
            },
            {
              "lessThan": "90b72189de2cddacb26250579da0510b29a8b82b",
              "status": "affected",
              "version": "ca632f556697d45d67ed5cada7cedf3ddfe0db4b",
              "versionType": "git"
            },
            {
              "lessThan": "984836621aad98802d92c4a3047114cf518074c8",
              "status": "affected",
              "version": "ca632f556697d45d67ed5cada7cedf3ddfe0db4b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/spi/spi-mpc52xx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "lessThan": "3.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: mpc52xx: Add cancel_work_sync before module remove\n\nIf we remove the module which will call mpc52xx_spi_remove\nit will free \u0027ms\u0027 through spi_unregister_controller.\nwhile the work ms-\u003ework will be used. The sequence of operations\nthat may lead to a UAF bug.\n\nFix it by ensuring that the work is canceled before proceeding with\nthe cleanup in mpc52xx_spi_remove."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:44:49.213Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d0cde3911cf24e1bcdd4caa1d1b9ef57589db5a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/e0c6ce8424095c2da32a063d3fc027494c689817"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd5106c77d6d6828aa82449f01f4eb436d602a21"
        },
        {
          "url": "https://git.kernel.org/stable/c/373d55a47dc662e5e30d12ad5d334312f757c1f1"
        },
        {
          "url": "https://git.kernel.org/stable/c/f65d85bc1ffd8a2c194bb2cd65e35ed3648ddd59"
        },
        {
          "url": "https://git.kernel.org/stable/c/90b72189de2cddacb26250579da0510b29a8b82b"
        },
        {
          "url": "https://git.kernel.org/stable/c/984836621aad98802d92c4a3047114cf518074c8"
        }
      ],
      "title": "spi: mpc52xx: Add cancel_work_sync before module remove",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50051",
    "datePublished": "2025-01-11T12:25:20.277Z",
    "dateReserved": "2025-01-09T09:50:31.785Z",
    "dateUpdated": "2025-11-03T20:43:19.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56767 (GCVE-0-2024-56767)

Vulnerability from cvelistv5 – Published: 2025-01-06 16:20 – Updated: 2025-11-03 20:54

Title

dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset

Summary

In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset The at_xdmac_memset_create_desc may return NULL, which will lead to a null pointer dereference. For example, the len input is error, or the atchan->free_descs_list is empty and memory is exhausted. Therefore, add check to avoid this.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3d229600c54e9e090…
	https://git.kernel.org/stable/c/ed1a8aaa344522c0c…
	https://git.kernel.org/stable/c/8d364597de9ce2a5f…
	https://git.kernel.org/stable/c/fdba6d5e455388377…
	https://git.kernel.org/stable/c/e658f1c133b854b2a…
	https://git.kernel.org/stable/c/54376d8d26596f98e…
	https://git.kernel.org/stable/c/c43ec96e8d34399bd…

Impacted products

Vendor

Product

Version

Linux

Affected: b206d9a23ac71cb905f5fb6e0cd813406f89b678 , < 3d229600c54e9e0909080ecaf1aab0642aefa5f0 (git)
Affected: b206d9a23ac71cb905f5fb6e0cd813406f89b678 , < ed1a8aaa344522c0c349ac9042db27ad130ef913 (git)
Affected: b206d9a23ac71cb905f5fb6e0cd813406f89b678 , < 8d364597de9ce2a5f52714224bfe6c2e7a29b303 (git)
Affected: b206d9a23ac71cb905f5fb6e0cd813406f89b678 , < fdba6d5e455388377ec7e82a5913ddfcc7edd93b (git)
Affected: b206d9a23ac71cb905f5fb6e0cd813406f89b678 , < e658f1c133b854b2ae799147301d82dddb8f3162 (git)
Affected: b206d9a23ac71cb905f5fb6e0cd813406f89b678 , < 54376d8d26596f98ed7432a788314bb9154bf3e3 (git)
Affected: b206d9a23ac71cb905f5fb6e0cd813406f89b678 , < c43ec96e8d34399bd9dab2f2dc316b904892133f (git)

Linux

Affected: 4.2
Unaffected: 0 , < 4.2 (semver)
Unaffected: 5.4.289 , ≤ 5.4.* (semver)
Unaffected: 5.10.233 , ≤ 5.10.* (semver)
Unaffected: 5.15.176 , ≤ 5.15.* (semver)
Unaffected: 6.1.123 , ≤ 6.1.* (semver)
Unaffected: 6.6.69 , ≤ 6.6.* (semver)
Unaffected: 6.12.8 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:54:02.496Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/dma/at_xdmac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3d229600c54e9e0909080ecaf1aab0642aefa5f0",
              "status": "affected",
              "version": "b206d9a23ac71cb905f5fb6e0cd813406f89b678",
              "versionType": "git"
            },
            {
              "lessThan": "ed1a8aaa344522c0c349ac9042db27ad130ef913",
              "status": "affected",
              "version": "b206d9a23ac71cb905f5fb6e0cd813406f89b678",
              "versionType": "git"
            },
            {
              "lessThan": "8d364597de9ce2a5f52714224bfe6c2e7a29b303",
              "status": "affected",
              "version": "b206d9a23ac71cb905f5fb6e0cd813406f89b678",
              "versionType": "git"
            },
            {
              "lessThan": "fdba6d5e455388377ec7e82a5913ddfcc7edd93b",
              "status": "affected",
              "version": "b206d9a23ac71cb905f5fb6e0cd813406f89b678",
              "versionType": "git"
            },
            {
              "lessThan": "e658f1c133b854b2ae799147301d82dddb8f3162",
              "status": "affected",
              "version": "b206d9a23ac71cb905f5fb6e0cd813406f89b678",
              "versionType": "git"
            },
            {
              "lessThan": "54376d8d26596f98ed7432a788314bb9154bf3e3",
              "status": "affected",
              "version": "b206d9a23ac71cb905f5fb6e0cd813406f89b678",
              "versionType": "git"
            },
            {
              "lessThan": "c43ec96e8d34399bd9dab2f2dc316b904892133f",
              "status": "affected",
              "version": "b206d9a23ac71cb905f5fb6e0cd813406f89b678",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/dma/at_xdmac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.289",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.233",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.123",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.69",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.289",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.233",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.176",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.123",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.69",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.8",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset\n\nThe at_xdmac_memset_create_desc may return NULL, which will lead to a\nnull pointer dereference. For example, the len input is error, or the\natchan-\u003efree_descs_list is empty and memory is exhausted. Therefore, add\ncheck to avoid this."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:04:14.823Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3d229600c54e9e0909080ecaf1aab0642aefa5f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/ed1a8aaa344522c0c349ac9042db27ad130ef913"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d364597de9ce2a5f52714224bfe6c2e7a29b303"
        },
        {
          "url": "https://git.kernel.org/stable/c/fdba6d5e455388377ec7e82a5913ddfcc7edd93b"
        },
        {
          "url": "https://git.kernel.org/stable/c/e658f1c133b854b2ae799147301d82dddb8f3162"
        },
        {
          "url": "https://git.kernel.org/stable/c/54376d8d26596f98ed7432a788314bb9154bf3e3"
        },
        {
          "url": "https://git.kernel.org/stable/c/c43ec96e8d34399bd9dab2f2dc316b904892133f"
        }
      ],
      "title": "dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56767",
    "datePublished": "2025-01-06T16:20:45.430Z",
    "dateReserved": "2024-12-29T11:26:39.762Z",
    "dateUpdated": "2025-11-03T20:54:02.496Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21697 (GCVE-0-2025-21697)

Vulnerability from cvelistv5 – Published: 2025-02-12 13:27 – Updated: 2025-11-03 20:59

Title

drm/v3d: Ensure job pointer is set to NULL after job completion

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Ensure job pointer is set to NULL after job completion After a job completes, the corresponding pointer in the device must be set to NULL. Failing to do so triggers a warning when unloading the driver, as it appears the job is still active. To prevent this, assign the job pointer to NULL after completing the job, indicating the job has finished.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1bd6303d08c85072c…
	https://git.kernel.org/stable/c/a34050f70e7955a35…
	https://git.kernel.org/stable/c/14e0a874488e79086…
	https://git.kernel.org/stable/c/2a1c88f7ca5c12dff…
	https://git.kernel.org/stable/c/63195bae1cbf78f1d…
	https://git.kernel.org/stable/c/b22467b1ae104073d…
	https://git.kernel.org/stable/c/e4b5ccd392b92300a…

Impacted products

Vendor

Product

Version

Linux

Affected: 14d1d190869685d3a1e8a3f63924e20594557cb2 , < 1bd6303d08c85072ce40ac01a767ab67195105bd (git)
Affected: 14d1d190869685d3a1e8a3f63924e20594557cb2 , < a34050f70e7955a359874dff1a912a748724a140 (git)
Affected: 14d1d190869685d3a1e8a3f63924e20594557cb2 , < 14e0a874488e79086340ba8e2d238cb9596b68a8 (git)
Affected: 14d1d190869685d3a1e8a3f63924e20594557cb2 , < 2a1c88f7ca5c12dff6fa6787492ac910bb9e4407 (git)
Affected: 14d1d190869685d3a1e8a3f63924e20594557cb2 , < 63195bae1cbf78f1d392b1bc9ae4b03c82d0ebf3 (git)
Affected: 14d1d190869685d3a1e8a3f63924e20594557cb2 , < b22467b1ae104073dcb11aa78562a331cd7fb0e0 (git)
Affected: 14d1d190869685d3a1e8a3f63924e20594557cb2 , < e4b5ccd392b92300a2b341705cc4805681094e49 (git)

Linux

Affected: 4.19
Unaffected: 0 , < 4.19 (semver)
Unaffected: 5.4.290 , ≤ 5.4.* (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.127 , ≤ 6.1.* (semver)
Unaffected: 6.6.74 , ≤ 6.6.* (semver)
Unaffected: 6.12.11 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-21697",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:51:11.490682Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:09.517Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:59:20.493Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/v3d/v3d_irq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1bd6303d08c85072ce40ac01a767ab67195105bd",
              "status": "affected",
              "version": "14d1d190869685d3a1e8a3f63924e20594557cb2",
              "versionType": "git"
            },
            {
              "lessThan": "a34050f70e7955a359874dff1a912a748724a140",
              "status": "affected",
              "version": "14d1d190869685d3a1e8a3f63924e20594557cb2",
              "versionType": "git"
            },
            {
              "lessThan": "14e0a874488e79086340ba8e2d238cb9596b68a8",
              "status": "affected",
              "version": "14d1d190869685d3a1e8a3f63924e20594557cb2",
              "versionType": "git"
            },
            {
              "lessThan": "2a1c88f7ca5c12dff6fa6787492ac910bb9e4407",
              "status": "affected",
              "version": "14d1d190869685d3a1e8a3f63924e20594557cb2",
              "versionType": "git"
            },
            {
              "lessThan": "63195bae1cbf78f1d392b1bc9ae4b03c82d0ebf3",
              "status": "affected",
              "version": "14d1d190869685d3a1e8a3f63924e20594557cb2",
              "versionType": "git"
            },
            {
              "lessThan": "b22467b1ae104073dcb11aa78562a331cd7fb0e0",
              "status": "affected",
              "version": "14d1d190869685d3a1e8a3f63924e20594557cb2",
              "versionType": "git"
            },
            {
              "lessThan": "e4b5ccd392b92300a2b341705cc4805681094e49",
              "status": "affected",
              "version": "14d1d190869685d3a1e8a3f63924e20594557cb2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/v3d/v3d_irq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.19"
            },
            {
              "lessThan": "4.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.290",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.127",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.74",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.290",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.127",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.74",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.11",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Ensure job pointer is set to NULL after job completion\n\nAfter a job completes, the corresponding pointer in the device must\nbe set to NULL. Failing to do so triggers a warning when unloading\nthe driver, as it appears the job is still active. To prevent this,\nassign the job pointer to NULL after completing the job, indicating\nthe job has finished."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:19:14.739Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1bd6303d08c85072ce40ac01a767ab67195105bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/a34050f70e7955a359874dff1a912a748724a140"
        },
        {
          "url": "https://git.kernel.org/stable/c/14e0a874488e79086340ba8e2d238cb9596b68a8"
        },
        {
          "url": "https://git.kernel.org/stable/c/2a1c88f7ca5c12dff6fa6787492ac910bb9e4407"
        },
        {
          "url": "https://git.kernel.org/stable/c/63195bae1cbf78f1d392b1bc9ae4b03c82d0ebf3"
        },
        {
          "url": "https://git.kernel.org/stable/c/b22467b1ae104073dcb11aa78562a331cd7fb0e0"
        },
        {
          "url": "https://git.kernel.org/stable/c/e4b5ccd392b92300a2b341705cc4805681094e49"
        }
      ],
      "title": "drm/v3d: Ensure job pointer is set to NULL after job completion",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21697",
    "datePublished": "2025-02-12T13:27:55.488Z",
    "dateReserved": "2024-12-29T08:45:45.748Z",
    "dateUpdated": "2025-11-03T20:59:20.493Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53122 (GCVE-0-2024-53122)

Vulnerability from cvelistv5 – Published: 2024-12-02 13:44 – Updated: 2025-11-03 22:29

Title

mptcp: cope racing subflow creation in mptcp_rcv_space_adjust

Summary

In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Additional active subflows - i.e. created by the in kernel path manager - are included into the subflow list before starting the 3whs. A racing recvmsg() spooling data received on an already established subflow would unconditionally call tcp_cleanup_rbuf() on all the current subflows, potentially hitting a divide by zero error on the newly created ones. Explicitly check that the subflow is in a suitable state before invoking tcp_cleanup_rbuf().

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0a9a182ea5c7bb037…
	https://git.kernel.org/stable/c/24995851d58c4a205…
	https://git.kernel.org/stable/c/ff825ab2f455299c0…
	https://git.kernel.org/stable/c/aad6412c63baa39dd…
	https://git.kernel.org/stable/c/ce7356ae35943cc64…

Impacted products

Vendor

Product

Version

Linux

Affected: c76c6956566f974bac2470bd72fc22fb923e04a1 , < 0a9a182ea5c7bb0374e527130fd85024ace7279b (git)
Affected: c76c6956566f974bac2470bd72fc22fb923e04a1 , < 24995851d58c4a205ad0ffa7b2f21e479a9c8527 (git)
Affected: c76c6956566f974bac2470bd72fc22fb923e04a1 , < ff825ab2f455299c0c7287550915a8878e2a66e0 (git)
Affected: c76c6956566f974bac2470bd72fc22fb923e04a1 , < aad6412c63baa39dd813e81f16a14d976b3de2e8 (git)
Affected: c76c6956566f974bac2470bd72fc22fb923e04a1 , < ce7356ae35943cc6494cc692e62d51a734062b7d (git)

Linux

Affected: 5.10
Unaffected: 0 , < 5.10 (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.119 , ≤ 6.1.* (semver)
Unaffected: 6.6.63 , ≤ 6.6.* (semver)
Unaffected: 6.11.10 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:29:28.992Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/protocol.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0a9a182ea5c7bb0374e527130fd85024ace7279b",
              "status": "affected",
              "version": "c76c6956566f974bac2470bd72fc22fb923e04a1",
              "versionType": "git"
            },
            {
              "lessThan": "24995851d58c4a205ad0ffa7b2f21e479a9c8527",
              "status": "affected",
              "version": "c76c6956566f974bac2470bd72fc22fb923e04a1",
              "versionType": "git"
            },
            {
              "lessThan": "ff825ab2f455299c0c7287550915a8878e2a66e0",
              "status": "affected",
              "version": "c76c6956566f974bac2470bd72fc22fb923e04a1",
              "versionType": "git"
            },
            {
              "lessThan": "aad6412c63baa39dd813e81f16a14d976b3de2e8",
              "status": "affected",
              "version": "c76c6956566f974bac2470bd72fc22fb923e04a1",
              "versionType": "git"
            },
            {
              "lessThan": "ce7356ae35943cc6494cc692e62d51a734062b7d",
              "status": "affected",
              "version": "c76c6956566f974bac2470bd72fc22fb923e04a1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/protocol.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.119",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.63",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.10",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: cope racing subflow creation in mptcp_rcv_space_adjust\n\nAdditional active subflows - i.e. created by the in kernel path\nmanager - are included into the subflow list before starting the\n3whs.\n\nA racing recvmsg() spooling data received on an already established\nsubflow would unconditionally call tcp_cleanup_rbuf() on all the\ncurrent subflows, potentially hitting a divide by zero error on\nthe newly created ones.\n\nExplicitly check that the subflow is in a suitable state before\ninvoking tcp_cleanup_rbuf()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:53:34.823Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0a9a182ea5c7bb0374e527130fd85024ace7279b"
        },
        {
          "url": "https://git.kernel.org/stable/c/24995851d58c4a205ad0ffa7b2f21e479a9c8527"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff825ab2f455299c0c7287550915a8878e2a66e0"
        },
        {
          "url": "https://git.kernel.org/stable/c/aad6412c63baa39dd813e81f16a14d976b3de2e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/ce7356ae35943cc6494cc692e62d51a734062b7d"
        }
      ],
      "title": "mptcp: cope racing subflow creation in mptcp_rcv_space_adjust",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53122",
    "datePublished": "2024-12-02T13:44:52.678Z",
    "dateReserved": "2024-11-19T17:17:24.994Z",
    "dateUpdated": "2025-11-03T22:29:28.992Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53124 (GCVE-0-2024-53124)

Vulnerability from cvelistv5 – Published: 2024-12-02 13:44 – Updated: 2025-11-03 20:46

Title

net: fix data-races around sk->sk_forward_alloc

Summary

In the Linux kernel, the following vulnerability has been resolved: net: fix data-races around sk->sk_forward_alloc Syzkaller reported this warning: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0 Modules linked in: CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc5 #26 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:inet_sock_destruct+0x1c5/0x1e0 Code: 24 12 4c 89 e2 5b 48 c7 c7 98 ec bb 82 41 5c e9 d1 18 17 ff 4c 89 e6 5b 48 c7 c7 d0 ec bb 82 41 5c e9 bf 18 17 ff 0f 0b eb 83 <0f> 0b eb 97 0f 0b eb 87 0f 0b e9 68 ff ff ff 66 66 2e 0f 1f 84 00 RSP: 0018:ffffc9000008bd90 EFLAGS: 00010206 RAX: 0000000000000300 RBX: ffff88810b172a90 RCX: 0000000000000007 RDX: 0000000000000002 RSI: 0000000000000300 RDI: ffff88810b172a00 RBP: ffff88810b172a00 R08: ffff888104273c00 R09: 0000000000100007 R10: 0000000000020000 R11: 0000000000000006 R12: ffff88810b172a00 R13: 0000000000000004 R14: 0000000000000000 R15: ffff888237c31f78 FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc63fecac8 CR3: 000000000342e000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? __warn+0x88/0x130 ? inet_sock_destruct+0x1c5/0x1e0 ? report_bug+0x18e/0x1a0 ? handle_bug+0x53/0x90 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? inet_sock_destruct+0x1c5/0x1e0 __sk_destruct+0x2a/0x200 rcu_do_batch+0x1aa/0x530 ? rcu_do_batch+0x13b/0x530 rcu_core+0x159/0x2f0 handle_softirqs+0xd3/0x2b0 ? __pfx_smpboot_thread_fn+0x10/0x10 run_ksoftirqd+0x25/0x30 smpboot_thread_fn+0xdd/0x1d0 kthread+0xd3/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> ---[ end trace 0000000000000000 ]--- Its possible that two threads call tcp_v6_do_rcv()/sk_forward_alloc_add() concurrently when sk->sk_state == TCP_LISTEN with sk->sk_lock unlocked, which triggers a data-race around sk->sk_forward_alloc: tcp_v6_rcv tcp_v6_do_rcv skb_clone_and_charge_r sk_rmem_schedule __sk_mem_schedule sk_forward_alloc_add() skb_set_owner_r sk_mem_charge sk_forward_alloc_add() __kfree_skb skb_release_all skb_release_head_state sock_rfree sk_mem_uncharge sk_forward_alloc_add() sk_mem_reclaim // set local var reclaimable __sk_mem_reclaim sk_forward_alloc_add() In this syzkaller testcase, two threads call tcp_v6_do_rcv() with skb->truesize=768, the sk_forward_alloc changes like this: (cpu 1) | (cpu 2) | sk_forward_alloc ... | ... | 0 __sk_mem_schedule() | | +4096 = 4096 | __sk_mem_schedule() | +4096 = 8192 sk_mem_charge() | | -768 = 7424 | sk_mem_charge() | -768 = 6656 ... | ... | sk_mem_uncharge() | | +768 = 7424 reclaimable=7424 | | | sk_mem_uncharge() | +768 = 8192 | reclaimable=8192 | __sk_mem_reclaim() | | -4096 = 4096 | __sk_mem_reclaim() | -8192 = -4096 != 0 The skb_clone_and_charge_r() should not be called in tcp_v6_do_rcv() when sk->sk_state is TCP_LISTEN, it happens later in tcp_v6_syn_recv_sock(). Fix the same issue in dccp_v6_do_rcv().

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/695fb0b9aecfd5dd5…
	https://git.kernel.org/stable/c/fe2c0bd6d1e29ccef…
	https://git.kernel.org/stable/c/c3d052cae566ec228…
	https://git.kernel.org/stable/c/be7c61ea5f816168c…
	https://git.kernel.org/stable/c/3f51f8c9d28954cf3…
	https://git.kernel.org/stable/c/d285eb9d0641c8344…
	https://git.kernel.org/stable/c/073d89808c065ac4c…

Impacted products

Vendor

Product

Version

Linux

Affected: e994b2f0fb9229aeff5eea9541320bd7b2ca8714 , < 695fb0b9aecfd5dd5b2946ba8897ac2c1eef654d (git)
Affected: e994b2f0fb9229aeff5eea9541320bd7b2ca8714 , < fe2c0bd6d1e29ccefdc978b9a290571c93c27473 (git)
Affected: e994b2f0fb9229aeff5eea9541320bd7b2ca8714 , < c3d052cae566ec2285f5999958a5deb415a0f59e (git)
Affected: e994b2f0fb9229aeff5eea9541320bd7b2ca8714 , < be7c61ea5f816168c38955eb4e898adc8b4b32fd (git)
Affected: e994b2f0fb9229aeff5eea9541320bd7b2ca8714 , < 3f51f8c9d28954cf380100883a02eed35a8277e9 (git)
Affected: e994b2f0fb9229aeff5eea9541320bd7b2ca8714 , < d285eb9d0641c8344f2836081b4ccb7b3c5cc1b6 (git)
Affected: e994b2f0fb9229aeff5eea9541320bd7b2ca8714 , < 073d89808c065ac4c672c0a613a71b27a80691cb (git)

Linux

Affected: 4.4
Unaffected: 0 , < 4.4 (semver)
Unaffected: 5.4.290 , ≤ 5.4.* (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.127 , ≤ 6.1.* (semver)
Unaffected: 6.6.74 , ≤ 6.6.* (semver)
Unaffected: 6.11.10 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:46:04.223Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/dccp/ipv6.c",
            "net/ipv6/tcp_ipv6.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "695fb0b9aecfd5dd5b2946ba8897ac2c1eef654d",
              "status": "affected",
              "version": "e994b2f0fb9229aeff5eea9541320bd7b2ca8714",
              "versionType": "git"
            },
            {
              "lessThan": "fe2c0bd6d1e29ccefdc978b9a290571c93c27473",
              "status": "affected",
              "version": "e994b2f0fb9229aeff5eea9541320bd7b2ca8714",
              "versionType": "git"
            },
            {
              "lessThan": "c3d052cae566ec2285f5999958a5deb415a0f59e",
              "status": "affected",
              "version": "e994b2f0fb9229aeff5eea9541320bd7b2ca8714",
              "versionType": "git"
            },
            {
              "lessThan": "be7c61ea5f816168c38955eb4e898adc8b4b32fd",
              "status": "affected",
              "version": "e994b2f0fb9229aeff5eea9541320bd7b2ca8714",
              "versionType": "git"
            },
            {
              "lessThan": "3f51f8c9d28954cf380100883a02eed35a8277e9",
              "status": "affected",
              "version": "e994b2f0fb9229aeff5eea9541320bd7b2ca8714",
              "versionType": "git"
            },
            {
              "lessThan": "d285eb9d0641c8344f2836081b4ccb7b3c5cc1b6",
              "status": "affected",
              "version": "e994b2f0fb9229aeff5eea9541320bd7b2ca8714",
              "versionType": "git"
            },
            {
              "lessThan": "073d89808c065ac4c672c0a613a71b27a80691cb",
              "status": "affected",
              "version": "e994b2f0fb9229aeff5eea9541320bd7b2ca8714",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/dccp/ipv6.c",
            "net/ipv6/tcp_ipv6.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.4"
            },
            {
              "lessThan": "4.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.290",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.127",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.74",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.290",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.127",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.74",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.10",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix data-races around sk-\u003esk_forward_alloc\n\nSyzkaller reported this warning:\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0\n Modules linked in:\n CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc5 #26\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:inet_sock_destruct+0x1c5/0x1e0\n Code: 24 12 4c 89 e2 5b 48 c7 c7 98 ec bb 82 41 5c e9 d1 18 17 ff 4c 89 e6 5b 48 c7 c7 d0 ec bb 82 41 5c e9 bf 18 17 ff 0f 0b eb 83 \u003c0f\u003e 0b eb 97 0f 0b eb 87 0f 0b e9 68 ff ff ff 66 66 2e 0f 1f 84 00\n RSP: 0018:ffffc9000008bd90 EFLAGS: 00010206\n RAX: 0000000000000300 RBX: ffff88810b172a90 RCX: 0000000000000007\n RDX: 0000000000000002 RSI: 0000000000000300 RDI: ffff88810b172a00\n RBP: ffff88810b172a00 R08: ffff888104273c00 R09: 0000000000100007\n R10: 0000000000020000 R11: 0000000000000006 R12: ffff88810b172a00\n R13: 0000000000000004 R14: 0000000000000000 R15: ffff888237c31f78\n FS:  0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc63fecac8 CR3: 000000000342e000 CR4: 00000000000006f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n  \u003cTASK\u003e\n  ? __warn+0x88/0x130\n  ? inet_sock_destruct+0x1c5/0x1e0\n  ? report_bug+0x18e/0x1a0\n  ? handle_bug+0x53/0x90\n  ? exc_invalid_op+0x18/0x70\n  ? asm_exc_invalid_op+0x1a/0x20\n  ? inet_sock_destruct+0x1c5/0x1e0\n  __sk_destruct+0x2a/0x200\n  rcu_do_batch+0x1aa/0x530\n  ? rcu_do_batch+0x13b/0x530\n  rcu_core+0x159/0x2f0\n  handle_softirqs+0xd3/0x2b0\n  ? __pfx_smpboot_thread_fn+0x10/0x10\n  run_ksoftirqd+0x25/0x30\n  smpboot_thread_fn+0xdd/0x1d0\n  kthread+0xd3/0x100\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork+0x34/0x50\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork_asm+0x1a/0x30\n  \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nIts possible that two threads call tcp_v6_do_rcv()/sk_forward_alloc_add()\nconcurrently when sk-\u003esk_state == TCP_LISTEN with sk-\u003esk_lock unlocked,\nwhich triggers a data-race around sk-\u003esk_forward_alloc:\ntcp_v6_rcv\n    tcp_v6_do_rcv\n        skb_clone_and_charge_r\n            sk_rmem_schedule\n                __sk_mem_schedule\n                    sk_forward_alloc_add()\n            skb_set_owner_r\n                sk_mem_charge\n                    sk_forward_alloc_add()\n        __kfree_skb\n            skb_release_all\n                skb_release_head_state\n                    sock_rfree\n                        sk_mem_uncharge\n                            sk_forward_alloc_add()\n                            sk_mem_reclaim\n                                // set local var reclaimable\n                                __sk_mem_reclaim\n                                    sk_forward_alloc_add()\n\nIn this syzkaller testcase, two threads call\ntcp_v6_do_rcv() with skb-\u003etruesize=768, the sk_forward_alloc changes like\nthis:\n (cpu 1)             | (cpu 2)             | sk_forward_alloc\n ...                 | ...                 | 0\n __sk_mem_schedule() |                     | +4096 = 4096\n                     | __sk_mem_schedule() | +4096 = 8192\n sk_mem_charge()     |                     | -768  = 7424\n                     | sk_mem_charge()     | -768  = 6656\n ...                 |    ...              |\n sk_mem_uncharge()   |                     | +768  = 7424\n reclaimable=7424    |                     |\n                     | sk_mem_uncharge()   | +768  = 8192\n                     | reclaimable=8192    |\n __sk_mem_reclaim()  |                     | -4096 = 4096\n                     | __sk_mem_reclaim()  | -8192 = -4096 != 0\n\nThe skb_clone_and_charge_r() should not be called in tcp_v6_do_rcv() when\nsk-\u003esk_state is TCP_LISTEN, it happens later in tcp_v6_syn_recv_sock().\nFix the same issue in dccp_v6_do_rcv()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:53:37.771Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/695fb0b9aecfd5dd5b2946ba8897ac2c1eef654d"
        },
        {
          "url": "https://git.kernel.org/stable/c/fe2c0bd6d1e29ccefdc978b9a290571c93c27473"
        },
        {
          "url": "https://git.kernel.org/stable/c/c3d052cae566ec2285f5999958a5deb415a0f59e"
        },
        {
          "url": "https://git.kernel.org/stable/c/be7c61ea5f816168c38955eb4e898adc8b4b32fd"
        },
        {
          "url": "https://git.kernel.org/stable/c/3f51f8c9d28954cf380100883a02eed35a8277e9"
        },
        {
          "url": "https://git.kernel.org/stable/c/d285eb9d0641c8344f2836081b4ccb7b3c5cc1b6"
        },
        {
          "url": "https://git.kernel.org/stable/c/073d89808c065ac4c672c0a613a71b27a80691cb"
        }
      ],
      "title": "net: fix data-races around sk-\u003esk_forward_alloc",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53124",
    "datePublished": "2024-12-02T13:44:54.257Z",
    "dateReserved": "2024-11-19T17:17:24.995Z",
    "dateUpdated": "2025-11-03T20:46:04.223Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-57931 (GCVE-0-2024-57931)

Vulnerability from cvelistv5 – Published: 2025-01-21 12:01 – Updated: 2025-11-03 20:56

Title

selinux: ignore unknown extended permissions

Summary

In the Linux kernel, the following vulnerability has been resolved: selinux: ignore unknown extended permissions When evaluating extended permissions, ignore unknown permissions instead of calling BUG(). This commit ensures that future permissions can be added without interfering with older kernels.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f45a77dd24ae9ddb4…
	https://git.kernel.org/stable/c/712137b177b45f255…
	https://git.kernel.org/stable/c/f70e4b9ec69d9a74b…
	https://git.kernel.org/stable/c/c79324d42fa48372e…
	https://git.kernel.org/stable/c/c1dbd28a079553de0…
	https://git.kernel.org/stable/c/efefe36c03a73bb81…
	https://git.kernel.org/stable/c/900f83cf376bdaf79…

Impacted products

Vendor

Product

Version

Linux

Affected: fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a , < f45a77dd24ae9ddb474303ec3975c376bd99fc51 (git)
Affected: fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a , < 712137b177b45f255ce5687e679d950fcb218256 (git)
Affected: fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a , < f70e4b9ec69d9a74b84c17767a9a4eda8c901021 (git)
Affected: fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a , < c79324d42fa48372e0acb306a2761cc642bd4db0 (git)
Affected: fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a , < c1dbd28a079553de0023e1c938c713efeeee400f (git)
Affected: fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a , < efefe36c03a73bb81c0720ce397659a5051b73fa (git)
Affected: fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a , < 900f83cf376bdaf798b6f5dcb2eae0c822e908b6 (git)

Linux

Affected: 4.3
Unaffected: 0 , < 4.3 (semver)
Unaffected: 5.4.289 , ≤ 5.4.* (semver)
Unaffected: 5.10.233 , ≤ 5.10.* (semver)
Unaffected: 5.15.176 , ≤ 5.15.* (semver)
Unaffected: 6.1.124 , ≤ 6.1.* (semver)
Unaffected: 6.6.70 , ≤ 6.6.* (semver)
Unaffected: 6.12.9 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:56:02.355Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "security/selinux/ss/services.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f45a77dd24ae9ddb474303ec3975c376bd99fc51",
              "status": "affected",
              "version": "fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a",
              "versionType": "git"
            },
            {
              "lessThan": "712137b177b45f255ce5687e679d950fcb218256",
              "status": "affected",
              "version": "fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a",
              "versionType": "git"
            },
            {
              "lessThan": "f70e4b9ec69d9a74b84c17767a9a4eda8c901021",
              "status": "affected",
              "version": "fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a",
              "versionType": "git"
            },
            {
              "lessThan": "c79324d42fa48372e0acb306a2761cc642bd4db0",
              "status": "affected",
              "version": "fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a",
              "versionType": "git"
            },
            {
              "lessThan": "c1dbd28a079553de0023e1c938c713efeeee400f",
              "status": "affected",
              "version": "fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a",
              "versionType": "git"
            },
            {
              "lessThan": "efefe36c03a73bb81c0720ce397659a5051b73fa",
              "status": "affected",
              "version": "fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a",
              "versionType": "git"
            },
            {
              "lessThan": "900f83cf376bdaf798b6f5dcb2eae0c822e908b6",
              "status": "affected",
              "version": "fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "security/selinux/ss/services.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.3"
            },
            {
              "lessThan": "4.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.289",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.233",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.124",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.70",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.289",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.233",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.176",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.124",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.70",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.9",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: ignore unknown extended permissions\n\nWhen evaluating extended permissions, ignore unknown permissions instead\nof calling BUG(). This commit ensures that future permissions can be\nadded without interfering with older kernels."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:06:54.999Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f45a77dd24ae9ddb474303ec3975c376bd99fc51"
        },
        {
          "url": "https://git.kernel.org/stable/c/712137b177b45f255ce5687e679d950fcb218256"
        },
        {
          "url": "https://git.kernel.org/stable/c/f70e4b9ec69d9a74b84c17767a9a4eda8c901021"
        },
        {
          "url": "https://git.kernel.org/stable/c/c79324d42fa48372e0acb306a2761cc642bd4db0"
        },
        {
          "url": "https://git.kernel.org/stable/c/c1dbd28a079553de0023e1c938c713efeeee400f"
        },
        {
          "url": "https://git.kernel.org/stable/c/efefe36c03a73bb81c0720ce397659a5051b73fa"
        },
        {
          "url": "https://git.kernel.org/stable/c/900f83cf376bdaf798b6f5dcb2eae0c822e908b6"
        }
      ],
      "title": "selinux: ignore unknown extended permissions",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57931",
    "datePublished": "2025-01-21T12:01:28.539Z",
    "dateReserved": "2025-01-19T11:50:08.377Z",
    "dateUpdated": "2025-11-03T20:56:02.355Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53172 (GCVE-0-2024-53172)

Vulnerability from cvelistv5 – Published: 2024-12-27 13:49 – Updated: 2025-11-03 20:47

Title

ubi: fastmap: Fix duplicate slab cache names while attaching

Summary

In the Linux kernel, the following vulnerability has been resolved: ubi: fastmap: Fix duplicate slab cache names while attaching Since commit 4c39529663b9 ("slab: Warn on duplicate cache names when DEBUG_VM=y"), the duplicate slab cache names can be detected and a kernel WARNING is thrown out. In UBI fast attaching process, alloc_ai() could be invoked twice with the same slab cache name 'ubi_aeb_slab_cache', which will trigger following warning messages: kmem_cache of name 'ubi_aeb_slab_cache' already exists WARNING: CPU: 0 PID: 7519 at mm/slab_common.c:107 __kmem_cache_create_args+0x100/0x5f0 Modules linked in: ubi(+) nandsim [last unloaded: nandsim] CPU: 0 UID: 0 PID: 7519 Comm: modprobe Tainted: G 6.12.0-rc2 RIP: 0010:__kmem_cache_create_args+0x100/0x5f0 Call Trace: __kmem_cache_create_args+0x100/0x5f0 alloc_ai+0x295/0x3f0 [ubi] ubi_attach+0x3c3/0xcc0 [ubi] ubi_attach_mtd_dev+0x17cf/0x3fa0 [ubi] ubi_init+0x3fb/0x800 [ubi] do_init_module+0x265/0x7d0 __x64_sys_finit_module+0x7a/0xc0 The problem could be easily reproduced by loading UBI device by fastmap with CONFIG_DEBUG_VM=y. Fix it by using different slab names for alloc_ai() callers.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ef52b7191ac41e68b…
	https://git.kernel.org/stable/c/871c148f8e0c32e50…
	https://git.kernel.org/stable/c/04c0b0f3761709947…
	https://git.kernel.org/stable/c/b1ee0aa4945c49cbb…
	https://git.kernel.org/stable/c/6afdcb285794e75d2…
	https://git.kernel.org/stable/c/612824dd0c9465ef3…
	https://git.kernel.org/stable/c/3d8558135cd56a2a8…
	https://git.kernel.org/stable/c/7402c4bcb8a3f0d2e…
	https://git.kernel.org/stable/c/bcddf52b7a17adceb…

Impacted products

Vendor

Product

Version

Linux

Affected: d2158f69a7d469c21c37f7028c18aa8c54707de3 , < ef52b7191ac41e68b1bf070d00c5b04ed16e4920 (git)
Affected: d2158f69a7d469c21c37f7028c18aa8c54707de3 , < 871c148f8e0c32e505df9393ba4a303c3c3fe988 (git)
Affected: d2158f69a7d469c21c37f7028c18aa8c54707de3 , < 04c0b0f37617099479c34e207c5550d081f585a6 (git)
Affected: d2158f69a7d469c21c37f7028c18aa8c54707de3 , < b1ee0aa4945c49cbbd779da81040fcec4de80fd1 (git)
Affected: d2158f69a7d469c21c37f7028c18aa8c54707de3 , < 6afdcb285794e75d2c8995e3a44f523c176cc2de (git)
Affected: d2158f69a7d469c21c37f7028c18aa8c54707de3 , < 612824dd0c9465ef365ace38b056c663d110956d (git)
Affected: d2158f69a7d469c21c37f7028c18aa8c54707de3 , < 3d8558135cd56a2a8052024be4073e160f36658c (git)
Affected: d2158f69a7d469c21c37f7028c18aa8c54707de3 , < 7402c4bcb8a3f0d2ef4e687cd45c76be489cf509 (git)
Affected: d2158f69a7d469c21c37f7028c18aa8c54707de3 , < bcddf52b7a17adcebc768d26f4e27cf79adb424c (git)

Linux

Affected: 4.1
Unaffected: 0 , < 4.1 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:47:04.030Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/mtd/ubi/attach.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ef52b7191ac41e68b1bf070d00c5b04ed16e4920",
              "status": "affected",
              "version": "d2158f69a7d469c21c37f7028c18aa8c54707de3",
              "versionType": "git"
            },
            {
              "lessThan": "871c148f8e0c32e505df9393ba4a303c3c3fe988",
              "status": "affected",
              "version": "d2158f69a7d469c21c37f7028c18aa8c54707de3",
              "versionType": "git"
            },
            {
              "lessThan": "04c0b0f37617099479c34e207c5550d081f585a6",
              "status": "affected",
              "version": "d2158f69a7d469c21c37f7028c18aa8c54707de3",
              "versionType": "git"
            },
            {
              "lessThan": "b1ee0aa4945c49cbbd779da81040fcec4de80fd1",
              "status": "affected",
              "version": "d2158f69a7d469c21c37f7028c18aa8c54707de3",
              "versionType": "git"
            },
            {
              "lessThan": "6afdcb285794e75d2c8995e3a44f523c176cc2de",
              "status": "affected",
              "version": "d2158f69a7d469c21c37f7028c18aa8c54707de3",
              "versionType": "git"
            },
            {
              "lessThan": "612824dd0c9465ef365ace38b056c663d110956d",
              "status": "affected",
              "version": "d2158f69a7d469c21c37f7028c18aa8c54707de3",
              "versionType": "git"
            },
            {
              "lessThan": "3d8558135cd56a2a8052024be4073e160f36658c",
              "status": "affected",
              "version": "d2158f69a7d469c21c37f7028c18aa8c54707de3",
              "versionType": "git"
            },
            {
              "lessThan": "7402c4bcb8a3f0d2ef4e687cd45c76be489cf509",
              "status": "affected",
              "version": "d2158f69a7d469c21c37f7028c18aa8c54707de3",
              "versionType": "git"
            },
            {
              "lessThan": "bcddf52b7a17adcebc768d26f4e27cf79adb424c",
              "status": "affected",
              "version": "d2158f69a7d469c21c37f7028c18aa8c54707de3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/mtd/ubi/attach.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubi: fastmap: Fix duplicate slab cache names while attaching\n\nSince commit 4c39529663b9 (\"slab: Warn on duplicate cache names when\nDEBUG_VM=y\"), the duplicate slab cache names can be detected and a\nkernel WARNING is thrown out.\nIn UBI fast attaching process, alloc_ai() could be invoked twice\nwith the same slab cache name \u0027ubi_aeb_slab_cache\u0027, which will trigger\nfollowing warning messages:\n kmem_cache of name \u0027ubi_aeb_slab_cache\u0027 already exists\n WARNING: CPU: 0 PID: 7519 at mm/slab_common.c:107\n          __kmem_cache_create_args+0x100/0x5f0\n Modules linked in: ubi(+) nandsim [last unloaded: nandsim]\n CPU: 0 UID: 0 PID: 7519 Comm: modprobe Tainted: G 6.12.0-rc2\n RIP: 0010:__kmem_cache_create_args+0x100/0x5f0\n Call Trace:\n   __kmem_cache_create_args+0x100/0x5f0\n   alloc_ai+0x295/0x3f0 [ubi]\n   ubi_attach+0x3c3/0xcc0 [ubi]\n   ubi_attach_mtd_dev+0x17cf/0x3fa0 [ubi]\n   ubi_init+0x3fb/0x800 [ubi]\n   do_init_module+0x265/0x7d0\n   __x64_sys_finit_module+0x7a/0xc0\n\nThe problem could be easily reproduced by loading UBI device by fastmap\nwith CONFIG_DEBUG_VM=y.\nFix it by using different slab names for alloc_ai() callers."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:54:51.996Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ef52b7191ac41e68b1bf070d00c5b04ed16e4920"
        },
        {
          "url": "https://git.kernel.org/stable/c/871c148f8e0c32e505df9393ba4a303c3c3fe988"
        },
        {
          "url": "https://git.kernel.org/stable/c/04c0b0f37617099479c34e207c5550d081f585a6"
        },
        {
          "url": "https://git.kernel.org/stable/c/b1ee0aa4945c49cbbd779da81040fcec4de80fd1"
        },
        {
          "url": "https://git.kernel.org/stable/c/6afdcb285794e75d2c8995e3a44f523c176cc2de"
        },
        {
          "url": "https://git.kernel.org/stable/c/612824dd0c9465ef365ace38b056c663d110956d"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d8558135cd56a2a8052024be4073e160f36658c"
        },
        {
          "url": "https://git.kernel.org/stable/c/7402c4bcb8a3f0d2ef4e687cd45c76be489cf509"
        },
        {
          "url": "https://git.kernel.org/stable/c/bcddf52b7a17adcebc768d26f4e27cf79adb424c"
        }
      ],
      "title": "ubi: fastmap: Fix duplicate slab cache names while attaching",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53172",
    "datePublished": "2024-12-27T13:49:17.267Z",
    "dateReserved": "2024-11-19T17:17:25.006Z",
    "dateUpdated": "2025-11-03T20:47:04.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49571 (GCVE-0-2024-49571)

Vulnerability from cvelistv5 – Published: 2025-01-11 12:35 – Updated: 2025-11-03 20:41

Title

net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg

Summary

In the Linux kernel, the following vulnerability has been resolved: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg When receiving proposal msg in server, the field iparea_offset and the field ipv6_prefixes_cnt in proposal msg are from the remote client and can not be fully trusted. Especially the field iparea_offset, once exceed the max value, there has the chance to access wrong address, and crash may happen. This patch checks iparea_offset and ipv6_prefixes_cnt before using them.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/846bada23bfcdeb83…
	https://git.kernel.org/stable/c/f10635268a0a49ee9…
	https://git.kernel.org/stable/c/62056d1592e63d85e…
	https://git.kernel.org/stable/c/91a7c27c1444ed467…
	https://git.kernel.org/stable/c/47ce46349672a7e0c…
	https://git.kernel.org/stable/c/a29e220d3c8edbf0e…

Impacted products

Vendor

Product

Version

Linux

Affected: e7b7a64a8493d47433fd003efbe6543e3f676294 , < 846bada23bfcdeb83621b045ed85dc06c7833ff0 (git)
Affected: e7b7a64a8493d47433fd003efbe6543e3f676294 , < f10635268a0a49ee902a3b63b5dbb76f4fed498e (git)
Affected: e7b7a64a8493d47433fd003efbe6543e3f676294 , < 62056d1592e63d85e82357ee2ae6a6a294f440b0 (git)
Affected: e7b7a64a8493d47433fd003efbe6543e3f676294 , < 91a7c27c1444ed4677b83fd5308d2cf03f5f0851 (git)
Affected: e7b7a64a8493d47433fd003efbe6543e3f676294 , < 47ce46349672a7e0c361bfe39ed0b22e824ef4fb (git)
Affected: e7b7a64a8493d47433fd003efbe6543e3f676294 , < a29e220d3c8edbf0e1beb0f028878a4a85966556 (git)

Linux

Affected: 4.16
Unaffected: 0 , < 4.16 (semver)
Unaffected: 5.10.233 , ≤ 5.10.* (semver)
Unaffected: 5.15.176 , ≤ 5.15.* (semver)
Unaffected: 6.1.122 , ≤ 6.1.* (semver)
Unaffected: 6.6.68 , ≤ 6.6.* (semver)
Unaffected: 6.12.7 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:41:09.035Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/smc/af_smc.c",
            "net/smc/smc_clc.c",
            "net/smc/smc_clc.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "846bada23bfcdeb83621b045ed85dc06c7833ff0",
              "status": "affected",
              "version": "e7b7a64a8493d47433fd003efbe6543e3f676294",
              "versionType": "git"
            },
            {
              "lessThan": "f10635268a0a49ee902a3b63b5dbb76f4fed498e",
              "status": "affected",
              "version": "e7b7a64a8493d47433fd003efbe6543e3f676294",
              "versionType": "git"
            },
            {
              "lessThan": "62056d1592e63d85e82357ee2ae6a6a294f440b0",
              "status": "affected",
              "version": "e7b7a64a8493d47433fd003efbe6543e3f676294",
              "versionType": "git"
            },
            {
              "lessThan": "91a7c27c1444ed4677b83fd5308d2cf03f5f0851",
              "status": "affected",
              "version": "e7b7a64a8493d47433fd003efbe6543e3f676294",
              "versionType": "git"
            },
            {
              "lessThan": "47ce46349672a7e0c361bfe39ed0b22e824ef4fb",
              "status": "affected",
              "version": "e7b7a64a8493d47433fd003efbe6543e3f676294",
              "versionType": "git"
            },
            {
              "lessThan": "a29e220d3c8edbf0e1beb0f028878a4a85966556",
              "status": "affected",
              "version": "e7b7a64a8493d47433fd003efbe6543e3f676294",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/smc/af_smc.c",
            "net/smc/smc_clc.c",
            "net/smc/smc_clc.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.16"
            },
            {
              "lessThan": "4.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.233",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.122",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.68",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.233",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.176",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.122",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.68",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.7",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg\n\nWhen receiving proposal msg in server, the field iparea_offset\nand the field ipv6_prefixes_cnt in proposal msg are from the\nremote client and can not be fully trusted. Especially the\nfield iparea_offset, once exceed the max value, there has the\nchance to access wrong address, and crash may happen.\n\nThis patch checks iparea_offset and ipv6_prefixes_cnt before using them."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:39:27.664Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/846bada23bfcdeb83621b045ed85dc06c7833ff0"
        },
        {
          "url": "https://git.kernel.org/stable/c/f10635268a0a49ee902a3b63b5dbb76f4fed498e"
        },
        {
          "url": "https://git.kernel.org/stable/c/62056d1592e63d85e82357ee2ae6a6a294f440b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/91a7c27c1444ed4677b83fd5308d2cf03f5f0851"
        },
        {
          "url": "https://git.kernel.org/stable/c/47ce46349672a7e0c361bfe39ed0b22e824ef4fb"
        },
        {
          "url": "https://git.kernel.org/stable/c/a29e220d3c8edbf0e1beb0f028878a4a85966556"
        }
      ],
      "title": "net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49571",
    "datePublished": "2025-01-11T12:35:36.957Z",
    "dateReserved": "2025-01-11T12:33:33.704Z",
    "dateUpdated": "2025-11-03T20:41:09.035Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53112 (GCVE-0-2024-53112)

Vulnerability from cvelistv5 – Published: 2024-12-02 13:44 – Updated: 2025-11-03 22:29

Title

ocfs2: uncache inode which has failed entering the group

Summary

In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509! ... Call Trace: <TASK> ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? do_error_trap+0x1dc/0x2c0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? __pfx_do_error_trap+0x10/0x10 ? handle_invalid_op+0x34/0x40 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? exc_invalid_op+0x38/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? ocfs2_set_new_buffer_uptodate+0x2e/0x160 ? ocfs2_set_new_buffer_uptodate+0x144/0x160 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ocfs2_group_add+0x39f/0x15a0 ? __pfx_ocfs2_group_add+0x10/0x10 ? __pfx_lock_acquire+0x10/0x10 ? mnt_get_write_access+0x68/0x2b0 ? __pfx_lock_release+0x10/0x10 ? rcu_read_lock_any_held+0xb7/0x160 ? __pfx_rcu_read_lock_any_held+0x10/0x10 ? smack_log+0x123/0x540 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x226/0x2b0 ocfs2_ioctl+0x65e/0x7d0 ? __pfx_ocfs2_ioctl+0x10/0x10 ? smack_file_ioctl+0x29e/0x3a0 ? __pfx_smack_file_ioctl+0x10/0x10 ? lockdep_hardirqs_on_prepare+0x43d/0x780 ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 ? __pfx_ocfs2_ioctl+0x10/0x10 __se_sys_ioctl+0xfb/0x170 do_syscall_64+0xf3/0x230 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... </TASK> When 'ioctl(OCFS2_IOC_GROUP_ADD, ...)' has failed for the particular inode in 'ocfs2_verify_group_and_input()', corresponding buffer head remains cached and subsequent call to the same 'ioctl()' for the same inode issues the BUG() in 'ocfs2_set_new_buffer_uptodate()' (trying to cache the same buffer head of that inode). Fix this by uncaching the buffer head with 'ocfs2_remove_from_cache()' on error path in 'ocfs2_group_add()'.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ac0cfe8ac35cf1be5…
	https://git.kernel.org/stable/c/5ae8cc0b0c027e9ca…
	https://git.kernel.org/stable/c/28d4ed71ae0b4baed…
	https://git.kernel.org/stable/c/0e04746db2ec4aec0…
	https://git.kernel.org/stable/c/620d22598110b0d0c…
	https://git.kernel.org/stable/c/843dfc804af4b338e…
	https://git.kernel.org/stable/c/b751c50e19d66cfb7…
	https://git.kernel.org/stable/c/737f34137844d6572…

Impacted products

Vendor

Product

Version

Linux

Affected: 7909f2bf835376a20d6dbf853eb459a27566eba2 , < ac0cfe8ac35cf1be54131b90d114087b558777ca (git)
Affected: 7909f2bf835376a20d6dbf853eb459a27566eba2 , < 5ae8cc0b0c027e9cab22596049bc4dd1cbc37ee4 (git)
Affected: 7909f2bf835376a20d6dbf853eb459a27566eba2 , < 28d4ed71ae0b4baedca3e85ee6d8f227ec75ebf6 (git)
Affected: 7909f2bf835376a20d6dbf853eb459a27566eba2 , < 0e04746db2ec4aec04cef5763b9d9aa32829ae2f (git)
Affected: 7909f2bf835376a20d6dbf853eb459a27566eba2 , < 620d22598110b0d0cb97a3fcca65fc473ea86e73 (git)
Affected: 7909f2bf835376a20d6dbf853eb459a27566eba2 , < 843dfc804af4b338ead42331dd58081b428ecdf8 (git)
Affected: 7909f2bf835376a20d6dbf853eb459a27566eba2 , < b751c50e19d66cfb7360c0b55cf17b0722252d12 (git)
Affected: 7909f2bf835376a20d6dbf853eb459a27566eba2 , < 737f34137844d6572ab7d473c998c7f977ff30eb (git)

Linux

Affected: 2.6.25
Unaffected: 0 , < 2.6.25 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.119 , ≤ 6.1.* (semver)
Unaffected: 6.6.63 , ≤ 6.6.* (semver)
Unaffected: 6.11.10 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:29:21.599Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/resize.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ac0cfe8ac35cf1be54131b90d114087b558777ca",
              "status": "affected",
              "version": "7909f2bf835376a20d6dbf853eb459a27566eba2",
              "versionType": "git"
            },
            {
              "lessThan": "5ae8cc0b0c027e9cab22596049bc4dd1cbc37ee4",
              "status": "affected",
              "version": "7909f2bf835376a20d6dbf853eb459a27566eba2",
              "versionType": "git"
            },
            {
              "lessThan": "28d4ed71ae0b4baedca3e85ee6d8f227ec75ebf6",
              "status": "affected",
              "version": "7909f2bf835376a20d6dbf853eb459a27566eba2",
              "versionType": "git"
            },
            {
              "lessThan": "0e04746db2ec4aec04cef5763b9d9aa32829ae2f",
              "status": "affected",
              "version": "7909f2bf835376a20d6dbf853eb459a27566eba2",
              "versionType": "git"
            },
            {
              "lessThan": "620d22598110b0d0cb97a3fcca65fc473ea86e73",
              "status": "affected",
              "version": "7909f2bf835376a20d6dbf853eb459a27566eba2",
              "versionType": "git"
            },
            {
              "lessThan": "843dfc804af4b338ead42331dd58081b428ecdf8",
              "status": "affected",
              "version": "7909f2bf835376a20d6dbf853eb459a27566eba2",
              "versionType": "git"
            },
            {
              "lessThan": "b751c50e19d66cfb7360c0b55cf17b0722252d12",
              "status": "affected",
              "version": "7909f2bf835376a20d6dbf853eb459a27566eba2",
              "versionType": "git"
            },
            {
              "lessThan": "737f34137844d6572ab7d473c998c7f977ff30eb",
              "status": "affected",
              "version": "7909f2bf835376a20d6dbf853eb459a27566eba2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/resize.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.25"
            },
            {
              "lessThan": "2.6.25",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.119",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.63",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.10",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: uncache inode which has failed entering the group\n\nSyzbot has reported the following BUG:\n\nkernel BUG at fs/ocfs2/uptodate.c:509!\n...\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x5f/0xb0\n ? die+0x9e/0xc0\n ? do_trap+0x15a/0x3a0\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? do_error_trap+0x1dc/0x2c0\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? __pfx_do_error_trap+0x10/0x10\n ? handle_invalid_op+0x34/0x40\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? exc_invalid_op+0x38/0x50\n ? asm_exc_invalid_op+0x1a/0x20\n ? ocfs2_set_new_buffer_uptodate+0x2e/0x160\n ? ocfs2_set_new_buffer_uptodate+0x144/0x160\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ocfs2_group_add+0x39f/0x15a0\n ? __pfx_ocfs2_group_add+0x10/0x10\n ? __pfx_lock_acquire+0x10/0x10\n ? mnt_get_write_access+0x68/0x2b0\n ? __pfx_lock_release+0x10/0x10\n ? rcu_read_lock_any_held+0xb7/0x160\n ? __pfx_rcu_read_lock_any_held+0x10/0x10\n ? smack_log+0x123/0x540\n ? mnt_get_write_access+0x68/0x2b0\n ? mnt_get_write_access+0x68/0x2b0\n ? mnt_get_write_access+0x226/0x2b0\n ocfs2_ioctl+0x65e/0x7d0\n ? __pfx_ocfs2_ioctl+0x10/0x10\n ? smack_file_ioctl+0x29e/0x3a0\n ? __pfx_smack_file_ioctl+0x10/0x10\n ? lockdep_hardirqs_on_prepare+0x43d/0x780\n ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10\n ? __pfx_ocfs2_ioctl+0x10/0x10\n __se_sys_ioctl+0xfb/0x170\n do_syscall_64+0xf3/0x230\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n \u003c/TASK\u003e\n\nWhen \u0027ioctl(OCFS2_IOC_GROUP_ADD, ...)\u0027 has failed for the particular\ninode in \u0027ocfs2_verify_group_and_input()\u0027, corresponding buffer head\nremains cached and subsequent call to the same \u0027ioctl()\u0027 for the same\ninode issues the BUG() in \u0027ocfs2_set_new_buffer_uptodate()\u0027 (trying\nto cache the same buffer head of that inode). Fix this by uncaching\nthe buffer head with \u0027ocfs2_remove_from_cache()\u0027 on error path in\n\u0027ocfs2_group_add()\u0027."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:53:18.908Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ac0cfe8ac35cf1be54131b90d114087b558777ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ae8cc0b0c027e9cab22596049bc4dd1cbc37ee4"
        },
        {
          "url": "https://git.kernel.org/stable/c/28d4ed71ae0b4baedca3e85ee6d8f227ec75ebf6"
        },
        {
          "url": "https://git.kernel.org/stable/c/0e04746db2ec4aec04cef5763b9d9aa32829ae2f"
        },
        {
          "url": "https://git.kernel.org/stable/c/620d22598110b0d0cb97a3fcca65fc473ea86e73"
        },
        {
          "url": "https://git.kernel.org/stable/c/843dfc804af4b338ead42331dd58081b428ecdf8"
        },
        {
          "url": "https://git.kernel.org/stable/c/b751c50e19d66cfb7360c0b55cf17b0722252d12"
        },
        {
          "url": "https://git.kernel.org/stable/c/737f34137844d6572ab7d473c998c7f977ff30eb"
        }
      ],
      "title": "ocfs2: uncache inode which has failed entering the group",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53112",
    "datePublished": "2024-12-02T13:44:44.387Z",
    "dateReserved": "2024-11-19T17:17:24.993Z",
    "dateUpdated": "2025-11-03T22:29:21.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56532 (GCVE-0-2024-56532)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:11 – Updated: 2025-11-03 20:49

Title

ALSA: us122l: Use snd_card_free_when_closed() at disconnection

Summary

In the Linux kernel, the following vulnerability has been resolved: ALSA: us122l: Use snd_card_free_when_closed() at disconnection The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup. An easy workaround is to replace snd_card_free() with snd_card_free_when_closed(). This variant returns immediately while the release of resources is done asynchronously by the card device release at the last close. The loop of us122l->mmap_count check is dropped as well. The check is useless for the asynchronous operation with *_when_closed().

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-667 - Improper Locking

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/020cbc4d7414f0962…
	https://git.kernel.org/stable/c/75f418b249d840218…
	https://git.kernel.org/stable/c/bf0aa35a7cb8602cc…
	https://git.kernel.org/stable/c/9a48bd2184b142c92…
	https://git.kernel.org/stable/c/bc778ad3e495333ee…
	https://git.kernel.org/stable/c/2938dd26485223361…
	https://git.kernel.org/stable/c/9b27924dc8d7f8a8c…
	https://git.kernel.org/stable/c/9d5c530e4d70f64b1…
	https://git.kernel.org/stable/c/b7df09bb348016943…

Impacted products

Vendor

Product

Version

Linux

Affected: 030a07e441296c372f946cd4065b5d831d8dc40c , < 020cbc4d7414f0962004213e2b7bc5cc607e9ec7 (git)
Affected: 030a07e441296c372f946cd4065b5d831d8dc40c , < 75f418b249d84021865eaa59515d3ed9b75ce4d6 (git)
Affected: 030a07e441296c372f946cd4065b5d831d8dc40c , < bf0aa35a7cb8602cccf2387712114e836f65c154 (git)
Affected: 030a07e441296c372f946cd4065b5d831d8dc40c , < 9a48bd2184b142c92a4e17eac074c61fcf975bc9 (git)
Affected: 030a07e441296c372f946cd4065b5d831d8dc40c , < bc778ad3e495333eebda36fe91d5b2c93109cc16 (git)
Affected: 030a07e441296c372f946cd4065b5d831d8dc40c , < 2938dd2648522336133c151dd67bb9bf01cbd390 (git)
Affected: 030a07e441296c372f946cd4065b5d831d8dc40c , < 9b27924dc8d7f8a8c35e521287d4ccb9a006e597 (git)
Affected: 030a07e441296c372f946cd4065b5d831d8dc40c , < 9d5c530e4d70f64b1114f2cc29ac690ba7ac4a38 (git)
Affected: 030a07e441296c372f946cd4065b5d831d8dc40c , < b7df09bb348016943f56b09dcaafe221e3f73947 (git)

Linux

Affected: 2.6.28
Unaffected: 0 , < 2.6.28 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56532",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:02:49.135886Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-667",
                "description": "CWE-667 Improper Locking",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:17.590Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:49:13.727Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/usb/usx2y/us122l.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "020cbc4d7414f0962004213e2b7bc5cc607e9ec7",
              "status": "affected",
              "version": "030a07e441296c372f946cd4065b5d831d8dc40c",
              "versionType": "git"
            },
            {
              "lessThan": "75f418b249d84021865eaa59515d3ed9b75ce4d6",
              "status": "affected",
              "version": "030a07e441296c372f946cd4065b5d831d8dc40c",
              "versionType": "git"
            },
            {
              "lessThan": "bf0aa35a7cb8602cccf2387712114e836f65c154",
              "status": "affected",
              "version": "030a07e441296c372f946cd4065b5d831d8dc40c",
              "versionType": "git"
            },
            {
              "lessThan": "9a48bd2184b142c92a4e17eac074c61fcf975bc9",
              "status": "affected",
              "version": "030a07e441296c372f946cd4065b5d831d8dc40c",
              "versionType": "git"
            },
            {
              "lessThan": "bc778ad3e495333eebda36fe91d5b2c93109cc16",
              "status": "affected",
              "version": "030a07e441296c372f946cd4065b5d831d8dc40c",
              "versionType": "git"
            },
            {
              "lessThan": "2938dd2648522336133c151dd67bb9bf01cbd390",
              "status": "affected",
              "version": "030a07e441296c372f946cd4065b5d831d8dc40c",
              "versionType": "git"
            },
            {
              "lessThan": "9b27924dc8d7f8a8c35e521287d4ccb9a006e597",
              "status": "affected",
              "version": "030a07e441296c372f946cd4065b5d831d8dc40c",
              "versionType": "git"
            },
            {
              "lessThan": "9d5c530e4d70f64b1114f2cc29ac690ba7ac4a38",
              "status": "affected",
              "version": "030a07e441296c372f946cd4065b5d831d8dc40c",
              "versionType": "git"
            },
            {
              "lessThan": "b7df09bb348016943f56b09dcaafe221e3f73947",
              "status": "affected",
              "version": "030a07e441296c372f946cd4065b5d831d8dc40c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/usb/usx2y/us122l.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.28"
            },
            {
              "lessThan": "2.6.28",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "2.6.28",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.28",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.28",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.28",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.28",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "2.6.28",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "2.6.28",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "2.6.28",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.28",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: us122l: Use snd_card_free_when_closed() at disconnection\n\nThe USB disconnect callback is supposed to be short and not too-long\nwaiting.  OTOH, the current code uses snd_card_free() at\ndisconnection, but this waits for the close of all used fds, hence it\ncan take long.  It eventually blocks the upper layer USB ioctls, which\nmay trigger a soft lockup.\n\nAn easy workaround is to replace snd_card_free() with\nsnd_card_free_when_closed().  This variant returns immediately while\nthe release of resources is done asynchronously by the card device\nrelease at the last close.\n\nThe loop of us122l-\u003emmap_count check is dropped as well.  The check is\nuseless for the asynchronous operation with *_when_closed()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:57:27.794Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/020cbc4d7414f0962004213e2b7bc5cc607e9ec7"
        },
        {
          "url": "https://git.kernel.org/stable/c/75f418b249d84021865eaa59515d3ed9b75ce4d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf0aa35a7cb8602cccf2387712114e836f65c154"
        },
        {
          "url": "https://git.kernel.org/stable/c/9a48bd2184b142c92a4e17eac074c61fcf975bc9"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc778ad3e495333eebda36fe91d5b2c93109cc16"
        },
        {
          "url": "https://git.kernel.org/stable/c/2938dd2648522336133c151dd67bb9bf01cbd390"
        },
        {
          "url": "https://git.kernel.org/stable/c/9b27924dc8d7f8a8c35e521287d4ccb9a006e597"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d5c530e4d70f64b1114f2cc29ac690ba7ac4a38"
        },
        {
          "url": "https://git.kernel.org/stable/c/b7df09bb348016943f56b09dcaafe221e3f73947"
        }
      ],
      "title": "ALSA: us122l: Use snd_card_free_when_closed() at disconnection",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56532",
    "datePublished": "2024-12-27T14:11:15.266Z",
    "dateReserved": "2024-12-27T14:03:05.984Z",
    "dateUpdated": "2025-11-03T20:49:13.727Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-57904 (GCVE-0-2024-57904)

Vulnerability from cvelistv5 – Published: 2025-01-19 11:52 – Updated: 2025-11-03 20:55

Title

iio: adc: at91: call input_free_device() on allocated iio_dev

Summary

In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call input_free_device() on allocated iio_dev Current implementation of at91_ts_register() calls input_free_deivce() on st->ts_input, however, the err label can be reached before the allocated iio_dev is stored to st->ts_input. Thus call input_free_device() on input instead of st->ts_input.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b549c90bfe66f7048…
	https://git.kernel.org/stable/c/ac8d932e3214c10ec…
	https://git.kernel.org/stable/c/028a1ba8e3bae593d…
	https://git.kernel.org/stable/c/25ef52f1c15db67d8…
	https://git.kernel.org/stable/c/09e067e3c83e0695d…
	https://git.kernel.org/stable/c/d115b7f3ddc03b38b…
	https://git.kernel.org/stable/c/de6a73bad1743e9e8…

Impacted products

Vendor

Product

Version

Linux

Affected: 84882b060301c35ab7e2c1ef355b0bd06b764195 , < b549c90bfe66f704878aa1e57b30ba15dab71935 (git)
Affected: 84882b060301c35ab7e2c1ef355b0bd06b764195 , < ac8d932e3214c10ec641ad45a253929a596ead62 (git)
Affected: 84882b060301c35ab7e2c1ef355b0bd06b764195 , < 028a1ba8e3bae593d701aee4f690ce7c195b67d6 (git)
Affected: 84882b060301c35ab7e2c1ef355b0bd06b764195 , < 25ef52f1c15db67d890b80203a911b9a57b0bf71 (git)
Affected: 84882b060301c35ab7e2c1ef355b0bd06b764195 , < 09e067e3c83e0695d338e8a26916e3c2bc44be02 (git)
Affected: 84882b060301c35ab7e2c1ef355b0bd06b764195 , < d115b7f3ddc03b38bb7e8754601556fe9b4fc034 (git)
Affected: 84882b060301c35ab7e2c1ef355b0bd06b764195 , < de6a73bad1743e9e81ea5a24c178c67429ff510b (git)

Linux

Affected: 3.16
Unaffected: 0 , < 3.16 (semver)
Unaffected: 5.4.290 , ≤ 5.4.* (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.125 , ≤ 6.1.* (semver)
Unaffected: 6.6.72 , ≤ 6.6.* (semver)
Unaffected: 6.12.10 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:55:27.822Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/iio/adc/at91_adc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b549c90bfe66f704878aa1e57b30ba15dab71935",
              "status": "affected",
              "version": "84882b060301c35ab7e2c1ef355b0bd06b764195",
              "versionType": "git"
            },
            {
              "lessThan": "ac8d932e3214c10ec641ad45a253929a596ead62",
              "status": "affected",
              "version": "84882b060301c35ab7e2c1ef355b0bd06b764195",
              "versionType": "git"
            },
            {
              "lessThan": "028a1ba8e3bae593d701aee4f690ce7c195b67d6",
              "status": "affected",
              "version": "84882b060301c35ab7e2c1ef355b0bd06b764195",
              "versionType": "git"
            },
            {
              "lessThan": "25ef52f1c15db67d890b80203a911b9a57b0bf71",
              "status": "affected",
              "version": "84882b060301c35ab7e2c1ef355b0bd06b764195",
              "versionType": "git"
            },
            {
              "lessThan": "09e067e3c83e0695d338e8a26916e3c2bc44be02",
              "status": "affected",
              "version": "84882b060301c35ab7e2c1ef355b0bd06b764195",
              "versionType": "git"
            },
            {
              "lessThan": "d115b7f3ddc03b38bb7e8754601556fe9b4fc034",
              "status": "affected",
              "version": "84882b060301c35ab7e2c1ef355b0bd06b764195",
              "versionType": "git"
            },
            {
              "lessThan": "de6a73bad1743e9e81ea5a24c178c67429ff510b",
              "status": "affected",
              "version": "84882b060301c35ab7e2c1ef355b0bd06b764195",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/iio/adc/at91_adc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.16"
            },
            {
              "lessThan": "3.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.290",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.125",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.72",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.290",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.125",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.72",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.10",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: at91: call input_free_device() on allocated iio_dev\n\nCurrent implementation of at91_ts_register() calls input_free_deivce()\non st-\u003ets_input, however, the err label can be reached before the\nallocated iio_dev is stored to st-\u003ets_input. Thus call\ninput_free_device() on input instead of st-\u003ets_input."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:06:18.688Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b549c90bfe66f704878aa1e57b30ba15dab71935"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac8d932e3214c10ec641ad45a253929a596ead62"
        },
        {
          "url": "https://git.kernel.org/stable/c/028a1ba8e3bae593d701aee4f690ce7c195b67d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/25ef52f1c15db67d890b80203a911b9a57b0bf71"
        },
        {
          "url": "https://git.kernel.org/stable/c/09e067e3c83e0695d338e8a26916e3c2bc44be02"
        },
        {
          "url": "https://git.kernel.org/stable/c/d115b7f3ddc03b38bb7e8754601556fe9b4fc034"
        },
        {
          "url": "https://git.kernel.org/stable/c/de6a73bad1743e9e81ea5a24c178c67429ff510b"
        }
      ],
      "title": "iio: adc: at91: call input_free_device() on allocated iio_dev",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57904",
    "datePublished": "2025-01-19T11:52:28.982Z",
    "dateReserved": "2025-01-19T11:50:08.372Z",
    "dateUpdated": "2025-11-03T20:55:27.822Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21683 (GCVE-0-2025-21683)

Vulnerability from cvelistv5 – Published: 2025-01-31 11:25 – Updated: 2025-11-03 20:59

Title

bpf: Fix bpf_sk_select_reuseport() memory leak

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_sk_select_reuseport() memory leak As pointed out in the original comment, lookup in sockmap can return a TCP ESTABLISHED socket. Such TCP socket may have had SO_ATTACH_REUSEPORT_EBPF set before it was ESTABLISHED. In other words, a non-NULL sk_reuseport_cb does not imply a non-refcounted socket. Drop sk's reference in both error paths. unreferenced object 0xffff888101911800 (size 2048): comm "test_progs", pid 44109, jiffies 4297131437 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 80 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 9336483b): __kmalloc_noprof+0x3bf/0x560 __reuseport_alloc+0x1d/0x40 reuseport_alloc+0xca/0x150 reuseport_attach_prog+0x87/0x140 sk_reuseport_attach_bpf+0xc8/0x100 sk_setsockopt+0x1181/0x1990 do_sock_setsockopt+0x12b/0x160 __sys_setsockopt+0x7b/0xc0 __x64_sys_setsockopt+0x1b/0x30 do_syscall_64+0x93/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-401 - Missing Release of Memory after Effective Lifetime

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/bb36838dac7bb334a…
	https://git.kernel.org/stable/c/0ab52a8ca6e156a64…
	https://git.kernel.org/stable/c/d0a3b3d1176d39218…
	https://git.kernel.org/stable/c/b02e70be498b138e9…
	https://git.kernel.org/stable/c/cccd51dd22574216e…
	https://git.kernel.org/stable/c/b3af60928ab9129be…

Impacted products

Vendor

Product

Version

Linux

Affected: 64d85290d79c0677edb5a8ee2295b36c022fa5df , < bb36838dac7bb334a3f3d7eb29875593ec9473fc (git)
Affected: 64d85290d79c0677edb5a8ee2295b36c022fa5df , < 0ab52a8ca6e156a64c51b5e7456cac9a0ebfd9bf (git)
Affected: 64d85290d79c0677edb5a8ee2295b36c022fa5df , < d0a3b3d1176d39218b8edb2a2d03164942ab9ccd (git)
Affected: 64d85290d79c0677edb5a8ee2295b36c022fa5df , < b02e70be498b138e9c21701c2f33f4018ca7cd5e (git)
Affected: 64d85290d79c0677edb5a8ee2295b36c022fa5df , < cccd51dd22574216e64e5d205489e634f86999f3 (git)
Affected: 64d85290d79c0677edb5a8ee2295b36c022fa5df , < b3af60928ab9129befa65e6df0310d27300942bf (git)

Linux

Affected: 5.8
Unaffected: 0 , < 5.8 (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.127 , ≤ 6.1.* (semver)
Unaffected: 6.6.74 , ≤ 6.6.* (semver)
Unaffected: 6.12.11 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-21683",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:51:47.465503Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-401",
                "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:11.105Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:59:02.244Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/filter.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bb36838dac7bb334a3f3d7eb29875593ec9473fc",
              "status": "affected",
              "version": "64d85290d79c0677edb5a8ee2295b36c022fa5df",
              "versionType": "git"
            },
            {
              "lessThan": "0ab52a8ca6e156a64c51b5e7456cac9a0ebfd9bf",
              "status": "affected",
              "version": "64d85290d79c0677edb5a8ee2295b36c022fa5df",
              "versionType": "git"
            },
            {
              "lessThan": "d0a3b3d1176d39218b8edb2a2d03164942ab9ccd",
              "status": "affected",
              "version": "64d85290d79c0677edb5a8ee2295b36c022fa5df",
              "versionType": "git"
            },
            {
              "lessThan": "b02e70be498b138e9c21701c2f33f4018ca7cd5e",
              "status": "affected",
              "version": "64d85290d79c0677edb5a8ee2295b36c022fa5df",
              "versionType": "git"
            },
            {
              "lessThan": "cccd51dd22574216e64e5d205489e634f86999f3",
              "status": "affected",
              "version": "64d85290d79c0677edb5a8ee2295b36c022fa5df",
              "versionType": "git"
            },
            {
              "lessThan": "b3af60928ab9129befa65e6df0310d27300942bf",
              "status": "affected",
              "version": "64d85290d79c0677edb5a8ee2295b36c022fa5df",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/filter.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            },
            {
              "lessThan": "5.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.127",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.74",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.127",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.74",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.11",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix bpf_sk_select_reuseport() memory leak\n\nAs pointed out in the original comment, lookup in sockmap can return a TCP\nESTABLISHED socket. Such TCP socket may have had SO_ATTACH_REUSEPORT_EBPF\nset before it was ESTABLISHED. In other words, a non-NULL sk_reuseport_cb\ndoes not imply a non-refcounted socket.\n\nDrop sk\u0027s reference in both error paths.\n\nunreferenced object 0xffff888101911800 (size 2048):\n  comm \"test_progs\", pid 44109, jiffies 4297131437\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    80 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 9336483b):\n    __kmalloc_noprof+0x3bf/0x560\n    __reuseport_alloc+0x1d/0x40\n    reuseport_alloc+0xca/0x150\n    reuseport_attach_prog+0x87/0x140\n    sk_reuseport_attach_bpf+0xc8/0x100\n    sk_setsockopt+0x1181/0x1990\n    do_sock_setsockopt+0x12b/0x160\n    __sys_setsockopt+0x7b/0xc0\n    __x64_sys_setsockopt+0x1b/0x30\n    do_syscall_64+0x93/0x180\n    entry_SYSCALL_64_after_hwframe+0x76/0x7e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:18:58.841Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bb36838dac7bb334a3f3d7eb29875593ec9473fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/0ab52a8ca6e156a64c51b5e7456cac9a0ebfd9bf"
        },
        {
          "url": "https://git.kernel.org/stable/c/d0a3b3d1176d39218b8edb2a2d03164942ab9ccd"
        },
        {
          "url": "https://git.kernel.org/stable/c/b02e70be498b138e9c21701c2f33f4018ca7cd5e"
        },
        {
          "url": "https://git.kernel.org/stable/c/cccd51dd22574216e64e5d205489e634f86999f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/b3af60928ab9129befa65e6df0310d27300942bf"
        }
      ],
      "title": "bpf: Fix bpf_sk_select_reuseport() memory leak",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21683",
    "datePublished": "2025-01-31T11:25:42.903Z",
    "dateReserved": "2024-12-29T08:45:45.739Z",
    "dateUpdated": "2025-11-03T20:59:02.244Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56778 (GCVE-0-2024-56778)

Vulnerability from cvelistv5 – Published: 2025-01-08 17:49 – Updated: 2025-11-03 20:54

Title

drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/31c857e7496d34e5a…
	https://git.kernel.org/stable/c/6b0d0d6e9d3c26697…
	https://git.kernel.org/stable/c/82a5312f874fb18f0…
	https://git.kernel.org/stable/c/837eb99ad3340c7a9…
	https://git.kernel.org/stable/c/c1ab40a1fdfee732c…

Impacted products

Vendor

Product

Version

Linux

Affected: dd86dc2f9ae1102f46115be1f1422265c15540f1 , < 31c857e7496d34e5a32a6f75bc024d0b06fd646a (git)
Affected: dd86dc2f9ae1102f46115be1f1422265c15540f1 , < 6b0d0d6e9d3c26697230bf7dc9e6b52bdb24086f (git)
Affected: dd86dc2f9ae1102f46115be1f1422265c15540f1 , < 82a5312f874fb18f045d9658e9bd290e3b0621c0 (git)
Affected: dd86dc2f9ae1102f46115be1f1422265c15540f1 , < 837eb99ad3340c7a9febf454f41c8e3edb68ac1e (git)
Affected: dd86dc2f9ae1102f46115be1f1422265c15540f1 , < c1ab40a1fdfee732c7e6ff2fb8253760293e47e8 (git)

Linux

Affected: 4.6
Unaffected: 0 , < 4.6 (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.12.4 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56778",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:56:31.852953Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:24.275Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:54:13.948Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/sti/sti_hqvdp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "31c857e7496d34e5a32a6f75bc024d0b06fd646a",
              "status": "affected",
              "version": "dd86dc2f9ae1102f46115be1f1422265c15540f1",
              "versionType": "git"
            },
            {
              "lessThan": "6b0d0d6e9d3c26697230bf7dc9e6b52bdb24086f",
              "status": "affected",
              "version": "dd86dc2f9ae1102f46115be1f1422265c15540f1",
              "versionType": "git"
            },
            {
              "lessThan": "82a5312f874fb18f045d9658e9bd290e3b0621c0",
              "status": "affected",
              "version": "dd86dc2f9ae1102f46115be1f1422265c15540f1",
              "versionType": "git"
            },
            {
              "lessThan": "837eb99ad3340c7a9febf454f41c8e3edb68ac1e",
              "status": "affected",
              "version": "dd86dc2f9ae1102f46115be1f1422265c15540f1",
              "versionType": "git"
            },
            {
              "lessThan": "c1ab40a1fdfee732c7e6ff2fb8253760293e47e8",
              "status": "affected",
              "version": "dd86dc2f9ae1102f46115be1f1422265c15540f1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/sti/sti_hqvdp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.6"
            },
            {
              "lessThan": "4.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.4",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check\n\nThe return value of drm_atomic_get_crtc_state() needs to be\nchecked. To avoid use of error pointer \u0027crtc_state\u0027 in case\nof the failure."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:04:31.354Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/31c857e7496d34e5a32a6f75bc024d0b06fd646a"
        },
        {
          "url": "https://git.kernel.org/stable/c/6b0d0d6e9d3c26697230bf7dc9e6b52bdb24086f"
        },
        {
          "url": "https://git.kernel.org/stable/c/82a5312f874fb18f045d9658e9bd290e3b0621c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/837eb99ad3340c7a9febf454f41c8e3edb68ac1e"
        },
        {
          "url": "https://git.kernel.org/stable/c/c1ab40a1fdfee732c7e6ff2fb8253760293e47e8"
        }
      ],
      "title": "drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56778",
    "datePublished": "2025-01-08T17:49:16.207Z",
    "dateReserved": "2024-12-29T11:26:39.767Z",
    "dateUpdated": "2025-11-03T20:54:13.948Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53173 (GCVE-0-2024-53173)

Vulnerability from cvelistv5 – Published: 2024-12-27 13:49 – Updated: 2025-11-03 20:47

Title

NFSv4.0: Fix a use-after-free problem in the asynchronous open()

Summary

In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open() Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfs_release_seqid() in nfs4_opendata_free() can result in a use-after-free of the pointer to the defunct rpc task of the other thread. The fix is to ensure that if the RPC call is aborted before the call to nfs_wait_on_sequence() is complete, then we must call nfs_release_seqid() in nfs4_open_release() before the rpc_task is freed.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1cfae9575296f5040…
	https://git.kernel.org/stable/c/7bf6bf130af8ee7d9…
	https://git.kernel.org/stable/c/5237a297ffd374a1c…
	https://git.kernel.org/stable/c/2ab9639f16b05d948…
	https://git.kernel.org/stable/c/ba6e6c04f60fe52d9…
	https://git.kernel.org/stable/c/229a30ed42bb87bcb…
	https://git.kernel.org/stable/c/e2277a1d9d5cd0d62…
	https://git.kernel.org/stable/c/b56ae8e715557b4fc…
	https://git.kernel.org/stable/c/2fdb05dc093125057…

Impacted products

Vendor

Product

Version

Linux

Affected: 24ac23ab88df5b21b5b2df8cde748bf99b289099 , < 1cfae9575296f5040cdc84b0730e79078c081d2d (git)
Affected: 24ac23ab88df5b21b5b2df8cde748bf99b289099 , < 7bf6bf130af8ee7d93a99c28a7512df3017ec759 (git)
Affected: 24ac23ab88df5b21b5b2df8cde748bf99b289099 , < 5237a297ffd374a1c4157a53543b7a69d7bbbc03 (git)
Affected: 24ac23ab88df5b21b5b2df8cde748bf99b289099 , < 2ab9639f16b05d948066a6c4cf19a0fdc61046ff (git)
Affected: 24ac23ab88df5b21b5b2df8cde748bf99b289099 , < ba6e6c04f60fe52d91520ac4d749d372d4c74521 (git)
Affected: 24ac23ab88df5b21b5b2df8cde748bf99b289099 , < 229a30ed42bb87bcb044c5523fabd9e4f0e75648 (git)
Affected: 24ac23ab88df5b21b5b2df8cde748bf99b289099 , < e2277a1d9d5cd0d625a4fd7c04fce2b53e66df77 (git)
Affected: 24ac23ab88df5b21b5b2df8cde748bf99b289099 , < b56ae8e715557b4fc227c9381d2e681ffafe7b15 (git)
Affected: 24ac23ab88df5b21b5b2df8cde748bf99b289099 , < 2fdb05dc0931250574f0cb0ebeb5ed8e20f4a889 (git)

Linux

Affected: 2.6.16
Unaffected: 0 , < 2.6.16 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-53173",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T15:43:40.051195Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T15:45:27.018Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:47:06.823Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfs/nfs4proc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1cfae9575296f5040cdc84b0730e79078c081d2d",
              "status": "affected",
              "version": "24ac23ab88df5b21b5b2df8cde748bf99b289099",
              "versionType": "git"
            },
            {
              "lessThan": "7bf6bf130af8ee7d93a99c28a7512df3017ec759",
              "status": "affected",
              "version": "24ac23ab88df5b21b5b2df8cde748bf99b289099",
              "versionType": "git"
            },
            {
              "lessThan": "5237a297ffd374a1c4157a53543b7a69d7bbbc03",
              "status": "affected",
              "version": "24ac23ab88df5b21b5b2df8cde748bf99b289099",
              "versionType": "git"
            },
            {
              "lessThan": "2ab9639f16b05d948066a6c4cf19a0fdc61046ff",
              "status": "affected",
              "version": "24ac23ab88df5b21b5b2df8cde748bf99b289099",
              "versionType": "git"
            },
            {
              "lessThan": "ba6e6c04f60fe52d91520ac4d749d372d4c74521",
              "status": "affected",
              "version": "24ac23ab88df5b21b5b2df8cde748bf99b289099",
              "versionType": "git"
            },
            {
              "lessThan": "229a30ed42bb87bcb044c5523fabd9e4f0e75648",
              "status": "affected",
              "version": "24ac23ab88df5b21b5b2df8cde748bf99b289099",
              "versionType": "git"
            },
            {
              "lessThan": "e2277a1d9d5cd0d625a4fd7c04fce2b53e66df77",
              "status": "affected",
              "version": "24ac23ab88df5b21b5b2df8cde748bf99b289099",
              "versionType": "git"
            },
            {
              "lessThan": "b56ae8e715557b4fc227c9381d2e681ffafe7b15",
              "status": "affected",
              "version": "24ac23ab88df5b21b5b2df8cde748bf99b289099",
              "versionType": "git"
            },
            {
              "lessThan": "2fdb05dc0931250574f0cb0ebeb5ed8e20f4a889",
              "status": "affected",
              "version": "24ac23ab88df5b21b5b2df8cde748bf99b289099",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfs/nfs4proc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.16"
            },
            {
              "lessThan": "2.6.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "2.6.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "2.6.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "2.6.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "2.6.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:54:53.469Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1cfae9575296f5040cdc84b0730e79078c081d2d"
        },
        {
          "url": "https://git.kernel.org/stable/c/7bf6bf130af8ee7d93a99c28a7512df3017ec759"
        },
        {
          "url": "https://git.kernel.org/stable/c/5237a297ffd374a1c4157a53543b7a69d7bbbc03"
        },
        {
          "url": "https://git.kernel.org/stable/c/2ab9639f16b05d948066a6c4cf19a0fdc61046ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/ba6e6c04f60fe52d91520ac4d749d372d4c74521"
        },
        {
          "url": "https://git.kernel.org/stable/c/229a30ed42bb87bcb044c5523fabd9e4f0e75648"
        },
        {
          "url": "https://git.kernel.org/stable/c/e2277a1d9d5cd0d625a4fd7c04fce2b53e66df77"
        },
        {
          "url": "https://git.kernel.org/stable/c/b56ae8e715557b4fc227c9381d2e681ffafe7b15"
        },
        {
          "url": "https://git.kernel.org/stable/c/2fdb05dc0931250574f0cb0ebeb5ed8e20f4a889"
        }
      ],
      "title": "NFSv4.0: Fix a use-after-free problem in the asynchronous open()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53173",
    "datePublished": "2024-12-27T13:49:17.981Z",
    "dateReserved": "2024-11-19T17:17:25.006Z",
    "dateUpdated": "2025-11-03T20:47:06.823Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21666 (GCVE-0-2025-21666)

Vulnerability from cvelistv5 – Published: 2025-01-31 11:25 – Updated: 2025-11-03 20:58

Title

vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]

Summary

In the Linux kernel, the following vulnerability has been resolved: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] Recent reports have shown how we sometimes call vsock_*_has_data() when a vsock socket has been de-assigned from a transport (see attached links), but we shouldn't. Previous commits should have solved the real problems, but we may have more in the future, so to avoid null-ptr-deref, we can return 0 (no space, no data available) but with a warning. This way the code should continue to run in a nearly consistent state and have a warning that allows us to debug future problems.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/daeac89cdb03d3002…
	https://git.kernel.org/stable/c/9e5fed46ccd2c34c5…
	https://git.kernel.org/stable/c/b52e50dd4fabd1294…
	https://git.kernel.org/stable/c/bc9c49341f9728c31…
	https://git.kernel.org/stable/c/c23d1d4f8efefb722…
	https://git.kernel.org/stable/c/91751e248256efc11…

Impacted products

Vendor

Product

Version

Linux

Affected: c0cfa2d8a788fcf45df5bf4070ab2474c88d543a , < daeac89cdb03d30028186f5ff7dc26ec8fa843e7 (git)
Affected: c0cfa2d8a788fcf45df5bf4070ab2474c88d543a , < 9e5fed46ccd2c34c5fa5a9c8825ce4823fdc853e (git)
Affected: c0cfa2d8a788fcf45df5bf4070ab2474c88d543a , < b52e50dd4fabd12944172bd486a4f4853b7f74dd (git)
Affected: c0cfa2d8a788fcf45df5bf4070ab2474c88d543a , < bc9c49341f9728c31fe248c5fbba32d2e81a092b (git)
Affected: c0cfa2d8a788fcf45df5bf4070ab2474c88d543a , < c23d1d4f8efefb72258e9cedce29de10d057f8ca (git)
Affected: c0cfa2d8a788fcf45df5bf4070ab2474c88d543a , < 91751e248256efc111e52e15115840c35d85abaf (git)

Linux

Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.127 , ≤ 6.1.* (semver)
Unaffected: 6.6.74 , ≤ 6.6.* (semver)
Unaffected: 6.12.11 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-21666",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:52:24.276957Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:12.729Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:58:44.611Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/vmw_vsock/af_vsock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "daeac89cdb03d30028186f5ff7dc26ec8fa843e7",
              "status": "affected",
              "version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a",
              "versionType": "git"
            },
            {
              "lessThan": "9e5fed46ccd2c34c5fa5a9c8825ce4823fdc853e",
              "status": "affected",
              "version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a",
              "versionType": "git"
            },
            {
              "lessThan": "b52e50dd4fabd12944172bd486a4f4853b7f74dd",
              "status": "affected",
              "version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a",
              "versionType": "git"
            },
            {
              "lessThan": "bc9c49341f9728c31fe248c5fbba32d2e81a092b",
              "status": "affected",
              "version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a",
              "versionType": "git"
            },
            {
              "lessThan": "c23d1d4f8efefb72258e9cedce29de10d057f8ca",
              "status": "affected",
              "version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a",
              "versionType": "git"
            },
            {
              "lessThan": "91751e248256efc111e52e15115840c35d85abaf",
              "status": "affected",
              "version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/vmw_vsock/af_vsock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.127",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.74",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.127",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.74",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.11",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: prevent null-ptr-deref in vsock_*[has_data|has_space]\n\nRecent reports have shown how we sometimes call vsock_*_has_data()\nwhen a vsock socket has been de-assigned from a transport (see attached\nlinks), but we shouldn\u0027t.\n\nPrevious commits should have solved the real problems, but we may have\nmore in the future, so to avoid null-ptr-deref, we can return 0\n(no space, no data available) but with a warning.\n\nThis way the code should continue to run in a nearly consistent state\nand have a warning that allows us to debug future problems."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:18:33.164Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/daeac89cdb03d30028186f5ff7dc26ec8fa843e7"
        },
        {
          "url": "https://git.kernel.org/stable/c/9e5fed46ccd2c34c5fa5a9c8825ce4823fdc853e"
        },
        {
          "url": "https://git.kernel.org/stable/c/b52e50dd4fabd12944172bd486a4f4853b7f74dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc9c49341f9728c31fe248c5fbba32d2e81a092b"
        },
        {
          "url": "https://git.kernel.org/stable/c/c23d1d4f8efefb72258e9cedce29de10d057f8ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/91751e248256efc111e52e15115840c35d85abaf"
        }
      ],
      "title": "vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21666",
    "datePublished": "2025-01-31T11:25:31.138Z",
    "dateReserved": "2024-12-29T08:45:45.733Z",
    "dateUpdated": "2025-11-03T20:58:44.611Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56548 (GCVE-0-2024-56548)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:11 – Updated: 2025-11-03 20:49

Title

hfsplus: don't query the device logical block size multiple times

Summary

In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't query the device logical block size multiple times Devices block sizes may change. One of these cases is a loop device by using ioctl LOOP_SET_BLOCK_SIZE. While this may cause other issues like IO being rejected, in the case of hfsplus, it will allocate a block by using that size and potentially write out-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the latter function reads a different io_size. Using a new min_io_size initally set to sb_min_blocksize works for the purposes of the original fix, since it will be set to the max between HFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the max between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not initialized. Tested by mounting an hfsplus filesystem with loop block sizes 512, 1024 and 4096. The produced KASAN report before the fix looks like this: [ 419.944641] ================================================================== [ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a [ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678 [ 419.947612] [ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84 [ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 [ 419.950035] Call Trace: [ 419.950384] <TASK> [ 419.950676] dump_stack_lvl+0x57/0x78 [ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a [ 419.951830] print_report+0x14c/0x49e [ 419.952361] ? __virt_addr_valid+0x267/0x278 [ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d [ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a [ 419.954231] kasan_report+0x89/0xb0 [ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a [ 419.955367] hfsplus_read_wrapper+0x659/0xa0a [ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10 [ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9 [ 419.957214] ? _raw_spin_unlock+0x1a/0x2e [ 419.957772] hfsplus_fill_super+0x348/0x1590 [ 419.958355] ? hlock_class+0x4c/0x109 [ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 419.959499] ? __pfx_string+0x10/0x10 [ 419.960006] ? lock_acquire+0x3e2/0x454 [ 419.960532] ? bdev_name.constprop.0+0xce/0x243 [ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10 [ 419.961799] ? pointer+0x3f0/0x62f [ 419.962277] ? __pfx_pointer+0x10/0x10 [ 419.962761] ? vsnprintf+0x6c4/0xfba [ 419.963178] ? __pfx_vsnprintf+0x10/0x10 [ 419.963621] ? setup_bdev_super+0x376/0x3b3 [ 419.964029] ? snprintf+0x9d/0xd2 [ 419.964344] ? __pfx_snprintf+0x10/0x10 [ 419.964675] ? lock_acquired+0x45c/0x5e9 [ 419.965016] ? set_blocksize+0x139/0x1c1 [ 419.965381] ? sb_set_blocksize+0x6d/0xae [ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 419.966179] mount_bdev+0x12f/0x1bf [ 419.966512] ? __pfx_mount_bdev+0x10/0x10 [ 419.966886] ? vfs_parse_fs_string+0xce/0x111 [ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10 [ 419.968073] legacy_get_tree+0x104/0x178 [ 419.968414] vfs_get_tree+0x86/0x296 [ 419.968751] path_mount+0xba3/0xd0b [ 419.969157] ? __pfx_path_mount+0x10/0x10 [ 419.969594] ? kmem_cache_free+0x1e2/0x260 [ 419.970311] do_mount+0x99/0xe0 [ 419.970630] ? __pfx_do_mount+0x10/0x10 [ 419.971008] __do_sys_mount+0x199/0x1c9 [ 419.971397] do_syscall_64+0xd0/0x135 [ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 419.972233] RIP: 0033:0x7c3cb812972e [ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48 [ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e [ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI: ---truncated---

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/baccb5e12577b7a9e…
	https://git.kernel.org/stable/c/f57725bcc5816425e…
	https://git.kernel.org/stable/c/e8a2b1c1c2ea85e9a…
	https://git.kernel.org/stable/c/06cbfbb13ac88f415…
	https://git.kernel.org/stable/c/3d7bda75e1a6239db…
	https://git.kernel.org/stable/c/21900e8478126ff6a…
	https://git.kernel.org/stable/c/2667c9b7b76efcbc7…
	https://git.kernel.org/stable/c/bfeecda050aa9376f…
	https://git.kernel.org/stable/c/1c82587cb57687de3…

Impacted products

Vendor

Product

Version

Linux

Affected: 6596528e391ad978a6a120142cba97a1d7324cb6 , < baccb5e12577b7a9eff54ffba301fdaa0f3ee5a8 (git)
Affected: 6596528e391ad978a6a120142cba97a1d7324cb6 , < f57725bcc5816425e25218fdf5fb6923bc578cdf (git)
Affected: 6596528e391ad978a6a120142cba97a1d7324cb6 , < e8a2b1c1c2ea85e9a5a2d0c5a5a7e7c639feb866 (git)
Affected: 6596528e391ad978a6a120142cba97a1d7324cb6 , < 06cbfbb13ac88f4154c2eb4bc4176f9d10139847 (git)
Affected: 6596528e391ad978a6a120142cba97a1d7324cb6 , < 3d7bda75e1a6239db053c73acde17ca146317824 (git)
Affected: 6596528e391ad978a6a120142cba97a1d7324cb6 , < 21900e8478126ff6afe3b66679f676e74d1f8830 (git)
Affected: 6596528e391ad978a6a120142cba97a1d7324cb6 , < 2667c9b7b76efcbc7adbfea249892f20c313b0da (git)
Affected: 6596528e391ad978a6a120142cba97a1d7324cb6 , < bfeecda050aa9376f642d5b2a71c4112cc6c8216 (git)
Affected: 6596528e391ad978a6a120142cba97a1d7324cb6 , < 1c82587cb57687de3f18ab4b98a8850c789bedcf (git)
Affected: c53c89aba3ebdfc3e9acdb18bb5ee9d2f8a328d0 (git)

Linux

Affected: 3.1
Unaffected: 0 , < 3.1 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56548",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:02:19.622310Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:16.366Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:49:23.519Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/hfsplus/hfsplus_fs.h",
            "fs/hfsplus/wrapper.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "baccb5e12577b7a9eff54ffba301fdaa0f3ee5a8",
              "status": "affected",
              "version": "6596528e391ad978a6a120142cba97a1d7324cb6",
              "versionType": "git"
            },
            {
              "lessThan": "f57725bcc5816425e25218fdf5fb6923bc578cdf",
              "status": "affected",
              "version": "6596528e391ad978a6a120142cba97a1d7324cb6",
              "versionType": "git"
            },
            {
              "lessThan": "e8a2b1c1c2ea85e9a5a2d0c5a5a7e7c639feb866",
              "status": "affected",
              "version": "6596528e391ad978a6a120142cba97a1d7324cb6",
              "versionType": "git"
            },
            {
              "lessThan": "06cbfbb13ac88f4154c2eb4bc4176f9d10139847",
              "status": "affected",
              "version": "6596528e391ad978a6a120142cba97a1d7324cb6",
              "versionType": "git"
            },
            {
              "lessThan": "3d7bda75e1a6239db053c73acde17ca146317824",
              "status": "affected",
              "version": "6596528e391ad978a6a120142cba97a1d7324cb6",
              "versionType": "git"
            },
            {
              "lessThan": "21900e8478126ff6afe3b66679f676e74d1f8830",
              "status": "affected",
              "version": "6596528e391ad978a6a120142cba97a1d7324cb6",
              "versionType": "git"
            },
            {
              "lessThan": "2667c9b7b76efcbc7adbfea249892f20c313b0da",
              "status": "affected",
              "version": "6596528e391ad978a6a120142cba97a1d7324cb6",
              "versionType": "git"
            },
            {
              "lessThan": "bfeecda050aa9376f642d5b2a71c4112cc6c8216",
              "status": "affected",
              "version": "6596528e391ad978a6a120142cba97a1d7324cb6",
              "versionType": "git"
            },
            {
              "lessThan": "1c82587cb57687de3f18ab4b98a8850c789bedcf",
              "status": "affected",
              "version": "6596528e391ad978a6a120142cba97a1d7324cb6",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "c53c89aba3ebdfc3e9acdb18bb5ee9d2f8a328d0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/hfsplus/hfsplus_fs.h",
            "fs/hfsplus/wrapper.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "lessThan": "3.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.0.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[  419.944641] ==================================================================\n[  419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[  419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[  419.947612]\n[  419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[  419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[  419.950035] Call Trace:\n[  419.950384]  \u003cTASK\u003e\n[  419.950676]  dump_stack_lvl+0x57/0x78\n[  419.951212]  ? hfsplus_read_wrapper+0x659/0xa0a\n[  419.951830]  print_report+0x14c/0x49e\n[  419.952361]  ? __virt_addr_valid+0x267/0x278\n[  419.952979]  ? kmem_cache_debug_flags+0xc/0x1d\n[  419.953561]  ? hfsplus_read_wrapper+0x659/0xa0a\n[  419.954231]  kasan_report+0x89/0xb0\n[  419.954748]  ? hfsplus_read_wrapper+0x659/0xa0a\n[  419.955367]  hfsplus_read_wrapper+0x659/0xa0a\n[  419.955948]  ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[  419.956618]  ? do_raw_spin_unlock+0x59/0x1a9\n[  419.957214]  ? _raw_spin_unlock+0x1a/0x2e\n[  419.957772]  hfsplus_fill_super+0x348/0x1590\n[  419.958355]  ? hlock_class+0x4c/0x109\n[  419.958867]  ? __pfx_hfsplus_fill_super+0x10/0x10\n[  419.959499]  ? __pfx_string+0x10/0x10\n[  419.960006]  ? lock_acquire+0x3e2/0x454\n[  419.960532]  ? bdev_name.constprop.0+0xce/0x243\n[  419.961129]  ? __pfx_bdev_name.constprop.0+0x10/0x10\n[  419.961799]  ? pointer+0x3f0/0x62f\n[  419.962277]  ? __pfx_pointer+0x10/0x10\n[  419.962761]  ? vsnprintf+0x6c4/0xfba\n[  419.963178]  ? __pfx_vsnprintf+0x10/0x10\n[  419.963621]  ? setup_bdev_super+0x376/0x3b3\n[  419.964029]  ? snprintf+0x9d/0xd2\n[  419.964344]  ? __pfx_snprintf+0x10/0x10\n[  419.964675]  ? lock_acquired+0x45c/0x5e9\n[  419.965016]  ? set_blocksize+0x139/0x1c1\n[  419.965381]  ? sb_set_blocksize+0x6d/0xae\n[  419.965742]  ? __pfx_hfsplus_fill_super+0x10/0x10\n[  419.966179]  mount_bdev+0x12f/0x1bf\n[  419.966512]  ? __pfx_mount_bdev+0x10/0x10\n[  419.966886]  ? vfs_parse_fs_string+0xce/0x111\n[  419.967293]  ? __pfx_vfs_parse_fs_string+0x10/0x10\n[  419.967702]  ? __pfx_hfsplus_mount+0x10/0x10\n[  419.968073]  legacy_get_tree+0x104/0x178\n[  419.968414]  vfs_get_tree+0x86/0x296\n[  419.968751]  path_mount+0xba3/0xd0b\n[  419.969157]  ? __pfx_path_mount+0x10/0x10\n[  419.969594]  ? kmem_cache_free+0x1e2/0x260\n[  419.970311]  do_mount+0x99/0xe0\n[  419.970630]  ? __pfx_do_mount+0x10/0x10\n[  419.971008]  __do_sys_mount+0x199/0x1c9\n[  419.971397]  do_syscall_64+0xd0/0x135\n[  419.971761]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  419.972233] RIP: 0033:0x7c3cb812972e\n[  419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[  419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[  419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[  419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T13:00:51.090Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/baccb5e12577b7a9eff54ffba301fdaa0f3ee5a8"
        },
        {
          "url": "https://git.kernel.org/stable/c/f57725bcc5816425e25218fdf5fb6923bc578cdf"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8a2b1c1c2ea85e9a5a2d0c5a5a7e7c639feb866"
        },
        {
          "url": "https://git.kernel.org/stable/c/06cbfbb13ac88f4154c2eb4bc4176f9d10139847"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d7bda75e1a6239db053c73acde17ca146317824"
        },
        {
          "url": "https://git.kernel.org/stable/c/21900e8478126ff6afe3b66679f676e74d1f8830"
        },
        {
          "url": "https://git.kernel.org/stable/c/2667c9b7b76efcbc7adbfea249892f20c313b0da"
        },
        {
          "url": "https://git.kernel.org/stable/c/bfeecda050aa9376f642d5b2a71c4112cc6c8216"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c82587cb57687de3f18ab4b98a8850c789bedcf"
        }
      ],
      "title": "hfsplus: don\u0027t query the device logical block size multiple times",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56548",
    "datePublished": "2024-12-27T14:11:29.373Z",
    "dateReserved": "2024-12-27T14:03:05.989Z",
    "dateUpdated": "2025-11-03T20:49:23.519Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47119 (GCVE-0-2021-47119)

Vulnerability from cvelistv5 – Published: 2024-03-15 20:14 – Updated: 2025-05-04 07:04

Title

ext4: fix memory leak in ext4_fill_super

Summary

In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in ext4_fill_super Buffer head references must be released before calling kill_bdev(); otherwise the buffer head (and its page referenced by b_data) will not be freed by kill_bdev, and subsequently that bh will be leaked. If blocksizes differ, sb_set_blocksize() will kill current buffers and page cache by using kill_bdev(). And then super block will be reread again but using correct blocksize this time. sb_set_blocksize() didn't fully free superblock page and buffer head, and being busy, they were not freed and instead leaked. This can easily be reproduced by calling an infinite loop of: systemctl start <ext4_on_lvm>.mount, and systemctl stop <ext4_on_lvm>.mount ... since systemd creates a cgroup for each slice which it mounts, and the bh leak get amplified by a dying memory cgroup that also never gets freed, and memory consumption is much more easily noticed.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/01d349a481f059123…
	https://git.kernel.org/stable/c/1385b23396d511d52…
	https://git.kernel.org/stable/c/afd09b617db3786b6…

Impacted products

Vendor

Product

Version

Linux

Affected: ac27a0ec112a089f1a5102bc8dffc79c8c815571 , < 01d349a481f0591230300a9171330136f9159bcd (git)
Affected: ac27a0ec112a089f1a5102bc8dffc79c8c815571 , < 1385b23396d511d5233b8b921ac3058b3f86a5e1 (git)
Affected: ac27a0ec112a089f1a5102bc8dffc79c8c815571 , < afd09b617db3786b6ef3dc43e28fe728cfea84df (git)

Linux

Affected: 2.6.19
Unaffected: 0 , < 2.6.19 (semver)
Unaffected: 5.10.43 , ≤ 5.10.* (semver)
Unaffected: 5.12.10 , ≤ 5.12.* (semver)
Unaffected: 5.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47119",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-23T13:37:32.763549Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-23T13:37:45.432Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:24:39.956Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/01d349a481f0591230300a9171330136f9159bcd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1385b23396d511d5233b8b921ac3058b3f86a5e1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/afd09b617db3786b6ef3dc43e28fe728cfea84df"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "01d349a481f0591230300a9171330136f9159bcd",
              "status": "affected",
              "version": "ac27a0ec112a089f1a5102bc8dffc79c8c815571",
              "versionType": "git"
            },
            {
              "lessThan": "1385b23396d511d5233b8b921ac3058b3f86a5e1",
              "status": "affected",
              "version": "ac27a0ec112a089f1a5102bc8dffc79c8c815571",
              "versionType": "git"
            },
            {
              "lessThan": "afd09b617db3786b6ef3dc43e28fe728cfea84df",
              "status": "affected",
              "version": "ac27a0ec112a089f1a5102bc8dffc79c8c815571",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.19"
            },
            {
              "lessThan": "2.6.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.43",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.10",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix memory leak in ext4_fill_super\n\nBuffer head references must be released before calling kill_bdev();\notherwise the buffer head (and its page referenced by b_data) will not\nbe freed by kill_bdev, and subsequently that bh will be leaked.\n\nIf blocksizes differ, sb_set_blocksize() will kill current buffers and\npage cache by using kill_bdev(). And then super block will be reread\nagain but using correct blocksize this time. sb_set_blocksize() didn\u0027t\nfully free superblock page and buffer head, and being busy, they were\nnot freed and instead leaked.\n\nThis can easily be reproduced by calling an infinite loop of:\n\n  systemctl start \u003cext4_on_lvm\u003e.mount, and\n  systemctl stop \u003cext4_on_lvm\u003e.mount\n\n... since systemd creates a cgroup for each slice which it mounts, and\nthe bh leak get amplified by a dying memory cgroup that also never\ngets freed, and memory consumption is much more easily noticed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:04:31.455Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/01d349a481f0591230300a9171330136f9159bcd"
        },
        {
          "url": "https://git.kernel.org/stable/c/1385b23396d511d5233b8b921ac3058b3f86a5e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/afd09b617db3786b6ef3dc43e28fe728cfea84df"
        }
      ],
      "title": "ext4: fix memory leak in ext4_fill_super",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47119",
    "datePublished": "2024-03-15T20:14:25.901Z",
    "dateReserved": "2024-03-04T18:12:48.838Z",
    "dateUpdated": "2025-05-04T07:04:31.455Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-21669 (GCVE-0-2025-21669)

Vulnerability from cvelistv5 – Published: 2025-01-31 11:25 – Updated: 2025-11-03 20:58

Title

vsock/virtio: discard packets if the transport changes

Summary

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: discard packets if the transport changes If the socket has been de-assigned or assigned to another transport, we must discard any packets received because they are not expected and would cause issues when we access vsk->transport. A possible scenario is described by Hyunwoo Kim in the attached link, where after a first connect() interrupted by a signal, and a second connect() failed, we can find `vsk->transport` at NULL, leading to a NULL pointer dereference.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/18a7fc371d1dbf8de…
	https://git.kernel.org/stable/c/6486915fa661584d7…
	https://git.kernel.org/stable/c/88244163bc7e7b0ce…
	https://git.kernel.org/stable/c/d88b249e14bd0ee1e…
	https://git.kernel.org/stable/c/677579b641af10961…
	https://git.kernel.org/stable/c/2cb7c756f605ec02f…

Impacted products

Vendor

Product

Version

Linux

Affected: c0cfa2d8a788fcf45df5bf4070ab2474c88d543a , < 18a7fc371d1dbf8deff16c2dd9292bcc73f43040 (git)
Affected: c0cfa2d8a788fcf45df5bf4070ab2474c88d543a , < 6486915fa661584d70e8e7e4068c6c075c67dd6d (git)
Affected: c0cfa2d8a788fcf45df5bf4070ab2474c88d543a , < 88244163bc7e7b0ce9dd7bf4c8a563b41525c3ee (git)
Affected: c0cfa2d8a788fcf45df5bf4070ab2474c88d543a , < d88b249e14bd0ee1e46bbe4f456e22e01b8c68de (git)
Affected: c0cfa2d8a788fcf45df5bf4070ab2474c88d543a , < 677579b641af109613564460a4e3bdcb16850b61 (git)
Affected: c0cfa2d8a788fcf45df5bf4070ab2474c88d543a , < 2cb7c756f605ec02ffe562fb26828e4bcc5fdfc1 (git)

Linux

Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.127 , ≤ 6.1.* (semver)
Unaffected: 6.6.74 , ≤ 6.6.* (semver)
Unaffected: 6.12.11 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-21669",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:52:17.860929Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:12.459Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:58:50.209Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/vmw_vsock/virtio_transport_common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "18a7fc371d1dbf8deff16c2dd9292bcc73f43040",
              "status": "affected",
              "version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a",
              "versionType": "git"
            },
            {
              "lessThan": "6486915fa661584d70e8e7e4068c6c075c67dd6d",
              "status": "affected",
              "version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a",
              "versionType": "git"
            },
            {
              "lessThan": "88244163bc7e7b0ce9dd7bf4c8a563b41525c3ee",
              "status": "affected",
              "version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a",
              "versionType": "git"
            },
            {
              "lessThan": "d88b249e14bd0ee1e46bbe4f456e22e01b8c68de",
              "status": "affected",
              "version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a",
              "versionType": "git"
            },
            {
              "lessThan": "677579b641af109613564460a4e3bdcb16850b61",
              "status": "affected",
              "version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a",
              "versionType": "git"
            },
            {
              "lessThan": "2cb7c756f605ec02ffe562fb26828e4bcc5fdfc1",
              "status": "affected",
              "version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/vmw_vsock/virtio_transport_common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.127",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.74",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.127",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.74",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.11",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: discard packets if the transport changes\n\nIf the socket has been de-assigned or assigned to another transport,\nwe must discard any packets received because they are not expected\nand would cause issues when we access vsk-\u003etransport.\n\nA possible scenario is described by Hyunwoo Kim in the attached link,\nwhere after a first connect() interrupted by a signal, and a second\nconnect() failed, we can find `vsk-\u003etransport` at NULL, leading to a\nNULL pointer dereference."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:18:42.103Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/18a7fc371d1dbf8deff16c2dd9292bcc73f43040"
        },
        {
          "url": "https://git.kernel.org/stable/c/6486915fa661584d70e8e7e4068c6c075c67dd6d"
        },
        {
          "url": "https://git.kernel.org/stable/c/88244163bc7e7b0ce9dd7bf4c8a563b41525c3ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/d88b249e14bd0ee1e46bbe4f456e22e01b8c68de"
        },
        {
          "url": "https://git.kernel.org/stable/c/677579b641af109613564460a4e3bdcb16850b61"
        },
        {
          "url": "https://git.kernel.org/stable/c/2cb7c756f605ec02ffe562fb26828e4bcc5fdfc1"
        }
      ],
      "title": "vsock/virtio: discard packets if the transport changes",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21669",
    "datePublished": "2025-01-31T11:25:33.185Z",
    "dateReserved": "2024-12-29T08:45:45.735Z",
    "dateUpdated": "2025-11-03T20:58:50.209Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-46841 (GCVE-0-2024-46841)

Vulnerability from cvelistv5 – Published: 2024-09-27 12:39 – Updated: 2026-01-05 10:53

Title

btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() We handle errors here properly, ENOMEM isn't fatal, return the error.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c1406d8329f500e45…
	https://git.kernel.org/stable/c/6a0648f96c3ca647c…
	https://git.kernel.org/stable/c/44a2c518ab221c0ca…
	https://git.kernel.org/stable/c/135b4819f6fba87fd…
	https://git.kernel.org/stable/c/704c359b4093a2af6…
	https://git.kernel.org/stable/c/a580fb2c3479d9935…

Impacted products

Vendor

Product

Version

Linux

Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < c1406d8329f500e4594cd9730cd313aebc3a4333 (git)
Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < 6a0648f96c3ca647c71c6c1ddbc7c353bab79f64 (git)
Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < 44a2c518ab221c0cadcb8c45ca86f83a52dd4da6 (git)
Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < 135b4819f6fba87fd5a2693023133e78ac73f1d3 (git)
Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < 704c359b4093a2af650a20eaa030c435d7c30f91 (git)
Affected: 2c47e605a91dde6b0514f689645e7ab336c8592a , < a580fb2c3479d993556e1c31b237c9e5be4944a3 (git)

Linux

Affected: 2.6.31
Unaffected: 0 , < 2.6.31 (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46841",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T13:59:30.938920Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T13:59:35.066Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:39:20.621Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/extent-tree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c1406d8329f500e4594cd9730cd313aebc3a4333",
              "status": "affected",
              "version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
              "versionType": "git"
            },
            {
              "lessThan": "6a0648f96c3ca647c71c6c1ddbc7c353bab79f64",
              "status": "affected",
              "version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
              "versionType": "git"
            },
            {
              "lessThan": "44a2c518ab221c0cadcb8c45ca86f83a52dd4da6",
              "status": "affected",
              "version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
              "versionType": "git"
            },
            {
              "lessThan": "135b4819f6fba87fd5a2693023133e78ac73f1d3",
              "status": "affected",
              "version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
              "versionType": "git"
            },
            {
              "lessThan": "704c359b4093a2af650a20eaa030c435d7c30f91",
              "status": "affected",
              "version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
              "versionType": "git"
            },
            {
              "lessThan": "a580fb2c3479d993556e1c31b237c9e5be4944a3",
              "status": "affected",
              "version": "2c47e605a91dde6b0514f689645e7ab336c8592a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/extent-tree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.31"
            },
            {
              "lessThan": "2.6.31",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don\u0027t BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()\n\nWe handle errors here properly, ENOMEM isn\u0027t fatal, return the error."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:53:36.779Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c1406d8329f500e4594cd9730cd313aebc3a4333"
        },
        {
          "url": "https://git.kernel.org/stable/c/6a0648f96c3ca647c71c6c1ddbc7c353bab79f64"
        },
        {
          "url": "https://git.kernel.org/stable/c/44a2c518ab221c0cadcb8c45ca86f83a52dd4da6"
        },
        {
          "url": "https://git.kernel.org/stable/c/135b4819f6fba87fd5a2693023133e78ac73f1d3"
        },
        {
          "url": "https://git.kernel.org/stable/c/704c359b4093a2af650a20eaa030c435d7c30f91"
        },
        {
          "url": "https://git.kernel.org/stable/c/a580fb2c3479d993556e1c31b237c9e5be4944a3"
        }
      ],
      "title": "btrfs: don\u0027t BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46841",
    "datePublished": "2024-09-27T12:39:35.633Z",
    "dateReserved": "2024-09-11T15:12:18.288Z",
    "dateUpdated": "2026-01-05T10:53:36.779Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-23041 (GCVE-0-2022-23041)

Vulnerability from cvelistv5 – Published: 2022-03-10 19:20 – Updated: 2024-08-03 03:28

Summary

Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042

Severity ?

No CVSS data available.

CWE

unknown

Assigner

XEN

References

URL

Tags

	https://xenbits.xenproject.org/xsa/advisory-396.txt	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	unspecified	unspecified	Unknown: consult Xen advisory XSA-396

Credits

{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Demi Marie Obenour and Simon Gaiser of\nInvisible Things Lab.'}]}}}

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:28:42.964Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://xenbits.xenproject.org/xsa/advisory-396.txt"
          },
          {
            "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "unspecified",
          "vendor": "unspecified",
          "versions": [
            {
              "status": "unknown",
              "version": "consult Xen advisory XSA-396"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "{\u0027credit_data\u0027: {\u0027description\u0027: {\u0027description_data\u0027: [{\u0027lang\u0027: \u0027eng\u0027, \u0027value\u0027: \u0027This issue was discovered by Demi Marie Obenour and Simon Gaiser of\\nInvisible Things Lab.\u0027}]}}}"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn\u0027t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042"
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "description": {
                "description_data": [
                  {
                    "lang": "eng",
                    "value": "Due to race conditions and missing tests of return codes in the Linux\nPV device frontend drivers a malicious backend could gain access (read\nand write) to memory pages it shouldn\u0027t have, or it could directly\ntrigger Denial of Service (DoS) in the guest."
                  }
                ]
              }
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "unknown",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-01T13:06:34",
        "orgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
        "shortName": "XEN"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://xenbits.xenproject.org/xsa/advisory-396.txt"
        },
        {
          "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@xen.org",
          "ID": "CVE-2022-23041",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "?",
                            "version_value": "consult Xen advisory XSA-396"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": ""
              }
            ]
          }
        },
        "configuration": {
          "configuration_data": {
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "All Linux guests using PV devices are vulnerable in case potentially\nmalicious PV device backends are being used."
                }
              ]
            }
          }
        },
        "credit": {
          "credit_data": {
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "This issue was discovered by Demi Marie Obenour and Simon Gaiser of\nInvisible Things Lab."
                }
              ]
            }
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn\u0027t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042"
            }
          ]
        },
        "impact": {
          "impact_data": {
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Due to race conditions and missing tests of return codes in the Linux\nPV device frontend drivers a malicious backend could gain access (read\nand write) to memory pages it shouldn\u0027t have, or it could directly\ntrigger Denial of Service (DoS) in the guest."
                }
              ]
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "unknown"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://xenbits.xenproject.org/xsa/advisory-396.txt",
              "refsource": "MISC",
              "url": "https://xenbits.xenproject.org/xsa/advisory-396.txt"
            },
            {
              "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
            }
          ]
        },
        "workaround": {
          "workaround_data": {
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is no mitigation available other than not using PV devices in case\na backend is suspected to be potentially malicious."
                }
              ]
            }
          }
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
    "assignerShortName": "XEN",
    "cveId": "CVE-2022-23041",
    "datePublished": "2022-03-10T19:20:22",
    "dateReserved": "2022-01-10T00:00:00",
    "dateUpdated": "2024-08-03T03:28:42.964Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-56700 (GCVE-0-2024-56700)

Vulnerability from cvelistv5 – Published: 2024-12-28 09:46 – Updated: 2025-11-03 20:52

Title

media: wl128x: Fix atomicity violation in fmc_send_cmd()

Summary

In the Linux kernel, the following vulnerability has been resolved: media: wl128x: Fix atomicity violation in fmc_send_cmd() Atomicity violation occurs when the fmc_send_cmd() function is executed simultaneously with the modification of the fmdev->resp_skb value. Consider a scenario where, after passing the validity check within the function, a non-null fmdev->resp_skb variable is assigned a null value. This results in an invalid fmdev->resp_skb variable passing the validity check. As seen in the later part of the function, skb = fmdev->resp_skb; when the invalid fmdev->resp_skb passes the check, a null pointer dereference error may occur at line 478, evt_hdr = (void *)skb->data; To address this issue, it is recommended to include the validity check of fmdev->resp_skb within the locked section of the function. This modification ensures that the value of fmdev->resp_skb does not change during the validation process, thereby maintaining its validity. This possible bug is found by an experimental static analysis tool developed by our team. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d16109c9fdc1b8cea…
	https://git.kernel.org/stable/c/3c818ad07e964bca3…
	https://git.kernel.org/stable/c/d7408a052aa1b4f6f…
	https://git.kernel.org/stable/c/ed228b74d8a500380…
	https://git.kernel.org/stable/c/372dc9509122e5d45…
	https://git.kernel.org/stable/c/378ce4e08ca2b1ac7…
	https://git.kernel.org/stable/c/2e63c908de3570481…
	https://git.kernel.org/stable/c/80a3b2ee01eecf22d…
	https://git.kernel.org/stable/c/ca59f9956d4519ab1…

Impacted products

Vendor

Product

Version

Linux

Affected: e8454ff7b9a4d56f02c095bff12d3c92ef4c7fa6 , < d16109c9fdc1b8cea4fe63b42e06e926c3f68990 (git)
Affected: e8454ff7b9a4d56f02c095bff12d3c92ef4c7fa6 , < 3c818ad07e964bca3d27adac1e1f50e1e3c9180e (git)
Affected: e8454ff7b9a4d56f02c095bff12d3c92ef4c7fa6 , < d7408a052aa1b4f6fb6f1c7a8877b84017a07ac9 (git)
Affected: e8454ff7b9a4d56f02c095bff12d3c92ef4c7fa6 , < ed228b74d8a500380150965d5becabf9a1e33141 (git)
Affected: e8454ff7b9a4d56f02c095bff12d3c92ef4c7fa6 , < 372dc9509122e5d45d4c12978e31c3c7d00aaca4 (git)
Affected: e8454ff7b9a4d56f02c095bff12d3c92ef4c7fa6 , < 378ce4e08ca2b1ac7bbf1d57b68643ca4226c5f8 (git)
Affected: e8454ff7b9a4d56f02c095bff12d3c92ef4c7fa6 , < 2e63c908de357048180516b84740ed62dac0b269 (git)
Affected: e8454ff7b9a4d56f02c095bff12d3c92ef4c7fa6 , < 80a3b2ee01eecf22dfa06968b3cde92c691dea10 (git)
Affected: e8454ff7b9a4d56f02c095bff12d3c92ef4c7fa6 , < ca59f9956d4519ab18ab2270be47c6b8c6ced091 (git)

Linux

Affected: 2.6.39
Unaffected: 0 , < 2.6.39 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:52:49.567Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/radio/wl128x/fmdrv_common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d16109c9fdc1b8cea4fe63b42e06e926c3f68990",
              "status": "affected",
              "version": "e8454ff7b9a4d56f02c095bff12d3c92ef4c7fa6",
              "versionType": "git"
            },
            {
              "lessThan": "3c818ad07e964bca3d27adac1e1f50e1e3c9180e",
              "status": "affected",
              "version": "e8454ff7b9a4d56f02c095bff12d3c92ef4c7fa6",
              "versionType": "git"
            },
            {
              "lessThan": "d7408a052aa1b4f6fb6f1c7a8877b84017a07ac9",
              "status": "affected",
              "version": "e8454ff7b9a4d56f02c095bff12d3c92ef4c7fa6",
              "versionType": "git"
            },
            {
              "lessThan": "ed228b74d8a500380150965d5becabf9a1e33141",
              "status": "affected",
              "version": "e8454ff7b9a4d56f02c095bff12d3c92ef4c7fa6",
              "versionType": "git"
            },
            {
              "lessThan": "372dc9509122e5d45d4c12978e31c3c7d00aaca4",
              "status": "affected",
              "version": "e8454ff7b9a4d56f02c095bff12d3c92ef4c7fa6",
              "versionType": "git"
            },
            {
              "lessThan": "378ce4e08ca2b1ac7bbf1d57b68643ca4226c5f8",
              "status": "affected",
              "version": "e8454ff7b9a4d56f02c095bff12d3c92ef4c7fa6",
              "versionType": "git"
            },
            {
              "lessThan": "2e63c908de357048180516b84740ed62dac0b269",
              "status": "affected",
              "version": "e8454ff7b9a4d56f02c095bff12d3c92ef4c7fa6",
              "versionType": "git"
            },
            {
              "lessThan": "80a3b2ee01eecf22dfa06968b3cde92c691dea10",
              "status": "affected",
              "version": "e8454ff7b9a4d56f02c095bff12d3c92ef4c7fa6",
              "versionType": "git"
            },
            {
              "lessThan": "ca59f9956d4519ab18ab2270be47c6b8c6ced091",
              "status": "affected",
              "version": "e8454ff7b9a4d56f02c095bff12d3c92ef4c7fa6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/radio/wl128x/fmdrv_common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.39"
            },
            {
              "lessThan": "2.6.39",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: wl128x: Fix atomicity violation in fmc_send_cmd()\n\nAtomicity violation occurs when the fmc_send_cmd() function is executed\nsimultaneously with the modification of the fmdev-\u003eresp_skb value.\nConsider a scenario where, after passing the validity check within the\nfunction, a non-null fmdev-\u003eresp_skb variable is assigned a null value.\nThis results in an invalid fmdev-\u003eresp_skb variable passing the validity\ncheck. As seen in the later part of the function, skb = fmdev-\u003eresp_skb;\nwhen the invalid fmdev-\u003eresp_skb passes the check, a null pointer\ndereference error may occur at line 478, evt_hdr = (void *)skb-\u003edata;\n\nTo address this issue, it is recommended to include the validity check of\nfmdev-\u003eresp_skb within the locked section of the function. This\nmodification ensures that the value of fmdev-\u003eresp_skb does not change\nduring the validation process, thereby maintaining its validity.\n\nThis possible bug is found by an experimental static analysis tool\ndeveloped by our team. This tool analyzes the locking APIs\nto extract function pairs that can be concurrently executed, and then\nanalyzes the instructions in the paired functions to identify possible\nconcurrency bugs including data races and atomicity violations."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:02:47.239Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d16109c9fdc1b8cea4fe63b42e06e926c3f68990"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c818ad07e964bca3d27adac1e1f50e1e3c9180e"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7408a052aa1b4f6fb6f1c7a8877b84017a07ac9"
        },
        {
          "url": "https://git.kernel.org/stable/c/ed228b74d8a500380150965d5becabf9a1e33141"
        },
        {
          "url": "https://git.kernel.org/stable/c/372dc9509122e5d45d4c12978e31c3c7d00aaca4"
        },
        {
          "url": "https://git.kernel.org/stable/c/378ce4e08ca2b1ac7bbf1d57b68643ca4226c5f8"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e63c908de357048180516b84740ed62dac0b269"
        },
        {
          "url": "https://git.kernel.org/stable/c/80a3b2ee01eecf22dfa06968b3cde92c691dea10"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca59f9956d4519ab18ab2270be47c6b8c6ced091"
        }
      ],
      "title": "media: wl128x: Fix atomicity violation in fmc_send_cmd()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56700",
    "datePublished": "2024-12-28T09:46:22.770Z",
    "dateReserved": "2024-12-27T15:00:39.851Z",
    "dateUpdated": "2025-11-03T20:52:49.567Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56693 (GCVE-0-2024-56693)

Vulnerability from cvelistv5 – Published: 2024-12-28 09:46 – Updated: 2025-11-03 20:52

Title

brd: defer automatic disk creation until module initialization succeeds

Summary

In the Linux kernel, the following vulnerability has been resolved: brd: defer automatic disk creation until module initialization succeeds My colleague Wupeng found the following problems during fault injection: BUG: unable to handle page fault for address: fffffbfff809d073 PGD 6e648067 P4D 123ec8067 PUD 123ec4067 PMD 100e38067 PTE 0 Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 5 UID: 0 PID: 755 Comm: modprobe Not tainted 6.12.0-rc3+ #17 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 RIP: 0010:__asan_load8+0x4c/0xa0 ... Call Trace: <TASK> blkdev_put_whole+0x41/0x70 bdev_release+0x1a3/0x250 blkdev_release+0x11/0x20 __fput+0x1d7/0x4a0 task_work_run+0xfc/0x180 syscall_exit_to_user_mode+0x1de/0x1f0 do_syscall_64+0x6b/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e loop_init() is calling loop_add() after __register_blkdev() succeeds and is ignoring disk_add() failure from loop_add(), for loop_add() failure is not fatal and successfully created disks are already visible to bdev_open(). brd_init() is currently calling brd_alloc() before __register_blkdev() succeeds and is releasing successfully created disks when brd_init() returns an error. This can cause UAF for the latter two case: case 1: T1: modprobe brd brd_init brd_alloc(0) // success add_disk disk_scan_partitions bdev_file_open_by_dev // alloc file fput // won't free until back to userspace brd_alloc(1) // failed since mem alloc error inject // error path for modprobe will release code segment // back to userspace __fput blkdev_release bdev_release blkdev_put_whole bdev->bd_disk->fops->release // fops is freed now, UAF! case 2: T1: T2: modprobe brd brd_init brd_alloc(0) // success open(/dev/ram0) brd_alloc(1) // fail // error path for modprobe close(/dev/ram0) ... /* UAF! */ bdev->bd_disk->fops->release Fix this problem by following what loop_init() does. Besides, reintroduce brd_devices_mutex to help serialize modifications to brd_list.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/41219c147df8bbd65…
	https://git.kernel.org/stable/c/259bf925583ec9e37…
	https://git.kernel.org/stable/c/410896624db639500…
	https://git.kernel.org/stable/c/c0c2744cd2939ec59…
	https://git.kernel.org/stable/c/63dfd728b30f79495…
	https://git.kernel.org/stable/c/826cc42adf44930a6…

Impacted products

Vendor

Product

Version

Linux

Affected: 7f9b348cb5e94259acdcbafbcaed55d3bb515304 , < 41219c147df8bbd6591f59af5d695fb6c9a1cbff (git)
Affected: 7f9b348cb5e94259acdcbafbcaed55d3bb515304 , < 259bf925583ec9e3781df778cadf00594095090d (git)
Affected: 7f9b348cb5e94259acdcbafbcaed55d3bb515304 , < 410896624db639500f24f46478b4bfa05c76bf56 (git)
Affected: 7f9b348cb5e94259acdcbafbcaed55d3bb515304 , < c0c2744cd2939ec5999c51dbaf2af16886548b7b (git)
Affected: 7f9b348cb5e94259acdcbafbcaed55d3bb515304 , < 63dfd728b30f79495dacc886127695a379805152 (git)
Affected: 7f9b348cb5e94259acdcbafbcaed55d3bb515304 , < 826cc42adf44930a633d11a5993676d85ddb0842 (git)

Linux

Affected: 5.14
Unaffected: 0 , < 5.14 (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56693",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-10T17:12:21.851341Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-10T17:21:06.885Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:52:41.179Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/block/brd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "41219c147df8bbd6591f59af5d695fb6c9a1cbff",
              "status": "affected",
              "version": "7f9b348cb5e94259acdcbafbcaed55d3bb515304",
              "versionType": "git"
            },
            {
              "lessThan": "259bf925583ec9e3781df778cadf00594095090d",
              "status": "affected",
              "version": "7f9b348cb5e94259acdcbafbcaed55d3bb515304",
              "versionType": "git"
            },
            {
              "lessThan": "410896624db639500f24f46478b4bfa05c76bf56",
              "status": "affected",
              "version": "7f9b348cb5e94259acdcbafbcaed55d3bb515304",
              "versionType": "git"
            },
            {
              "lessThan": "c0c2744cd2939ec5999c51dbaf2af16886548b7b",
              "status": "affected",
              "version": "7f9b348cb5e94259acdcbafbcaed55d3bb515304",
              "versionType": "git"
            },
            {
              "lessThan": "63dfd728b30f79495dacc886127695a379805152",
              "status": "affected",
              "version": "7f9b348cb5e94259acdcbafbcaed55d3bb515304",
              "versionType": "git"
            },
            {
              "lessThan": "826cc42adf44930a633d11a5993676d85ddb0842",
              "status": "affected",
              "version": "7f9b348cb5e94259acdcbafbcaed55d3bb515304",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/block/brd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbrd: defer automatic disk creation until module initialization succeeds\n\nMy colleague Wupeng found the following problems during fault injection:\n\nBUG: unable to handle page fault for address: fffffbfff809d073\nPGD 6e648067 P4D 123ec8067 PUD 123ec4067 PMD 100e38067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 5 UID: 0 PID: 755 Comm: modprobe Not tainted 6.12.0-rc3+ #17\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:__asan_load8+0x4c/0xa0\n...\nCall Trace:\n \u003cTASK\u003e\n blkdev_put_whole+0x41/0x70\n bdev_release+0x1a3/0x250\n blkdev_release+0x11/0x20\n __fput+0x1d7/0x4a0\n task_work_run+0xfc/0x180\n syscall_exit_to_user_mode+0x1de/0x1f0\n do_syscall_64+0x6b/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nloop_init() is calling loop_add() after __register_blkdev() succeeds and\nis ignoring disk_add() failure from loop_add(), for loop_add() failure\nis not fatal and successfully created disks are already visible to\nbdev_open().\n\nbrd_init() is currently calling brd_alloc() before __register_blkdev()\nsucceeds and is releasing successfully created disks when brd_init()\nreturns an error. This can cause UAF for the latter two case:\n\ncase 1:\n    T1:\nmodprobe brd\n  brd_init\n    brd_alloc(0) // success\n      add_disk\n        disk_scan_partitions\n          bdev_file_open_by_dev // alloc file\n          fput // won\u0027t free until back to userspace\n    brd_alloc(1) // failed since mem alloc error inject\n  // error path for modprobe will release code segment\n  // back to userspace\n  __fput\n    blkdev_release\n      bdev_release\n        blkdev_put_whole\n          bdev-\u003ebd_disk-\u003efops-\u003erelease // fops is freed now, UAF!\n\ncase 2:\n    T1:                            T2:\nmodprobe brd\n  brd_init\n    brd_alloc(0) // success\n                                   open(/dev/ram0)\n    brd_alloc(1) // fail\n  // error path for modprobe\n\n                                   close(/dev/ram0)\n                                   ...\n                                   /* UAF! */\n                                   bdev-\u003ebd_disk-\u003efops-\u003erelease\n\nFix this problem by following what loop_init() does. Besides,\nreintroduce brd_devices_mutex to help serialize modifications to\nbrd_list."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:02:30.242Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/41219c147df8bbd6591f59af5d695fb6c9a1cbff"
        },
        {
          "url": "https://git.kernel.org/stable/c/259bf925583ec9e3781df778cadf00594095090d"
        },
        {
          "url": "https://git.kernel.org/stable/c/410896624db639500f24f46478b4bfa05c76bf56"
        },
        {
          "url": "https://git.kernel.org/stable/c/c0c2744cd2939ec5999c51dbaf2af16886548b7b"
        },
        {
          "url": "https://git.kernel.org/stable/c/63dfd728b30f79495dacc886127695a379805152"
        },
        {
          "url": "https://git.kernel.org/stable/c/826cc42adf44930a633d11a5993676d85ddb0842"
        }
      ],
      "title": "brd: defer automatic disk creation until module initialization succeeds",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56693",
    "datePublished": "2024-12-28T09:46:18.203Z",
    "dateReserved": "2024-12-27T15:00:39.849Z",
    "dateUpdated": "2025-11-03T20:52:41.179Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-57903 (GCVE-0-2024-57903)

Vulnerability from cvelistv5 – Published: 2025-01-15 13:05 – Updated: 2025-11-03 20:55

Title

net: restrict SO_REUSEPORT to inet sockets

Summary

In the Linux kernel, the following vulnerability has been resolved: net: restrict SO_REUSEPORT to inet sockets After blamed commit, crypto sockets could accidentally be destroyed from RCU call back, as spotted by zyzbot [1]. Trying to acquire a mutex in RCU callback is not allowed. Restrict SO_REUSEPORT socket option to inet sockets. v1 of this patch supported TCP, UDP and SCTP sockets, but fcnal-test.sh test needed RAW and ICMP support. [1] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:562 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 24, name: ksoftirqd/1 preempt_count: 100, expected: 0 RCU nest depth: 0, expected: 0 1 lock held by ksoftirqd/1/24: #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2561 [inline] #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_core+0xa37/0x17a0 kernel/rcu/tree.c:2823 Preemption disabled at: [<ffffffff8161c8c8>] softirq_handle_begin kernel/softirq.c:402 [inline] [<ffffffff8161c8c8>] handle_softirqs+0x128/0x9b0 kernel/softirq.c:537 CPU: 1 UID: 0 PID: 24 Comm: ksoftirqd/1 Not tainted 6.13.0-rc3-syzkaller-00174-ga024e377efed #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 __might_resched+0x5d4/0x780 kernel/sched/core.c:8758 __mutex_lock_common kernel/locking/mutex.c:562 [inline] __mutex_lock+0x131/0xee0 kernel/locking/mutex.c:735 crypto_put_default_null_skcipher+0x18/0x70 crypto/crypto_null.c:179 aead_release+0x3d/0x50 crypto/algif_aead.c:489 alg_do_release crypto/af_alg.c:118 [inline] alg_sock_destruct+0x86/0xc0 crypto/af_alg.c:502 __sk_destruct+0x58/0x5f0 net/core/sock.c:2260 rcu_do_batch kernel/rcu/tree.c:2567 [inline] rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561 run_ksoftirqd+0xca/0x130 kernel/softirq.c:950 smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK>

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/579cfa595af1e00cc…
	https://git.kernel.org/stable/c/ad2ad4cd11af9d631…
	https://git.kernel.org/stable/c/ad91a2dacbf8c26a4…
	https://git.kernel.org/stable/c/3257813a3ae7462ac…
	https://git.kernel.org/stable/c/5b0af621c3f6ef926…

Impacted products

Vendor

Product

Version

Linux

Affected: 8c7138b33e5c690c308b2a7085f6313fdcb3f616 , < 579cfa595af1e00ccc9c3a849a4add6bba8b4bad (git)
Affected: 8c7138b33e5c690c308b2a7085f6313fdcb3f616 , < ad2ad4cd11af9d63187cd074314b71b7cf8a2a59 (git)
Affected: 8c7138b33e5c690c308b2a7085f6313fdcb3f616 , < ad91a2dacbf8c26a446658cdd55e8324dfeff1e7 (git)
Affected: 8c7138b33e5c690c308b2a7085f6313fdcb3f616 , < 3257813a3ae7462ac5cde04e120806f0c0776850 (git)
Affected: 8c7138b33e5c690c308b2a7085f6313fdcb3f616 , < 5b0af621c3f6ef9261cf6067812f2fd9943acb4b (git)
Affected: 62241d6d9e497ad16372b74d2afa3340128e8e57 (git)
Affected: 1e24f532c736b3f99f3fe7c4be66414c40df5f02 (git)
Affected: d5b1db1c7ce4198bbbd51160350bdd446c8ed2ba (git)
Affected: 50b26ba8938f1741523ca733aa9a548a12b6edd6 (git)
Affected: 7e2777fd4816cdf6bff5de9e5221514f36dddfbf (git)

Linux

Affected: 5.4
Unaffected: 0 , < 5.4 (semver)
Unaffected: 5.15.176 , ≤ 5.15.* (semver)
Unaffected: 6.1.124 , ≤ 6.1.* (semver)
Unaffected: 6.6.70 , ≤ 6.6.* (semver)
Unaffected: 6.12.9 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:55:24.238Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/sock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "579cfa595af1e00ccc9c3a849a4add6bba8b4bad",
              "status": "affected",
              "version": "8c7138b33e5c690c308b2a7085f6313fdcb3f616",
              "versionType": "git"
            },
            {
              "lessThan": "ad2ad4cd11af9d63187cd074314b71b7cf8a2a59",
              "status": "affected",
              "version": "8c7138b33e5c690c308b2a7085f6313fdcb3f616",
              "versionType": "git"
            },
            {
              "lessThan": "ad91a2dacbf8c26a446658cdd55e8324dfeff1e7",
              "status": "affected",
              "version": "8c7138b33e5c690c308b2a7085f6313fdcb3f616",
              "versionType": "git"
            },
            {
              "lessThan": "3257813a3ae7462ac5cde04e120806f0c0776850",
              "status": "affected",
              "version": "8c7138b33e5c690c308b2a7085f6313fdcb3f616",
              "versionType": "git"
            },
            {
              "lessThan": "5b0af621c3f6ef9261cf6067812f2fd9943acb4b",
              "status": "affected",
              "version": "8c7138b33e5c690c308b2a7085f6313fdcb3f616",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "62241d6d9e497ad16372b74d2afa3340128e8e57",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "1e24f532c736b3f99f3fe7c4be66414c40df5f02",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d5b1db1c7ce4198bbbd51160350bdd446c8ed2ba",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "50b26ba8938f1741523ca733aa9a548a12b6edd6",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7e2777fd4816cdf6bff5de9e5221514f36dddfbf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/sock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.124",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.70",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.176",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.124",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.70",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.9",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.196",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.148",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.78",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.2.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.3.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: restrict SO_REUSEPORT to inet sockets\n\nAfter blamed commit, crypto sockets could accidentally be destroyed\nfrom RCU call back, as spotted by zyzbot [1].\n\nTrying to acquire a mutex in RCU callback is not allowed.\n\nRestrict SO_REUSEPORT socket option to inet sockets.\n\nv1 of this patch supported TCP, UDP and SCTP sockets,\nbut fcnal-test.sh test needed RAW and ICMP support.\n\n[1]\nBUG: sleeping function called from invalid context at kernel/locking/mutex.c:562\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 24, name: ksoftirqd/1\npreempt_count: 100, expected: 0\nRCU nest depth: 0, expected: 0\n1 lock held by ksoftirqd/1/24:\n  #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]\n  #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2561 [inline]\n  #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_core+0xa37/0x17a0 kernel/rcu/tree.c:2823\nPreemption disabled at:\n [\u003cffffffff8161c8c8\u003e] softirq_handle_begin kernel/softirq.c:402 [inline]\n [\u003cffffffff8161c8c8\u003e] handle_softirqs+0x128/0x9b0 kernel/softirq.c:537\nCPU: 1 UID: 0 PID: 24 Comm: ksoftirqd/1 Not tainted 6.13.0-rc3-syzkaller-00174-ga024e377efed #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cTASK\u003e\n  __dump_stack lib/dump_stack.c:94 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n  __might_resched+0x5d4/0x780 kernel/sched/core.c:8758\n  __mutex_lock_common kernel/locking/mutex.c:562 [inline]\n  __mutex_lock+0x131/0xee0 kernel/locking/mutex.c:735\n  crypto_put_default_null_skcipher+0x18/0x70 crypto/crypto_null.c:179\n  aead_release+0x3d/0x50 crypto/algif_aead.c:489\n  alg_do_release crypto/af_alg.c:118 [inline]\n  alg_sock_destruct+0x86/0xc0 crypto/af_alg.c:502\n  __sk_destruct+0x58/0x5f0 net/core/sock.c:2260\n  rcu_do_batch kernel/rcu/tree.c:2567 [inline]\n  rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823\n  handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n  run_ksoftirqd+0xca/0x130 kernel/softirq.c:950\n  smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n  kthread+0x2f0/0x390 kernel/kthread.c:389\n  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T13:01:32.562Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/579cfa595af1e00ccc9c3a849a4add6bba8b4bad"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad2ad4cd11af9d63187cd074314b71b7cf8a2a59"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad91a2dacbf8c26a446658cdd55e8324dfeff1e7"
        },
        {
          "url": "https://git.kernel.org/stable/c/3257813a3ae7462ac5cde04e120806f0c0776850"
        },
        {
          "url": "https://git.kernel.org/stable/c/5b0af621c3f6ef9261cf6067812f2fd9943acb4b"
        }
      ],
      "title": "net: restrict SO_REUSEPORT to inet sockets",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57903",
    "datePublished": "2025-01-15T13:05:59.264Z",
    "dateReserved": "2025-01-11T14:45:42.031Z",
    "dateUpdated": "2025-11-03T20:55:24.238Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-57911 (GCVE-0-2024-57911)

Vulnerability from cvelistv5 – Published: 2025-01-19 11:52 – Updated: 2025-11-03 20:55

Title

iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer

Summary

In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer The 'data' array is allocated via kmalloc() and it is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Use kzalloc for the memory allocation to avoid pushing uninitialized information to userspace.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-908 - Use of Uninitialized Resource

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/03fa47621bf8fcbf5…
	https://git.kernel.org/stable/c/e1c1e8c05010103c9…
	https://git.kernel.org/stable/c/006073761888a632c…
	https://git.kernel.org/stable/c/b0642d9c871aea1f2…
	https://git.kernel.org/stable/c/74058395b2c63c8a4…
	https://git.kernel.org/stable/c/ea703cda36da0dacb…
	https://git.kernel.org/stable/c/333be433ee908a53f…

Impacted products

Vendor

Product

Version

Linux

Affected: 415f792447572ef1949a3cef5119bbce8cc66373 , < 03fa47621bf8fcbf5994c5716021527853f9af3d (git)
Affected: 415f792447572ef1949a3cef5119bbce8cc66373 , < e1c1e8c05010103c9c9ea3e9c4304b0b7e2c8e4a (git)
Affected: 415f792447572ef1949a3cef5119bbce8cc66373 , < 006073761888a632c5d6f93e47c41760fa627f77 (git)
Affected: 415f792447572ef1949a3cef5119bbce8cc66373 , < b0642d9c871aea1f28eb02cd84d60434df594f67 (git)
Affected: 415f792447572ef1949a3cef5119bbce8cc66373 , < 74058395b2c63c8a438cf199d09094b640f8c7f4 (git)
Affected: 415f792447572ef1949a3cef5119bbce8cc66373 , < ea703cda36da0dacb9a2fd876370003197d8a019 (git)
Affected: 415f792447572ef1949a3cef5119bbce8cc66373 , < 333be433ee908a53f283beb95585dfc14c8ffb46 (git)

Linux

Affected: 4.5
Unaffected: 0 , < 4.5 (semver)
Unaffected: 5.4.290 , ≤ 5.4.* (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.125 , ≤ 6.1.* (semver)
Unaffected: 6.6.72 , ≤ 6.6.* (semver)
Unaffected: 6.12.10 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-57911",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:53:26.644752Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-908",
                "description": "CWE-908 Use of Uninitialized Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:15.830Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:55:42.580Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/iio/dummy/iio_simple_dummy_buffer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "03fa47621bf8fcbf5994c5716021527853f9af3d",
              "status": "affected",
              "version": "415f792447572ef1949a3cef5119bbce8cc66373",
              "versionType": "git"
            },
            {
              "lessThan": "e1c1e8c05010103c9c9ea3e9c4304b0b7e2c8e4a",
              "status": "affected",
              "version": "415f792447572ef1949a3cef5119bbce8cc66373",
              "versionType": "git"
            },
            {
              "lessThan": "006073761888a632c5d6f93e47c41760fa627f77",
              "status": "affected",
              "version": "415f792447572ef1949a3cef5119bbce8cc66373",
              "versionType": "git"
            },
            {
              "lessThan": "b0642d9c871aea1f28eb02cd84d60434df594f67",
              "status": "affected",
              "version": "415f792447572ef1949a3cef5119bbce8cc66373",
              "versionType": "git"
            },
            {
              "lessThan": "74058395b2c63c8a438cf199d09094b640f8c7f4",
              "status": "affected",
              "version": "415f792447572ef1949a3cef5119bbce8cc66373",
              "versionType": "git"
            },
            {
              "lessThan": "ea703cda36da0dacb9a2fd876370003197d8a019",
              "status": "affected",
              "version": "415f792447572ef1949a3cef5119bbce8cc66373",
              "versionType": "git"
            },
            {
              "lessThan": "333be433ee908a53f283beb95585dfc14c8ffb46",
              "status": "affected",
              "version": "415f792447572ef1949a3cef5119bbce8cc66373",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/iio/dummy/iio_simple_dummy_buffer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.5"
            },
            {
              "lessThan": "4.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.290",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.125",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.72",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.290",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.125",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.72",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.10",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer\n\nThe \u0027data\u0027 array is allocated via kmalloc() and it is used to push data\nto user space from a triggered buffer, but it does not set values for\ninactive channels, as it only uses iio_for_each_active_channel()\nto assign new values.\n\nUse kzalloc for the memory allocation to avoid pushing uninitialized\ninformation to userspace."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:06:28.893Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/03fa47621bf8fcbf5994c5716021527853f9af3d"
        },
        {
          "url": "https://git.kernel.org/stable/c/e1c1e8c05010103c9c9ea3e9c4304b0b7e2c8e4a"
        },
        {
          "url": "https://git.kernel.org/stable/c/006073761888a632c5d6f93e47c41760fa627f77"
        },
        {
          "url": "https://git.kernel.org/stable/c/b0642d9c871aea1f28eb02cd84d60434df594f67"
        },
        {
          "url": "https://git.kernel.org/stable/c/74058395b2c63c8a438cf199d09094b640f8c7f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea703cda36da0dacb9a2fd876370003197d8a019"
        },
        {
          "url": "https://git.kernel.org/stable/c/333be433ee908a53f283beb95585dfc14c8ffb46"
        }
      ],
      "title": "iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57911",
    "datePublished": "2025-01-19T11:52:33.806Z",
    "dateReserved": "2025-01-19T11:50:08.373Z",
    "dateUpdated": "2025-11-03T20:55:42.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56704 (GCVE-0-2024-56704)

Vulnerability from cvelistv5 – Published: 2024-12-28 09:46 – Updated: 2025-11-03 20:52

Title

9p/xen: fix release of IRQ

Summary

In the Linux kernel, the following vulnerability has been resolved: 9p/xen: fix release of IRQ Kernel logs indicate an IRQ was double-freed. Pass correct device ID during IRQ release. [Dominique: remove confusing variable reset to 0]

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-415 - Double Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/692eb06703afc3e24…
	https://git.kernel.org/stable/c/d74b4b297097bd361…
	https://git.kernel.org/stable/c/7f5a2ed5c1810661e…
	https://git.kernel.org/stable/c/4950408793b118cb8…
	https://git.kernel.org/stable/c/b9e26059664bd9ebc…
	https://git.kernel.org/stable/c/2bb3ee1bf237557da…
	https://git.kernel.org/stable/c/d888f5f5d76b2722c…
	https://git.kernel.org/stable/c/530bc9f03a102fac9…
	https://git.kernel.org/stable/c/e43c608f40c065b30…

Impacted products

Vendor

Product

Version

Linux

Affected: 71ebd71921e451f0f942ddfe85d01e31ddc6eb88 , < 692eb06703afc3e24d889d77e94a0e20229f6a4a (git)
Affected: 71ebd71921e451f0f942ddfe85d01e31ddc6eb88 , < d74b4b297097bd361b8a9abfde9b521ff464ea9c (git)
Affected: 71ebd71921e451f0f942ddfe85d01e31ddc6eb88 , < 7f5a2ed5c1810661e6b03f5a4ebf17682cdea850 (git)
Affected: 71ebd71921e451f0f942ddfe85d01e31ddc6eb88 , < 4950408793b118cb8075bcee1f033b543fb719fa (git)
Affected: 71ebd71921e451f0f942ddfe85d01e31ddc6eb88 , < b9e26059664bd9ebc64a0e8f5216266fc9f84265 (git)
Affected: 71ebd71921e451f0f942ddfe85d01e31ddc6eb88 , < 2bb3ee1bf237557daea1d58007d2e1d4a6502ccf (git)
Affected: 71ebd71921e451f0f942ddfe85d01e31ddc6eb88 , < d888f5f5d76b2722c267e6bdf51d445d60647b7b (git)
Affected: 71ebd71921e451f0f942ddfe85d01e31ddc6eb88 , < 530bc9f03a102fac95b07cda513bfc16ff69e0ee (git)
Affected: 71ebd71921e451f0f942ddfe85d01e31ddc6eb88 , < e43c608f40c065b30964f0a806348062991b802d (git)

Linux

Affected: 4.12
Unaffected: 0 , < 4.12 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56704",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:58:47.879822Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-415",
                "description": "CWE-415 Double Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:07.289Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:52:55.105Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/9p/trans_xen.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "692eb06703afc3e24d889d77e94a0e20229f6a4a",
              "status": "affected",
              "version": "71ebd71921e451f0f942ddfe85d01e31ddc6eb88",
              "versionType": "git"
            },
            {
              "lessThan": "d74b4b297097bd361b8a9abfde9b521ff464ea9c",
              "status": "affected",
              "version": "71ebd71921e451f0f942ddfe85d01e31ddc6eb88",
              "versionType": "git"
            },
            {
              "lessThan": "7f5a2ed5c1810661e6b03f5a4ebf17682cdea850",
              "status": "affected",
              "version": "71ebd71921e451f0f942ddfe85d01e31ddc6eb88",
              "versionType": "git"
            },
            {
              "lessThan": "4950408793b118cb8075bcee1f033b543fb719fa",
              "status": "affected",
              "version": "71ebd71921e451f0f942ddfe85d01e31ddc6eb88",
              "versionType": "git"
            },
            {
              "lessThan": "b9e26059664bd9ebc64a0e8f5216266fc9f84265",
              "status": "affected",
              "version": "71ebd71921e451f0f942ddfe85d01e31ddc6eb88",
              "versionType": "git"
            },
            {
              "lessThan": "2bb3ee1bf237557daea1d58007d2e1d4a6502ccf",
              "status": "affected",
              "version": "71ebd71921e451f0f942ddfe85d01e31ddc6eb88",
              "versionType": "git"
            },
            {
              "lessThan": "d888f5f5d76b2722c267e6bdf51d445d60647b7b",
              "status": "affected",
              "version": "71ebd71921e451f0f942ddfe85d01e31ddc6eb88",
              "versionType": "git"
            },
            {
              "lessThan": "530bc9f03a102fac95b07cda513bfc16ff69e0ee",
              "status": "affected",
              "version": "71ebd71921e451f0f942ddfe85d01e31ddc6eb88",
              "versionType": "git"
            },
            {
              "lessThan": "e43c608f40c065b30964f0a806348062991b802d",
              "status": "affected",
              "version": "71ebd71921e451f0f942ddfe85d01e31ddc6eb88",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/9p/trans_xen.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.12"
            },
            {
              "lessThan": "4.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\n9p/xen: fix release of IRQ\n\nKernel logs indicate an IRQ was double-freed.\n\nPass correct device ID during IRQ release.\n\n[Dominique: remove confusing variable reset to 0]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:02:53.550Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/692eb06703afc3e24d889d77e94a0e20229f6a4a"
        },
        {
          "url": "https://git.kernel.org/stable/c/d74b4b297097bd361b8a9abfde9b521ff464ea9c"
        },
        {
          "url": "https://git.kernel.org/stable/c/7f5a2ed5c1810661e6b03f5a4ebf17682cdea850"
        },
        {
          "url": "https://git.kernel.org/stable/c/4950408793b118cb8075bcee1f033b543fb719fa"
        },
        {
          "url": "https://git.kernel.org/stable/c/b9e26059664bd9ebc64a0e8f5216266fc9f84265"
        },
        {
          "url": "https://git.kernel.org/stable/c/2bb3ee1bf237557daea1d58007d2e1d4a6502ccf"
        },
        {
          "url": "https://git.kernel.org/stable/c/d888f5f5d76b2722c267e6bdf51d445d60647b7b"
        },
        {
          "url": "https://git.kernel.org/stable/c/530bc9f03a102fac95b07cda513bfc16ff69e0ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/e43c608f40c065b30964f0a806348062991b802d"
        }
      ],
      "title": "9p/xen: fix release of IRQ",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56704",
    "datePublished": "2024-12-28T09:46:25.766Z",
    "dateReserved": "2024-12-27T15:00:39.856Z",
    "dateUpdated": "2025-11-03T20:52:55.105Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53183 (GCVE-0-2024-53183)

Vulnerability from cvelistv5 – Published: 2024-12-27 13:49 – Updated: 2026-01-05 10:55

Title

um: net: Do not use drvdata in release

Summary

In the Linux kernel, the following vulnerability has been resolved: um: net: Do not use drvdata in release The drvdata is not available in release. Let's just use container_of() to get the uml_net instance. Otherwise, removing a network device will result in a crash: RIP: 0033:net_device_release+0x10/0x6f RSP: 00000000e20c7c40 EFLAGS: 00010206 RAX: 000000006002e4e7 RBX: 00000000600f1baf RCX: 00000000624074e0 RDX: 0000000062778000 RSI: 0000000060551c80 RDI: 00000000627af028 RBP: 00000000e20c7c50 R08: 00000000603ad594 R09: 00000000e20c7b70 R10: 000000000000135a R11: 00000000603ad422 R12: 0000000000000000 R13: 0000000062c7af00 R14: 0000000062406d60 R15: 00000000627700b6 Kernel panic - not syncing: Segfault with no mm CPU: 0 UID: 0 PID: 29 Comm: kworker/0:2 Not tainted 6.12.0-rc6-g59b723cd2adb #1 Workqueue: events mc_work_proc Stack: 627af028 62c7af00 e20c7c80 60276fcd 62778000 603f5820 627af028 00000000 e20c7cb0 603a2bcd 627af000 62770010 Call Trace: [<60276fcd>] device_release+0x70/0xba [<603a2bcd>] kobject_put+0xba/0xe7 [<60277265>] put_device+0x19/0x1c [<60281266>] platform_device_put+0x26/0x29 [<60281e5f>] platform_device_unregister+0x2c/0x2e [<6002ec9c>] net_remove+0x63/0x69 [<60031316>] ? mconsole_reply+0x0/0x50 [<600310c8>] mconsole_remove+0x160/0x1cc [<60087d40>] ? __remove_hrtimer+0x38/0x74 [<60087ff8>] ? hrtimer_try_to_cancel+0x8c/0x98 [<6006b3cf>] ? dl_server_stop+0x3f/0x48 [<6006b390>] ? dl_server_stop+0x0/0x48 [<600672e8>] ? dequeue_entities+0x327/0x390 [<60038fa6>] ? um_set_signals+0x0/0x43 [<6003070c>] mc_work_proc+0x77/0x91 [<60057664>] process_scheduled_works+0x1b3/0x2dd [<60055f32>] ? assign_work+0x0/0x58 [<60057f0a>] worker_thread+0x1e9/0x293 [<6005406f>] ? set_pf_worker+0x0/0x64 [<6005d65d>] ? arch_local_irq_save+0x0/0x2d [<6005d748>] ? kthread_exit+0x0/0x3a [<60057d21>] ? worker_thread+0x0/0x293 [<6005dbf1>] kthread+0x126/0x12b [<600219c5>] new_thread_handler+0x85/0xb6

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b174ab33aaafd556a…
	https://git.kernel.org/stable/c/8d9d174d3f55daaf5…
	https://git.kernel.org/stable/c/6be99d4c117b9642a…
	https://git.kernel.org/stable/c/1635d9a0ff1b8bd7a…
	https://git.kernel.org/stable/c/160cd5f956d191eb9…
	https://git.kernel.org/stable/c/cdbd5a1dcdc2c27ac…
	https://git.kernel.org/stable/c/468c2e5394afc848e…
	https://git.kernel.org/stable/c/f04cd022ee1fde219…
	https://git.kernel.org/stable/c/d1db692a9be3b4bd3…

Impacted products

Vendor

Product

Version

Linux

Affected: 2e3f5251ac716879df6b6271f243f657c6e02e9a , < b174ab33aaafd556a1ead72fa8e35d70b6fb1e39 (git)
Affected: 2e3f5251ac716879df6b6271f243f657c6e02e9a , < 8d9d174d3f55daaf5e7b48e9d7f53c723adbed86 (git)
Affected: 2e3f5251ac716879df6b6271f243f657c6e02e9a , < 6be99d4c117b9642a44d9f54f034b67615be2b2b (git)
Affected: 2e3f5251ac716879df6b6271f243f657c6e02e9a , < 1635d9a0ff1b8bd7aa4767d4ea7b3de72cd36f28 (git)
Affected: 2e3f5251ac716879df6b6271f243f657c6e02e9a , < 160cd5f956d191eb97664afd31ca59284c08d876 (git)
Affected: 2e3f5251ac716879df6b6271f243f657c6e02e9a , < cdbd5a1dcdc2c27ac076f91b03b9add3fefa1a82 (git)
Affected: 2e3f5251ac716879df6b6271f243f657c6e02e9a , < 468c2e5394afc848efb1eae6e1961a3c855cf35e (git)
Affected: 2e3f5251ac716879df6b6271f243f657c6e02e9a , < f04cd022ee1fde219e0db1086c27a0a5ba1914db (git)
Affected: 2e3f5251ac716879df6b6271f243f657c6e02e9a , < d1db692a9be3b4bd3473b64fcae996afaffe8438 (git)

Linux

Affected: 2.6.22
Unaffected: 0 , < 2.6.22 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:47:18.076Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/um/drivers/net_kern.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b174ab33aaafd556a1ead72fa8e35d70b6fb1e39",
              "status": "affected",
              "version": "2e3f5251ac716879df6b6271f243f657c6e02e9a",
              "versionType": "git"
            },
            {
              "lessThan": "8d9d174d3f55daaf5e7b48e9d7f53c723adbed86",
              "status": "affected",
              "version": "2e3f5251ac716879df6b6271f243f657c6e02e9a",
              "versionType": "git"
            },
            {
              "lessThan": "6be99d4c117b9642a44d9f54f034b67615be2b2b",
              "status": "affected",
              "version": "2e3f5251ac716879df6b6271f243f657c6e02e9a",
              "versionType": "git"
            },
            {
              "lessThan": "1635d9a0ff1b8bd7aa4767d4ea7b3de72cd36f28",
              "status": "affected",
              "version": "2e3f5251ac716879df6b6271f243f657c6e02e9a",
              "versionType": "git"
            },
            {
              "lessThan": "160cd5f956d191eb97664afd31ca59284c08d876",
              "status": "affected",
              "version": "2e3f5251ac716879df6b6271f243f657c6e02e9a",
              "versionType": "git"
            },
            {
              "lessThan": "cdbd5a1dcdc2c27ac076f91b03b9add3fefa1a82",
              "status": "affected",
              "version": "2e3f5251ac716879df6b6271f243f657c6e02e9a",
              "versionType": "git"
            },
            {
              "lessThan": "468c2e5394afc848efb1eae6e1961a3c855cf35e",
              "status": "affected",
              "version": "2e3f5251ac716879df6b6271f243f657c6e02e9a",
              "versionType": "git"
            },
            {
              "lessThan": "f04cd022ee1fde219e0db1086c27a0a5ba1914db",
              "status": "affected",
              "version": "2e3f5251ac716879df6b6271f243f657c6e02e9a",
              "versionType": "git"
            },
            {
              "lessThan": "d1db692a9be3b4bd3473b64fcae996afaffe8438",
              "status": "affected",
              "version": "2e3f5251ac716879df6b6271f243f657c6e02e9a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/um/drivers/net_kern.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.22"
            },
            {
              "lessThan": "2.6.22",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\num: net: Do not use drvdata in release\n\nThe drvdata is not available in release. Let\u0027s just use container_of()\nto get the uml_net instance. Otherwise, removing a network device will\nresult in a crash:\n\nRIP: 0033:net_device_release+0x10/0x6f\nRSP: 00000000e20c7c40  EFLAGS: 00010206\nRAX: 000000006002e4e7 RBX: 00000000600f1baf RCX: 00000000624074e0\nRDX: 0000000062778000 RSI: 0000000060551c80 RDI: 00000000627af028\nRBP: 00000000e20c7c50 R08: 00000000603ad594 R09: 00000000e20c7b70\nR10: 000000000000135a R11: 00000000603ad422 R12: 0000000000000000\nR13: 0000000062c7af00 R14: 0000000062406d60 R15: 00000000627700b6\nKernel panic - not syncing: Segfault with no mm\nCPU: 0 UID: 0 PID: 29 Comm: kworker/0:2 Not tainted 6.12.0-rc6-g59b723cd2adb #1\nWorkqueue: events mc_work_proc\nStack:\n 627af028 62c7af00 e20c7c80 60276fcd\n 62778000 603f5820 627af028 00000000\n e20c7cb0 603a2bcd 627af000 62770010\nCall Trace:\n [\u003c60276fcd\u003e] device_release+0x70/0xba\n [\u003c603a2bcd\u003e] kobject_put+0xba/0xe7\n [\u003c60277265\u003e] put_device+0x19/0x1c\n [\u003c60281266\u003e] platform_device_put+0x26/0x29\n [\u003c60281e5f\u003e] platform_device_unregister+0x2c/0x2e\n [\u003c6002ec9c\u003e] net_remove+0x63/0x69\n [\u003c60031316\u003e] ? mconsole_reply+0x0/0x50\n [\u003c600310c8\u003e] mconsole_remove+0x160/0x1cc\n [\u003c60087d40\u003e] ? __remove_hrtimer+0x38/0x74\n [\u003c60087ff8\u003e] ? hrtimer_try_to_cancel+0x8c/0x98\n [\u003c6006b3cf\u003e] ? dl_server_stop+0x3f/0x48\n [\u003c6006b390\u003e] ? dl_server_stop+0x0/0x48\n [\u003c600672e8\u003e] ? dequeue_entities+0x327/0x390\n [\u003c60038fa6\u003e] ? um_set_signals+0x0/0x43\n [\u003c6003070c\u003e] mc_work_proc+0x77/0x91\n [\u003c60057664\u003e] process_scheduled_works+0x1b3/0x2dd\n [\u003c60055f32\u003e] ? assign_work+0x0/0x58\n [\u003c60057f0a\u003e] worker_thread+0x1e9/0x293\n [\u003c6005406f\u003e] ? set_pf_worker+0x0/0x64\n [\u003c6005d65d\u003e] ? arch_local_irq_save+0x0/0x2d\n [\u003c6005d748\u003e] ? kthread_exit+0x0/0x3a\n [\u003c60057d21\u003e] ? worker_thread+0x0/0x293\n [\u003c6005dbf1\u003e] kthread+0x126/0x12b\n [\u003c600219c5\u003e] new_thread_handler+0x85/0xb6"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:55:46.811Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b174ab33aaafd556a1ead72fa8e35d70b6fb1e39"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d9d174d3f55daaf5e7b48e9d7f53c723adbed86"
        },
        {
          "url": "https://git.kernel.org/stable/c/6be99d4c117b9642a44d9f54f034b67615be2b2b"
        },
        {
          "url": "https://git.kernel.org/stable/c/1635d9a0ff1b8bd7aa4767d4ea7b3de72cd36f28"
        },
        {
          "url": "https://git.kernel.org/stable/c/160cd5f956d191eb97664afd31ca59284c08d876"
        },
        {
          "url": "https://git.kernel.org/stable/c/cdbd5a1dcdc2c27ac076f91b03b9add3fefa1a82"
        },
        {
          "url": "https://git.kernel.org/stable/c/468c2e5394afc848efb1eae6e1961a3c855cf35e"
        },
        {
          "url": "https://git.kernel.org/stable/c/f04cd022ee1fde219e0db1086c27a0a5ba1914db"
        },
        {
          "url": "https://git.kernel.org/stable/c/d1db692a9be3b4bd3473b64fcae996afaffe8438"
        }
      ],
      "title": "um: net: Do not use drvdata in release",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53183",
    "datePublished": "2024-12-27T13:49:26.351Z",
    "dateReserved": "2024-11-19T17:17:25.009Z",
    "dateUpdated": "2026-01-05T10:55:46.811Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56785 (GCVE-0-2024-56785)

Vulnerability from cvelistv5 – Published: 2025-01-08 17:52 – Updated: 2026-01-05 10:56

Title

MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a

Summary

In the Linux kernel, the following vulnerability has been resolved: MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a Fix the dtc warnings: arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning (interrupt_provider): /bus@10000000/pci@1a000000: '#interrupt-cells' found, but node is not an interrupt provider arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning (interrupt_provider): /bus@10000000/pci@1a000000: '#interrupt-cells' found, but node is not an interrupt provider arch/mips/boot/dts/loongson/loongson64g_4core_ls7a.dtb: Warning (interrupt_map): Failed prerequisite 'interrupt_provider' And a runtime warning introduced in commit 045b14ca5c36 ("of: WARN on deprecated #address-cells/#size-cells handling"): WARNING: CPU: 0 PID: 1 at drivers/of/base.c:106 of_bus_n_addr_cells+0x9c/0xe0 Missing '#address-cells' in /bus@10000000/pci@1a000000/pci_bridge@9,0 The fix is similar to commit d89a415ff8d5 ("MIPS: Loongson64: DTS: Fix PCIe port nodes for ls7a"), which has fixed the issue for ls2k (despite its subject mentions ls7a).

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5a2eaa3ad2b803c7e…
	https://git.kernel.org/stable/c/a7fd78075031871bc…
	https://git.kernel.org/stable/c/c8ee41fc3522c6659…
	https://git.kernel.org/stable/c/8ef9ea1503d0a129c…
	https://git.kernel.org/stable/c/01575f2ff8ba578a3…
	https://git.kernel.org/stable/c/4fbd66d8254cedfd1…

Impacted products

Vendor

Product

Version

Linux

Affected: 24af105962c8004edb9f5bf84bc587cbb30e52de , < 5a2eaa3ad2b803c7ea442c6db7379466ee73c024 (git)
Affected: 24af105962c8004edb9f5bf84bc587cbb30e52de , < a7fd78075031871bc68fc56fdaa6e7a3934064b1 (git)
Affected: 24af105962c8004edb9f5bf84bc587cbb30e52de , < c8ee41fc3522c6659e324d90bc2ccd3b6310d7fc (git)
Affected: 24af105962c8004edb9f5bf84bc587cbb30e52de , < 8ef9ea1503d0a129cc6f5cf48fb63633efa5d766 (git)
Affected: 24af105962c8004edb9f5bf84bc587cbb30e52de , < 01575f2ff8ba578a3436f230668bd056dc2eb823 (git)
Affected: 24af105962c8004edb9f5bf84bc587cbb30e52de , < 4fbd66d8254cedfd1218393f39d83b6c07a01917 (git)

Linux

Affected: 5.9
Unaffected: 0 , < 5.9 (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56785",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:56:08.899227Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:23.234Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:54:23.999Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/mips/boot/dts/loongson/ls7a-pch.dtsi"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5a2eaa3ad2b803c7ea442c6db7379466ee73c024",
              "status": "affected",
              "version": "24af105962c8004edb9f5bf84bc587cbb30e52de",
              "versionType": "git"
            },
            {
              "lessThan": "a7fd78075031871bc68fc56fdaa6e7a3934064b1",
              "status": "affected",
              "version": "24af105962c8004edb9f5bf84bc587cbb30e52de",
              "versionType": "git"
            },
            {
              "lessThan": "c8ee41fc3522c6659e324d90bc2ccd3b6310d7fc",
              "status": "affected",
              "version": "24af105962c8004edb9f5bf84bc587cbb30e52de",
              "versionType": "git"
            },
            {
              "lessThan": "8ef9ea1503d0a129cc6f5cf48fb63633efa5d766",
              "status": "affected",
              "version": "24af105962c8004edb9f5bf84bc587cbb30e52de",
              "versionType": "git"
            },
            {
              "lessThan": "01575f2ff8ba578a3436f230668bd056dc2eb823",
              "status": "affected",
              "version": "24af105962c8004edb9f5bf84bc587cbb30e52de",
              "versionType": "git"
            },
            {
              "lessThan": "4fbd66d8254cedfd1218393f39d83b6c07a01917",
              "status": "affected",
              "version": "24af105962c8004edb9f5bf84bc587cbb30e52de",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/mips/boot/dts/loongson/ls7a-pch.dtsi"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a\n\nFix the dtc warnings:\n\n    arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning (interrupt_provider): /bus@10000000/pci@1a000000: \u0027#interrupt-cells\u0027 found, but node is not an interrupt provider\n    arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning (interrupt_provider): /bus@10000000/pci@1a000000: \u0027#interrupt-cells\u0027 found, but node is not an interrupt provider\n    arch/mips/boot/dts/loongson/loongson64g_4core_ls7a.dtb: Warning (interrupt_map): Failed prerequisite \u0027interrupt_provider\u0027\n\nAnd a runtime warning introduced in commit 045b14ca5c36 (\"of: WARN on\ndeprecated #address-cells/#size-cells handling\"):\n\n    WARNING: CPU: 0 PID: 1 at drivers/of/base.c:106 of_bus_n_addr_cells+0x9c/0xe0\n    Missing \u0027#address-cells\u0027 in /bus@10000000/pci@1a000000/pci_bridge@9,0\n\nThe fix is similar to commit d89a415ff8d5 (\"MIPS: Loongson64: DTS: Fix PCIe\nport nodes for ls7a\"), which has fixed the issue for ls2k (despite its\nsubject mentions ls7a)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:56:21.534Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5a2eaa3ad2b803c7ea442c6db7379466ee73c024"
        },
        {
          "url": "https://git.kernel.org/stable/c/a7fd78075031871bc68fc56fdaa6e7a3934064b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/c8ee41fc3522c6659e324d90bc2ccd3b6310d7fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ef9ea1503d0a129cc6f5cf48fb63633efa5d766"
        },
        {
          "url": "https://git.kernel.org/stable/c/01575f2ff8ba578a3436f230668bd056dc2eb823"
        },
        {
          "url": "https://git.kernel.org/stable/c/4fbd66d8254cedfd1218393f39d83b6c07a01917"
        }
      ],
      "title": "MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56785",
    "datePublished": "2025-01-08T17:52:01.312Z",
    "dateReserved": "2024-12-29T11:26:39.769Z",
    "dateUpdated": "2026-01-05T10:56:21.534Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53237 (GCVE-0-2024-53237)

Vulnerability from cvelistv5 – Published: 2024-12-27 13:50 – Updated: 2025-11-03 20:48

Title

Bluetooth: fix use-after-free in device_for_each_child()

Summary

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix use-after-free in device_for_each_child() Syzbot has reported the following KASAN splat: BUG: KASAN: slab-use-after-free in device_for_each_child+0x18f/0x1a0 Read of size 8 at addr ffff88801f605308 by task kbnepd bnep0/4980 CPU: 0 UID: 0 PID: 4980 Comm: kbnepd bnep0 Not tainted 6.12.0-rc4-00161-gae90f6a6170d #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x100/0x190 ? device_for_each_child+0x18f/0x1a0 print_report+0x13a/0x4cb ? __virt_addr_valid+0x5e/0x590 ? __phys_addr+0xc6/0x150 ? device_for_each_child+0x18f/0x1a0 kasan_report+0xda/0x110 ? device_for_each_child+0x18f/0x1a0 ? __pfx_dev_memalloc_noio+0x10/0x10 device_for_each_child+0x18f/0x1a0 ? __pfx_device_for_each_child+0x10/0x10 pm_runtime_set_memalloc_noio+0xf2/0x180 netdev_unregister_kobject+0x1ed/0x270 unregister_netdevice_many_notify+0x123c/0x1d80 ? __mutex_trylock_common+0xde/0x250 ? __pfx_unregister_netdevice_many_notify+0x10/0x10 ? trace_contention_end+0xe6/0x140 ? __mutex_lock+0x4e7/0x8f0 ? __pfx_lock_acquire.part.0+0x10/0x10 ? rcu_is_watching+0x12/0xc0 ? unregister_netdev+0x12/0x30 unregister_netdevice_queue+0x30d/0x3f0 ? __pfx_unregister_netdevice_queue+0x10/0x10 ? __pfx_down_write+0x10/0x10 unregister_netdev+0x1c/0x30 bnep_session+0x1fb3/0x2ab0 ? __pfx_bnep_session+0x10/0x10 ? __pfx_lock_release+0x10/0x10 ? __pfx_woken_wake_function+0x10/0x10 ? __kthread_parkme+0x132/0x200 ? __pfx_bnep_session+0x10/0x10 ? kthread+0x13a/0x370 ? __pfx_bnep_session+0x10/0x10 kthread+0x2b7/0x370 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x48/0x80 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 4974: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0xaa/0xb0 __kmalloc_noprof+0x1d1/0x440 hci_alloc_dev_priv+0x1d/0x2820 __vhci_create_device+0xef/0x7d0 vhci_write+0x2c7/0x480 vfs_write+0x6a0/0xfc0 ksys_write+0x12f/0x260 do_syscall_64+0xc7/0x250 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 4979: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x4f/0x70 kfree+0x141/0x490 hci_release_dev+0x4d9/0x600 bt_host_release+0x6a/0xb0 device_release+0xa4/0x240 kobject_put+0x1ec/0x5a0 put_device+0x1f/0x30 vhci_release+0x81/0xf0 __fput+0x3f6/0xb30 task_work_run+0x151/0x250 do_exit+0xa79/0x2c30 do_group_exit+0xd5/0x2a0 get_signal+0x1fcd/0x2210 arch_do_signal_or_restart+0x93/0x780 syscall_exit_to_user_mode+0x140/0x290 do_syscall_64+0xd4/0x250 entry_SYSCALL_64_after_hwframe+0x77/0x7f In 'hci_conn_del_sysfs()', 'device_unregister()' may be called when an underlying (kobject) reference counter is greater than 1. This means that reparenting (happened when the device is actually freed) is delayed and, during that delay, parent controller device (hciX) may be deleted. Since the latter may create a dangling pointer to freed parent, avoid that scenario by reparenting to NULL explicitly.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/6894717a1ea363c5a…
	https://git.kernel.org/stable/c/fb91ce37dc9a37ea2…
	https://git.kernel.org/stable/c/a9584c897d1cba626…
	https://git.kernel.org/stable/c/0f67ca2a80acf8b20…
	https://git.kernel.org/stable/c/de5a44f351ca7efd9…
	https://git.kernel.org/stable/c/91e2a2e4d13363338…
	https://git.kernel.org/stable/c/7b277bd569bb6a277…
	https://git.kernel.org/stable/c/27aabf27fd014ae03…

Impacted products

Vendor

Product

Version

Linux

Affected: 3c4236f1b2a715e878a06599fa8b0cc21f165d28 , < 6894717a1ea363c5a27010ba604f957c309d282d (git)
Affected: 53d61daf35b1bbf3ae06e852ee107aa2f05b3776 , < fb91ce37dc9a37ea23cf32b6d7b667004e93d4c5 (git)
Affected: ba7088769800d9892a7e4f35c3137a5b3e65410b , < a9584c897d1cba6265c78010bbb45ca5722c88bc (git)
Affected: 87624b1f9b781549e69f92db7ede012a21cec275 , < 0f67ca2a80acf8b207240405b7f72d660665d3df (git)
Affected: 56a4fdde95ed98d864611155f6728983e199e198 , < de5a44f351ca7efd9add9851b218f5353e2224b7 (git)
Affected: a85fb91e3d728bdfc80833167e8162cce8bc7004 , < 91e2a2e4d1336333804cd31162984f01ad8cc70f (git)
Affected: a85fb91e3d728bdfc80833167e8162cce8bc7004 , < 7b277bd569bb6a2777f0014f84b4344f444fd49d (git)
Affected: a85fb91e3d728bdfc80833167e8162cce8bc7004 , < 27aabf27fd014ae037cc179c61b0bee7cff55b3d (git)
Affected: 5c53afc766e07098429520b7677eaa164b593451 (git)
Affected: fc666d1b47518a18519241cae213de1babd4a4ba (git)

Linux

Affected: 6.7
Unaffected: 0 , < 6.7 (semver)
Unaffected: 5.4.297 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-53237",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T15:43:02.570092Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T15:45:25.655Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:48:05.216Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_sysfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6894717a1ea363c5a27010ba604f957c309d282d",
              "status": "affected",
              "version": "3c4236f1b2a715e878a06599fa8b0cc21f165d28",
              "versionType": "git"
            },
            {
              "lessThan": "fb91ce37dc9a37ea23cf32b6d7b667004e93d4c5",
              "status": "affected",
              "version": "53d61daf35b1bbf3ae06e852ee107aa2f05b3776",
              "versionType": "git"
            },
            {
              "lessThan": "a9584c897d1cba6265c78010bbb45ca5722c88bc",
              "status": "affected",
              "version": "ba7088769800d9892a7e4f35c3137a5b3e65410b",
              "versionType": "git"
            },
            {
              "lessThan": "0f67ca2a80acf8b207240405b7f72d660665d3df",
              "status": "affected",
              "version": "87624b1f9b781549e69f92db7ede012a21cec275",
              "versionType": "git"
            },
            {
              "lessThan": "de5a44f351ca7efd9add9851b218f5353e2224b7",
              "status": "affected",
              "version": "56a4fdde95ed98d864611155f6728983e199e198",
              "versionType": "git"
            },
            {
              "lessThan": "91e2a2e4d1336333804cd31162984f01ad8cc70f",
              "status": "affected",
              "version": "a85fb91e3d728bdfc80833167e8162cce8bc7004",
              "versionType": "git"
            },
            {
              "lessThan": "7b277bd569bb6a2777f0014f84b4344f444fd49d",
              "status": "affected",
              "version": "a85fb91e3d728bdfc80833167e8162cce8bc7004",
              "versionType": "git"
            },
            {
              "lessThan": "27aabf27fd014ae037cc179c61b0bee7cff55b3d",
              "status": "affected",
              "version": "a85fb91e3d728bdfc80833167e8162cce8bc7004",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "5c53afc766e07098429520b7677eaa164b593451",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "fc666d1b47518a18519241cae213de1babd4a4ba",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_sysfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.297",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.297",
                  "versionStartIncluding": "5.4.262",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "5.10.202",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.15.140",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "6.1.64",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "6.6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.300",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: fix use-after-free in device_for_each_child()\n\nSyzbot has reported the following KASAN splat:\n\nBUG: KASAN: slab-use-after-free in device_for_each_child+0x18f/0x1a0\nRead of size 8 at addr ffff88801f605308 by task kbnepd bnep0/4980\n\nCPU: 0 UID: 0 PID: 4980 Comm: kbnepd bnep0 Not tainted 6.12.0-rc4-00161-gae90f6a6170d #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x100/0x190\n ? device_for_each_child+0x18f/0x1a0\n print_report+0x13a/0x4cb\n ? __virt_addr_valid+0x5e/0x590\n ? __phys_addr+0xc6/0x150\n ? device_for_each_child+0x18f/0x1a0\n kasan_report+0xda/0x110\n ? device_for_each_child+0x18f/0x1a0\n ? __pfx_dev_memalloc_noio+0x10/0x10\n device_for_each_child+0x18f/0x1a0\n ? __pfx_device_for_each_child+0x10/0x10\n pm_runtime_set_memalloc_noio+0xf2/0x180\n netdev_unregister_kobject+0x1ed/0x270\n unregister_netdevice_many_notify+0x123c/0x1d80\n ? __mutex_trylock_common+0xde/0x250\n ? __pfx_unregister_netdevice_many_notify+0x10/0x10\n ? trace_contention_end+0xe6/0x140\n ? __mutex_lock+0x4e7/0x8f0\n ? __pfx_lock_acquire.part.0+0x10/0x10\n ? rcu_is_watching+0x12/0xc0\n ? unregister_netdev+0x12/0x30\n unregister_netdevice_queue+0x30d/0x3f0\n ? __pfx_unregister_netdevice_queue+0x10/0x10\n ? __pfx_down_write+0x10/0x10\n unregister_netdev+0x1c/0x30\n bnep_session+0x1fb3/0x2ab0\n ? __pfx_bnep_session+0x10/0x10\n ? __pfx_lock_release+0x10/0x10\n ? __pfx_woken_wake_function+0x10/0x10\n ? __kthread_parkme+0x132/0x200\n ? __pfx_bnep_session+0x10/0x10\n ? kthread+0x13a/0x370\n ? __pfx_bnep_session+0x10/0x10\n kthread+0x2b7/0x370\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x48/0x80\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 4974:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n __kmalloc_noprof+0x1d1/0x440\n hci_alloc_dev_priv+0x1d/0x2820\n __vhci_create_device+0xef/0x7d0\n vhci_write+0x2c7/0x480\n vfs_write+0x6a0/0xfc0\n ksys_write+0x12f/0x260\n do_syscall_64+0xc7/0x250\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 4979:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x4f/0x70\n kfree+0x141/0x490\n hci_release_dev+0x4d9/0x600\n bt_host_release+0x6a/0xb0\n device_release+0xa4/0x240\n kobject_put+0x1ec/0x5a0\n put_device+0x1f/0x30\n vhci_release+0x81/0xf0\n __fput+0x3f6/0xb30\n task_work_run+0x151/0x250\n do_exit+0xa79/0x2c30\n do_group_exit+0xd5/0x2a0\n get_signal+0x1fcd/0x2210\n arch_do_signal_or_restart+0x93/0x780\n syscall_exit_to_user_mode+0x140/0x290\n do_syscall_64+0xd4/0x250\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nIn \u0027hci_conn_del_sysfs()\u0027, \u0027device_unregister()\u0027 may be called when\nan underlying (kobject) reference counter is greater than 1. This\nmeans that reparenting (happened when the device is actually freed)\nis delayed and, during that delay, parent controller device (hciX)\nmay be deleted. Since the latter may create a dangling pointer to\nfreed parent, avoid that scenario by reparenting to NULL explicitly."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-28T14:42:43.417Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6894717a1ea363c5a27010ba604f957c309d282d"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb91ce37dc9a37ea23cf32b6d7b667004e93d4c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9584c897d1cba6265c78010bbb45ca5722c88bc"
        },
        {
          "url": "https://git.kernel.org/stable/c/0f67ca2a80acf8b207240405b7f72d660665d3df"
        },
        {
          "url": "https://git.kernel.org/stable/c/de5a44f351ca7efd9add9851b218f5353e2224b7"
        },
        {
          "url": "https://git.kernel.org/stable/c/91e2a2e4d1336333804cd31162984f01ad8cc70f"
        },
        {
          "url": "https://git.kernel.org/stable/c/7b277bd569bb6a2777f0014f84b4344f444fd49d"
        },
        {
          "url": "https://git.kernel.org/stable/c/27aabf27fd014ae037cc179c61b0bee7cff55b3d"
        }
      ],
      "title": "Bluetooth: fix use-after-free in device_for_each_child()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53237",
    "datePublished": "2024-12-27T13:50:23.150Z",
    "dateReserved": "2024-11-19T17:17:25.026Z",
    "dateUpdated": "2025-11-03T20:48:05.216Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-57929 (GCVE-0-2024-57929)

Vulnerability from cvelistv5 – Published: 2025-01-19 11:52 – Updated: 2025-11-03 20:55

Title

dm array: fix releasing a faulty array block twice in dm_array_cursor_end

Summary

In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a faulty array block twice in dm_array_cursor_end When dm_bm_read_lock() fails due to locking or checksum errors, it releases the faulty block implicitly while leaving an invalid output pointer behind. The caller of dm_bm_read_lock() should not operate on this invalid dm_block pointer, or it will lead to undefined result. For example, the dm_array_cursor incorrectly caches the invalid pointer on reading a faulty array block, causing a double release in dm_array_cursor_end(), then hitting the BUG_ON in dm-bufio cache_put(). Reproduce steps: 1. initialize a cache device dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc $262144" dd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" 2. wipe the second array block offline dmsteup remove cache cmeta cdata corig mapping_root=$(dd if=/dev/sdc bs=1c count=8 skip=192 \ 2>/dev/null | hexdump -e '1/8 "%u\n"') ablock=$(dd if=/dev/sdc bs=1c count=8 skip=$((4096*mapping_root+2056)) \ 2>/dev/null | hexdump -e '1/8 "%u\n"') dd if=/dev/zero of=/dev/sdc bs=4k count=1 seek=$ablock 3. try reopen the cache device dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc $262144" dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" Kernel logs: (snip) device-mapper: array: array_block_check failed: blocknr 0 != wanted 10 device-mapper: block manager: array validator check failed for block 10 device-mapper: array: get_ablock failed device-mapper: cache metadata: dm_array_cursor_next for mapping failed ------------[ cut here ]------------ kernel BUG at drivers/md/dm-bufio.c:638! Fix by setting the cached block pointer to NULL on errors. In addition to the reproducer described above, this fix can be verified using the "array_cursor/damaged" test in dm-unit: dm-unit run /pdata/array_cursor/damaged --kernel-dir <KERNEL_DIR>

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9c7c03d0e926762ad…
	https://git.kernel.org/stable/c/fc1ef07c3522e257e…
	https://git.kernel.org/stable/c/738994872d77e189b…
	https://git.kernel.org/stable/c/e477021d252c007f0…
	https://git.kernel.org/stable/c/6002bec5354f86d1a…
	https://git.kernel.org/stable/c/017c4470bff535853…
	https://git.kernel.org/stable/c/f2893c0804d86230f…

Impacted products

Vendor

Product

Version

Linux

Affected: fdd1315aa5f022fe6574efdc2d9535f75a0ee255 , < 9c7c03d0e926762adf3a3a0ba86156fb5e19538b (git)
Affected: fdd1315aa5f022fe6574efdc2d9535f75a0ee255 , < fc1ef07c3522e257e32702954f265debbcb096a7 (git)
Affected: fdd1315aa5f022fe6574efdc2d9535f75a0ee255 , < 738994872d77e189b2d13c501a1d145e95d98f46 (git)
Affected: fdd1315aa5f022fe6574efdc2d9535f75a0ee255 , < e477021d252c007f0c6d45b5d13d341efed03979 (git)
Affected: fdd1315aa5f022fe6574efdc2d9535f75a0ee255 , < 6002bec5354f86d1a2df21468f68e3ec03ede9da (git)
Affected: fdd1315aa5f022fe6574efdc2d9535f75a0ee255 , < 017c4470bff53585370028fec9341247bad358ff (git)
Affected: fdd1315aa5f022fe6574efdc2d9535f75a0ee255 , < f2893c0804d86230ffb8f1c8703fdbb18648abc8 (git)

Linux

Affected: 4.9
Unaffected: 0 , < 4.9 (semver)
Unaffected: 5.4.290 , ≤ 5.4.* (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.125 , ≤ 6.1.* (semver)
Unaffected: 6.6.72 , ≤ 6.6.* (semver)
Unaffected: 6.12.10 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:55:57.853Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/persistent-data/dm-array.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9c7c03d0e926762adf3a3a0ba86156fb5e19538b",
              "status": "affected",
              "version": "fdd1315aa5f022fe6574efdc2d9535f75a0ee255",
              "versionType": "git"
            },
            {
              "lessThan": "fc1ef07c3522e257e32702954f265debbcb096a7",
              "status": "affected",
              "version": "fdd1315aa5f022fe6574efdc2d9535f75a0ee255",
              "versionType": "git"
            },
            {
              "lessThan": "738994872d77e189b2d13c501a1d145e95d98f46",
              "status": "affected",
              "version": "fdd1315aa5f022fe6574efdc2d9535f75a0ee255",
              "versionType": "git"
            },
            {
              "lessThan": "e477021d252c007f0c6d45b5d13d341efed03979",
              "status": "affected",
              "version": "fdd1315aa5f022fe6574efdc2d9535f75a0ee255",
              "versionType": "git"
            },
            {
              "lessThan": "6002bec5354f86d1a2df21468f68e3ec03ede9da",
              "status": "affected",
              "version": "fdd1315aa5f022fe6574efdc2d9535f75a0ee255",
              "versionType": "git"
            },
            {
              "lessThan": "017c4470bff53585370028fec9341247bad358ff",
              "status": "affected",
              "version": "fdd1315aa5f022fe6574efdc2d9535f75a0ee255",
              "versionType": "git"
            },
            {
              "lessThan": "f2893c0804d86230ffb8f1c8703fdbb18648abc8",
              "status": "affected",
              "version": "fdd1315aa5f022fe6574efdc2d9535f75a0ee255",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/persistent-data/dm-array.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.9"
            },
            {
              "lessThan": "4.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.290",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.125",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.72",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.290",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.125",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.72",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.10",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm array: fix releasing a faulty array block twice in dm_array_cursor_end\n\nWhen dm_bm_read_lock() fails due to locking or checksum errors, it\nreleases the faulty block implicitly while leaving an invalid output\npointer behind. The caller of dm_bm_read_lock() should not operate on\nthis invalid dm_block pointer, or it will lead to undefined result.\nFor example, the dm_array_cursor incorrectly caches the invalid pointer\non reading a faulty array block, causing a double release in\ndm_array_cursor_end(), then hitting the BUG_ON in dm-bufio cache_put().\n\nReproduce steps:\n\n1. initialize a cache device\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc $262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1\ndmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\n\n2. wipe the second array block offline\n\ndmsteup remove cache cmeta cdata corig\nmapping_root=$(dd if=/dev/sdc bs=1c count=8 skip=192 \\\n2\u003e/dev/null | hexdump -e \u00271/8 \"%u\\n\"\u0027)\nablock=$(dd if=/dev/sdc bs=1c count=8 skip=$((4096*mapping_root+2056)) \\\n2\u003e/dev/null | hexdump -e \u00271/8 \"%u\\n\"\u0027)\ndd if=/dev/zero of=/dev/sdc bs=4k count=1 seek=$ablock\n\n3. try reopen the cache device\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc $262144\"\ndmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\n\nKernel logs:\n\n(snip)\ndevice-mapper: array: array_block_check failed: blocknr 0 != wanted 10\ndevice-mapper: block manager: array validator check failed for block 10\ndevice-mapper: array: get_ablock failed\ndevice-mapper: cache metadata: dm_array_cursor_next for mapping failed\n------------[ cut here ]------------\nkernel BUG at drivers/md/dm-bufio.c:638!\n\nFix by setting the cached block pointer to NULL on errors.\n\nIn addition to the reproducer described above, this fix can be\nverified using the \"array_cursor/damaged\" test in dm-unit:\n  dm-unit run /pdata/array_cursor/damaged --kernel-dir \u003cKERNEL_DIR\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:06:51.929Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9c7c03d0e926762adf3a3a0ba86156fb5e19538b"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc1ef07c3522e257e32702954f265debbcb096a7"
        },
        {
          "url": "https://git.kernel.org/stable/c/738994872d77e189b2d13c501a1d145e95d98f46"
        },
        {
          "url": "https://git.kernel.org/stable/c/e477021d252c007f0c6d45b5d13d341efed03979"
        },
        {
          "url": "https://git.kernel.org/stable/c/6002bec5354f86d1a2df21468f68e3ec03ede9da"
        },
        {
          "url": "https://git.kernel.org/stable/c/017c4470bff53585370028fec9341247bad358ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/f2893c0804d86230ffb8f1c8703fdbb18648abc8"
        }
      ],
      "title": "dm array: fix releasing a faulty array block twice in dm_array_cursor_end",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57929",
    "datePublished": "2025-01-19T11:52:46.096Z",
    "dateReserved": "2025-01-19T11:50:08.376Z",
    "dateUpdated": "2025-11-03T20:55:57.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47101 (GCVE-0-2021-47101)

Vulnerability from cvelistv5 – Published: 2024-03-04 18:10 – Updated: 2025-05-04 07:04

Title

asix: fix uninit-value in asix_mdio_read()

Summary

In the Linux kernel, the following vulnerability has been resolved: asix: fix uninit-value in asix_mdio_read() asix_read_cmd() may read less than sizeof(smsr) bytes and in this case smsr will be uninitialized. Fail log: BUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] BUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497 BUG: KMSAN: uninit-value in asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497 asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497 asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d259f621c85949f30…
	https://git.kernel.org/stable/c/8035b1a2a37a29d8c…

Impacted products

Vendor

Product

Version

Linux

Affected: d9fe64e511144c1ee7d7555b4111f09dde9692ef , < d259f621c85949f30cc578cac813b82bb5169f56 (git)
Affected: d9fe64e511144c1ee7d7555b4111f09dde9692ef , < 8035b1a2a37a29d8c717ef84fca8fe7278bc9f03 (git)

Linux

Affected: 4.9
Unaffected: 0 , < 4.9 (semver)
Unaffected: 5.15.12 , ≤ 5.15.* (semver)
Unaffected: 5.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47101",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-04T19:39:32.875993Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:05.793Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:24:39.894Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d259f621c85949f30cc578cac813b82bb5169f56"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8035b1a2a37a29d8c717ef84fca8fe7278bc9f03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/usb/asix_common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d259f621c85949f30cc578cac813b82bb5169f56",
              "status": "affected",
              "version": "d9fe64e511144c1ee7d7555b4111f09dde9692ef",
              "versionType": "git"
            },
            {
              "lessThan": "8035b1a2a37a29d8c717ef84fca8fe7278bc9f03",
              "status": "affected",
              "version": "d9fe64e511144c1ee7d7555b4111f09dde9692ef",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/usb/asix_common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.9"
            },
            {
              "lessThan": "4.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.12",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nasix: fix uninit-value in asix_mdio_read()\n\nasix_read_cmd() may read less than sizeof(smsr) bytes and in this case\nsmsr will be uninitialized.\n\nFail log:\nBUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline]\nBUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497\nBUG: KMSAN: uninit-value in asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497\n asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline]\n asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497\n asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:04:11.750Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d259f621c85949f30cc578cac813b82bb5169f56"
        },
        {
          "url": "https://git.kernel.org/stable/c/8035b1a2a37a29d8c717ef84fca8fe7278bc9f03"
        }
      ],
      "title": "asix: fix uninit-value in asix_mdio_read()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47101",
    "datePublished": "2024-03-04T18:10:54.117Z",
    "dateReserved": "2024-02-29T22:33:44.301Z",
    "dateUpdated": "2025-05-04T07:04:11.750Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-49974 (GCVE-0-2024-49974)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23

Title

NFSD: Limit the number of concurrent async COPY operations

Summary

In the Linux kernel, the following vulnerability has been resolved: NFSD: Limit the number of concurrent async COPY operations Nothing appears to limit the number of concurrent async COPY operations that clients can start. In addition, AFAICT each async COPY can copy an unlimited number of 4MB chunks, so can run for a long time. Thus IMO async COPY can become a DoS vector. Add a restriction mechanism that bounds the number of concurrent background COPY operations. Start simple and try to be fair -- this patch implements a per-namespace limit. An async COPY request that occurs while this limit is exceeded gets NFS4ERR_DELAY. The requesting client can choose to send the request again after a delay or fall back to a traditional read/write style copy. If there is need to make the mechanism more sophisticated, we can visit that in future patches.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9e52ff544e0bfa09e…
	https://git.kernel.org/stable/c/43e46ee5efc03990b…
	https://git.kernel.org/stable/c/7ea9260874b779637…
	https://git.kernel.org/stable/c/ae267989b7b7933df…
	https://git.kernel.org/stable/c/b4e21431a0db4854b…
	https://git.kernel.org/stable/c/6a488ad7745b8f646…
	https://git.kernel.org/stable/c/aadc3bbea163b6caa…

Impacted products

Vendor

Product

Version

Linux

Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < 9e52ff544e0bfa09ee339fd7b0937ee3c080c24e (git)
Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < 43e46ee5efc03990b223f7aa8b77aa9c3d3acfdf (git)
Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < 7ea9260874b779637aff6d24c344b8ef4ac862a0 (git)
Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < ae267989b7b7933dfedcd26468d0a88fc3a9da9e (git)
Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < b4e21431a0db4854b5023cd5af001be557e6c3db (git)
Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < 6a488ad7745b8f64625c6d3a24ce7e448e83f11b (git)
Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < aadc3bbea163b6caaaebfdd2b6c4667fbc726752 (git)

Linux

Affected: 4.20
Unaffected: 0 , < 4.20 (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.119 , ≤ 6.1.* (semver)
Unaffected: 6.6.63 , ≤ 6.6.* (semver)
Unaffected: 6.10.14 , ≤ 6.10.* (semver)
Unaffected: 6.11.3 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49974",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:33:23.238318Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:38:45.719Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:23:54.801Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/netns.h",
            "fs/nfsd/nfs4proc.c",
            "fs/nfsd/nfs4state.c",
            "fs/nfsd/xdr4.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9e52ff544e0bfa09ee339fd7b0937ee3c080c24e",
              "status": "affected",
              "version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
              "versionType": "git"
            },
            {
              "lessThan": "43e46ee5efc03990b223f7aa8b77aa9c3d3acfdf",
              "status": "affected",
              "version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
              "versionType": "git"
            },
            {
              "lessThan": "7ea9260874b779637aff6d24c344b8ef4ac862a0",
              "status": "affected",
              "version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
              "versionType": "git"
            },
            {
              "lessThan": "ae267989b7b7933dfedcd26468d0a88fc3a9da9e",
              "status": "affected",
              "version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
              "versionType": "git"
            },
            {
              "lessThan": "b4e21431a0db4854b5023cd5af001be557e6c3db",
              "status": "affected",
              "version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
              "versionType": "git"
            },
            {
              "lessThan": "6a488ad7745b8f64625c6d3a24ce7e448e83f11b",
              "status": "affected",
              "version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
              "versionType": "git"
            },
            {
              "lessThan": "aadc3bbea163b6caaaebfdd2b6c4667fbc726752",
              "status": "affected",
              "version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/netns.h",
            "fs/nfsd/nfs4proc.c",
            "fs/nfsd/nfs4state.c",
            "fs/nfsd/xdr4.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.119",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.63",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Limit the number of concurrent async COPY operations\n\nNothing appears to limit the number of concurrent async COPY\noperations that clients can start. In addition, AFAICT each async\nCOPY can copy an unlimited number of 4MB chunks, so can run for a\nlong time. Thus IMO async COPY can become a DoS vector.\n\nAdd a restriction mechanism that bounds the number of concurrent\nbackground COPY operations. Start simple and try to be fair -- this\npatch implements a per-namespace limit.\n\nAn async COPY request that occurs while this limit is exceeded gets\nNFS4ERR_DELAY. The requesting client can choose to send the request\nagain after a delay or fall back to a traditional read/write style\ncopy.\n\nIf there is need to make the mechanism more sophisticated, we can\nvisit that in future patches."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:13:33.931Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9e52ff544e0bfa09ee339fd7b0937ee3c080c24e"
        },
        {
          "url": "https://git.kernel.org/stable/c/43e46ee5efc03990b223f7aa8b77aa9c3d3acfdf"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ea9260874b779637aff6d24c344b8ef4ac862a0"
        },
        {
          "url": "https://git.kernel.org/stable/c/ae267989b7b7933dfedcd26468d0a88fc3a9da9e"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4e21431a0db4854b5023cd5af001be557e6c3db"
        },
        {
          "url": "https://git.kernel.org/stable/c/6a488ad7745b8f64625c6d3a24ce7e448e83f11b"
        },
        {
          "url": "https://git.kernel.org/stable/c/aadc3bbea163b6caaaebfdd2b6c4667fbc726752"
        }
      ],
      "title": "NFSD: Limit the number of concurrent async COPY operations",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49974",
    "datePublished": "2024-10-21T18:02:22.392Z",
    "dateReserved": "2024-10-21T12:17:06.052Z",
    "dateUpdated": "2025-11-03T22:23:54.801Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-57939 (GCVE-0-2024-57939)

Vulnerability from cvelistv5 – Published: 2025-01-21 12:18 – Updated: 2025-11-03 20:56

Title

riscv: Fix sleeping in invalid context in die()

Summary

In the Linux kernel, the following vulnerability has been resolved: riscv: Fix sleeping in invalid context in die() die() can be called in exception handler, and therefore cannot sleep. However, die() takes spinlock_t which can sleep with PREEMPT_RT enabled. That causes the following warning: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 285, name: mutex preempt_count: 110001, expected: 0 RCU nest depth: 0, expected: 0 CPU: 0 UID: 0 PID: 285 Comm: mutex Not tainted 6.12.0-rc7-00022-ge19049cf7d56-dirty #234 Hardware name: riscv-virtio,qemu (DT) Call Trace: dump_backtrace+0x1c/0x24 show_stack+0x2c/0x38 dump_stack_lvl+0x5a/0x72 dump_stack+0x14/0x1c __might_resched+0x130/0x13a rt_spin_lock+0x2a/0x5c die+0x24/0x112 do_trap_insn_illegal+0xa0/0xea _new_vmalloc_restore_context_a0+0xcc/0xd8 Oops - illegal instruction [#1] Switch to use raw_spinlock_t, which does not sleep even with PREEMPT_RT enabled.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8c38baa03ac8e1814…
	https://git.kernel.org/stable/c/10c24df2e303f517f…
	https://git.kernel.org/stable/c/c21df31fc2a4afc02…
	https://git.kernel.org/stable/c/f48f060a4b36b5e96…
	https://git.kernel.org/stable/c/76ab0afcdbe8c9685…
	https://git.kernel.org/stable/c/6a97f4118ac07cfdc…

Impacted products

Vendor

Product

Version

Linux

Affected: 76d2a0493a17d4c8ecc781366850c3c4f8e1a446 , < 8c38baa03ac8e18140faf36a3b955d30cad48e74 (git)
Affected: 76d2a0493a17d4c8ecc781366850c3c4f8e1a446 , < 10c24df2e303f517fab0359392c11b6b1d553f2b (git)
Affected: 76d2a0493a17d4c8ecc781366850c3c4f8e1a446 , < c21df31fc2a4afc02a6e56511364e9e793ea92ec (git)
Affected: 76d2a0493a17d4c8ecc781366850c3c4f8e1a446 , < f48f060a4b36b5e96628f6c3fb1540f1e8dedb69 (git)
Affected: 76d2a0493a17d4c8ecc781366850c3c4f8e1a446 , < 76ab0afcdbe8c9685b589016ee1c0e25fe596707 (git)
Affected: 76d2a0493a17d4c8ecc781366850c3c4f8e1a446 , < 6a97f4118ac07cfdc316433f385dbdc12af5025e (git)

Linux

Affected: 4.15
Unaffected: 0 , < 4.15 (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.125 , ≤ 6.1.* (semver)
Unaffected: 6.6.72 , ≤ 6.6.* (semver)
Unaffected: 6.12.10 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-57939",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:52:46.665901Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:13.873Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:56:06.960Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/riscv/kernel/traps.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8c38baa03ac8e18140faf36a3b955d30cad48e74",
              "status": "affected",
              "version": "76d2a0493a17d4c8ecc781366850c3c4f8e1a446",
              "versionType": "git"
            },
            {
              "lessThan": "10c24df2e303f517fab0359392c11b6b1d553f2b",
              "status": "affected",
              "version": "76d2a0493a17d4c8ecc781366850c3c4f8e1a446",
              "versionType": "git"
            },
            {
              "lessThan": "c21df31fc2a4afc02a6e56511364e9e793ea92ec",
              "status": "affected",
              "version": "76d2a0493a17d4c8ecc781366850c3c4f8e1a446",
              "versionType": "git"
            },
            {
              "lessThan": "f48f060a4b36b5e96628f6c3fb1540f1e8dedb69",
              "status": "affected",
              "version": "76d2a0493a17d4c8ecc781366850c3c4f8e1a446",
              "versionType": "git"
            },
            {
              "lessThan": "76ab0afcdbe8c9685b589016ee1c0e25fe596707",
              "status": "affected",
              "version": "76d2a0493a17d4c8ecc781366850c3c4f8e1a446",
              "versionType": "git"
            },
            {
              "lessThan": "6a97f4118ac07cfdc316433f385dbdc12af5025e",
              "status": "affected",
              "version": "76d2a0493a17d4c8ecc781366850c3c4f8e1a446",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/riscv/kernel/traps.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.125",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.72",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.125",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.72",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.10",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix sleeping in invalid context in die()\n\ndie() can be called in exception handler, and therefore cannot sleep.\nHowever, die() takes spinlock_t which can sleep with PREEMPT_RT enabled.\nThat causes the following warning:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 285, name: mutex\npreempt_count: 110001, expected: 0\nRCU nest depth: 0, expected: 0\nCPU: 0 UID: 0 PID: 285 Comm: mutex Not tainted 6.12.0-rc7-00022-ge19049cf7d56-dirty #234\nHardware name: riscv-virtio,qemu (DT)\nCall Trace:\n    dump_backtrace+0x1c/0x24\n    show_stack+0x2c/0x38\n    dump_stack_lvl+0x5a/0x72\n    dump_stack+0x14/0x1c\n    __might_resched+0x130/0x13a\n    rt_spin_lock+0x2a/0x5c\n    die+0x24/0x112\n    do_trap_insn_illegal+0xa0/0xea\n    _new_vmalloc_restore_context_a0+0xcc/0xd8\nOops - illegal instruction [#1]\n\nSwitch to use raw_spinlock_t, which does not sleep even with PREEMPT_RT\nenabled."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:07:05.839Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8c38baa03ac8e18140faf36a3b955d30cad48e74"
        },
        {
          "url": "https://git.kernel.org/stable/c/10c24df2e303f517fab0359392c11b6b1d553f2b"
        },
        {
          "url": "https://git.kernel.org/stable/c/c21df31fc2a4afc02a6e56511364e9e793ea92ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/f48f060a4b36b5e96628f6c3fb1540f1e8dedb69"
        },
        {
          "url": "https://git.kernel.org/stable/c/76ab0afcdbe8c9685b589016ee1c0e25fe596707"
        },
        {
          "url": "https://git.kernel.org/stable/c/6a97f4118ac07cfdc316433f385dbdc12af5025e"
        }
      ],
      "title": "riscv: Fix sleeping in invalid context in die()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57939",
    "datePublished": "2025-01-21T12:18:08.433Z",
    "dateReserved": "2025-01-19T11:50:08.378Z",
    "dateUpdated": "2025-11-03T20:56:06.960Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56531 (GCVE-0-2024-56531)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:11 – Updated: 2025-11-03 20:49

Title

ALSA: caiaq: Use snd_card_free_when_closed() at disconnection

Summary

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Use snd_card_free_when_closed() at disconnection The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup. An easy workaround is to replace snd_card_free() with snd_card_free_when_closed(). This variant returns immediately while the release of resources is done asynchronously by the card device release at the last close. This patch also splits the code to the disconnect and the free phases; the former is called immediately at the USB disconnect callback while the latter is called from the card destructor.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-667 - Improper Locking

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3993edf44d3df7b6e…
	https://git.kernel.org/stable/c/ebad462eec93b0f70…
	https://git.kernel.org/stable/c/4dd821dcbfcecf7af…
	https://git.kernel.org/stable/c/cadf1d8e9ddcd7458…
	https://git.kernel.org/stable/c/237f3faf0177bdde7…
	https://git.kernel.org/stable/c/4507a8b9b30344c5d…
	https://git.kernel.org/stable/c/dd0de8cb708951ceb…
	https://git.kernel.org/stable/c/a3f9314752dbb6f6a…
	https://git.kernel.org/stable/c/b04dcbb7f7b190880…

Impacted products

Vendor

Product

Version

Linux

Affected: 523f1dce37434a9a6623bf46e7893e2b4b10ac3c , < 3993edf44d3df7b6e8c753eac6ac8783473fcbab (git)
Affected: 523f1dce37434a9a6623bf46e7893e2b4b10ac3c , < ebad462eec93b0f701dfe4de98990e7355283801 (git)
Affected: 523f1dce37434a9a6623bf46e7893e2b4b10ac3c , < 4dd821dcbfcecf7af6a08370b0b217cde2818acf (git)
Affected: 523f1dce37434a9a6623bf46e7893e2b4b10ac3c , < cadf1d8e9ddcd74584ec961aeac14ac549b261d8 (git)
Affected: 523f1dce37434a9a6623bf46e7893e2b4b10ac3c , < 237f3faf0177bdde728fa3106d730d806436aa4d (git)
Affected: 523f1dce37434a9a6623bf46e7893e2b4b10ac3c , < 4507a8b9b30344c5ddd8219945f446d47e966a6d (git)
Affected: 523f1dce37434a9a6623bf46e7893e2b4b10ac3c , < dd0de8cb708951cebf727aa045e8242ba651bb52 (git)
Affected: 523f1dce37434a9a6623bf46e7893e2b4b10ac3c , < a3f9314752dbb6f6aa1f0f2b4c58243bda800738 (git)
Affected: 523f1dce37434a9a6623bf46e7893e2b4b10ac3c , < b04dcbb7f7b1908806b7dc22671cdbe78ff2b82c (git)

Linux

Affected: 2.6.22
Unaffected: 0 , < 2.6.22 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56531",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:02:52.447796Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-667",
                "description": "CWE-667 Improper Locking",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:17.750Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:49:10.948Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/usb/caiaq/audio.c",
            "sound/usb/caiaq/audio.h",
            "sound/usb/caiaq/device.c",
            "sound/usb/caiaq/input.c",
            "sound/usb/caiaq/input.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3993edf44d3df7b6e8c753eac6ac8783473fcbab",
              "status": "affected",
              "version": "523f1dce37434a9a6623bf46e7893e2b4b10ac3c",
              "versionType": "git"
            },
            {
              "lessThan": "ebad462eec93b0f701dfe4de98990e7355283801",
              "status": "affected",
              "version": "523f1dce37434a9a6623bf46e7893e2b4b10ac3c",
              "versionType": "git"
            },
            {
              "lessThan": "4dd821dcbfcecf7af6a08370b0b217cde2818acf",
              "status": "affected",
              "version": "523f1dce37434a9a6623bf46e7893e2b4b10ac3c",
              "versionType": "git"
            },
            {
              "lessThan": "cadf1d8e9ddcd74584ec961aeac14ac549b261d8",
              "status": "affected",
              "version": "523f1dce37434a9a6623bf46e7893e2b4b10ac3c",
              "versionType": "git"
            },
            {
              "lessThan": "237f3faf0177bdde728fa3106d730d806436aa4d",
              "status": "affected",
              "version": "523f1dce37434a9a6623bf46e7893e2b4b10ac3c",
              "versionType": "git"
            },
            {
              "lessThan": "4507a8b9b30344c5ddd8219945f446d47e966a6d",
              "status": "affected",
              "version": "523f1dce37434a9a6623bf46e7893e2b4b10ac3c",
              "versionType": "git"
            },
            {
              "lessThan": "dd0de8cb708951cebf727aa045e8242ba651bb52",
              "status": "affected",
              "version": "523f1dce37434a9a6623bf46e7893e2b4b10ac3c",
              "versionType": "git"
            },
            {
              "lessThan": "a3f9314752dbb6f6aa1f0f2b4c58243bda800738",
              "status": "affected",
              "version": "523f1dce37434a9a6623bf46e7893e2b4b10ac3c",
              "versionType": "git"
            },
            {
              "lessThan": "b04dcbb7f7b1908806b7dc22671cdbe78ff2b82c",
              "status": "affected",
              "version": "523f1dce37434a9a6623bf46e7893e2b4b10ac3c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/usb/caiaq/audio.c",
            "sound/usb/caiaq/audio.h",
            "sound/usb/caiaq/device.c",
            "sound/usb/caiaq/input.c",
            "sound/usb/caiaq/input.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.22"
            },
            {
              "lessThan": "2.6.22",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: caiaq: Use snd_card_free_when_closed() at disconnection\n\nThe USB disconnect callback is supposed to be short and not too-long\nwaiting.  OTOH, the current code uses snd_card_free() at\ndisconnection, but this waits for the close of all used fds, hence it\ncan take long.  It eventually blocks the upper layer USB ioctls, which\nmay trigger a soft lockup.\n\nAn easy workaround is to replace snd_card_free() with\nsnd_card_free_when_closed().  This variant returns immediately while\nthe release of resources is done asynchronously by the card device\nrelease at the last close.\n\nThis patch also splits the code to the disconnect and the free phases;\nthe former is called immediately at the USB disconnect callback while\nthe latter is called from the card destructor."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:57:26.124Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3993edf44d3df7b6e8c753eac6ac8783473fcbab"
        },
        {
          "url": "https://git.kernel.org/stable/c/ebad462eec93b0f701dfe4de98990e7355283801"
        },
        {
          "url": "https://git.kernel.org/stable/c/4dd821dcbfcecf7af6a08370b0b217cde2818acf"
        },
        {
          "url": "https://git.kernel.org/stable/c/cadf1d8e9ddcd74584ec961aeac14ac549b261d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/237f3faf0177bdde728fa3106d730d806436aa4d"
        },
        {
          "url": "https://git.kernel.org/stable/c/4507a8b9b30344c5ddd8219945f446d47e966a6d"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd0de8cb708951cebf727aa045e8242ba651bb52"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3f9314752dbb6f6aa1f0f2b4c58243bda800738"
        },
        {
          "url": "https://git.kernel.org/stable/c/b04dcbb7f7b1908806b7dc22671cdbe78ff2b82c"
        }
      ],
      "title": "ALSA: caiaq: Use snd_card_free_when_closed() at disconnection",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56531",
    "datePublished": "2024-12-27T14:11:14.161Z",
    "dateReserved": "2024-12-27T14:03:05.984Z",
    "dateUpdated": "2025-11-03T20:49:10.948Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21700 (GCVE-0-2025-21700)

Vulnerability from cvelistv5 – Published: 2025-02-13 11:30 – Updated: 2025-11-03 19:35

Title

net: sched: Disallow replacing of child qdisc from one parent to another

Summary

In the Linux kernel, the following vulnerability has been resolved: net: sched: Disallow replacing of child qdisc from one parent to another Lion Ackermann was able to create a UAF which can be abused for privilege escalation with the following script Step 1. create root qdisc tc qdisc add dev lo root handle 1:0 drr step2. a class for packet aggregation do demonstrate uaf tc class add dev lo classid 1:1 drr step3. a class for nesting tc class add dev lo classid 1:2 drr step4. a class to graft qdisc to tc class add dev lo classid 1:3 drr step5. tc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024 step6. tc qdisc add dev lo parent 1:2 handle 3:0 drr step7. tc class add dev lo classid 3:1 drr step 8. tc qdisc add dev lo parent 3:1 handle 4:0 pfifo step 9. Display the class/qdisc layout tc class ls dev lo class drr 1:1 root leaf 2: quantum 64Kb class drr 1:2 root leaf 3: quantum 64Kb class drr 3:1 root leaf 4: quantum 64Kb tc qdisc ls qdisc drr 1: dev lo root refcnt 2 qdisc plug 2: dev lo parent 1:1 qdisc pfifo 4: dev lo parent 3:1 limit 1000p qdisc drr 3: dev lo parent 1:2 step10. trigger the bug <=== prevented by this patch tc qdisc replace dev lo parent 1:3 handle 4:0 step 11. Redisplay again the qdiscs/classes tc class ls dev lo class drr 1:1 root leaf 2: quantum 64Kb class drr 1:2 root leaf 3: quantum 64Kb class drr 1:3 root leaf 4: quantum 64Kb class drr 3:1 root leaf 4: quantum 64Kb tc qdisc ls qdisc drr 1: dev lo root refcnt 2 qdisc plug 2: dev lo parent 1:1 qdisc pfifo 4: dev lo parent 3:1 refcnt 2 limit 1000p qdisc drr 3: dev lo parent 1:2 Observe that a) parent for 4:0 does not change despite the replace request. There can only be one parent. b) refcount has gone up by two for 4:0 and c) both class 1:3 and 3:1 are pointing to it. Step 12. send one packet to plug echo "" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10001)) step13. send one packet to the grafted fifo echo "" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10003)) step14. lets trigger the uaf tc class delete dev lo classid 1:3 tc class delete dev lo classid 1:1 The semantics of "replace" is for a del/add _on the same node_ and not a delete from one node(3:1) and add to another node (1:3) as in step10. While we could "fix" with a more complex approach there could be consequences to expectations so the patch takes the preventive approach of "disallow such config". Joint work with Lion Ackermann <nnamrec@gmail.com>

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/cd796e269123e1994…
	https://git.kernel.org/stable/c/fe18c21d67dc7d1bc…
	https://git.kernel.org/stable/c/38646749d6e12f9d8…
	https://git.kernel.org/stable/c/deda09c0543a66fa5…
	https://git.kernel.org/stable/c/7e2bd8c13b07e29a2…
	https://git.kernel.org/stable/c/73c7e1d6898ccbeee…
	https://git.kernel.org/stable/c/46c59ec33ec98aba2…
	https://git.kernel.org/stable/c/bc50835e83f60f56e…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < cd796e269123e1994bfc4e99dd76680ba0946a97 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < fe18c21d67dc7d1bcce1bba56515b1b0306db19b (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 38646749d6e12f9d80a08d21ca39f0beca20230d (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < deda09c0543a66fa51554abc5ffd723d99b191bf (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7e2bd8c13b07e29a247c023c7444df23f9a79fd8 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 73c7e1d6898ccbeee126194dcc05f58b8a795e70 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 46c59ec33ec98aba20c15117630cae43a01404cc (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < bc50835e83f60f56e9bec2b392fb5544f250fb6f (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 5.4.291 , ≤ 5.4.* (semver)
Unaffected: 5.10.235 , ≤ 5.10.* (semver)
Unaffected: 5.15.179 , ≤ 5.15.* (semver)
Unaffected: 6.1.129 , ≤ 6.1.* (semver)
Unaffected: 6.6.76 , ≤ 6.6.* (semver)
Unaffected: 6.12.13 , ≤ 6.12.* (semver)
Unaffected: 6.13.2 , ≤ 6.13.* (semver)
Unaffected: 6.14 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-21700",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T13:51:43.457867Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-13T13:51:59.562Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:35:46.524Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cd796e269123e1994bfc4e99dd76680ba0946a97",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fe18c21d67dc7d1bcce1bba56515b1b0306db19b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "38646749d6e12f9d80a08d21ca39f0beca20230d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "deda09c0543a66fa51554abc5ffd723d99b191bf",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "7e2bd8c13b07e29a247c023c7444df23f9a79fd8",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "73c7e1d6898ccbeee126194dcc05f58b8a795e70",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "46c59ec33ec98aba20c15117630cae43a01404cc",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "bc50835e83f60f56e9bec2b392fb5544f250fb6f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.291",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.179",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.129",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.76",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.291",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.235",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.179",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.129",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.76",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.13",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.2",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: Disallow replacing of child qdisc from one parent to another\n\nLion Ackermann was able to create a UAF which can be abused for privilege\nescalation with the following script\n\nStep 1. create root qdisc\ntc qdisc add dev lo root handle 1:0 drr\n\nstep2. a class for packet aggregation do demonstrate uaf\ntc class add dev lo classid 1:1 drr\n\nstep3. a class for nesting\ntc class add dev lo classid 1:2 drr\n\nstep4. a class to graft qdisc to\ntc class add dev lo classid 1:3 drr\n\nstep5.\ntc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024\n\nstep6.\ntc qdisc add dev lo parent 1:2 handle 3:0 drr\n\nstep7.\ntc class add dev lo classid 3:1 drr\n\nstep 8.\ntc qdisc add dev lo parent 3:1 handle 4:0 pfifo\n\nstep 9. Display the class/qdisc layout\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nstep10. trigger the bug \u003c=== prevented by this patch\ntc qdisc replace dev lo parent 1:3 handle 4:0\n\nstep 11. Redisplay again the qdiscs/classes\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 1:3 root leaf 4: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 refcnt 2 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nObserve that a) parent for 4:0 does not change despite the replace request.\nThere can only be one parent.  b) refcount has gone up by two for 4:0 and\nc) both class 1:3 and 3:1 are pointing to it.\n\nStep 12.  send one packet to plug\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10001))\nstep13.  send one packet to the grafted fifo\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10003))\n\nstep14. lets trigger the uaf\ntc class delete dev lo classid 1:3\ntc class delete dev lo classid 1:1\n\nThe semantics of \"replace\" is for a del/add _on the same node_ and not\na delete from one node(3:1) and add to another node (1:3) as in step10.\nWhile we could \"fix\" with a more complex approach there could be\nconsequences to expectations so the patch takes the preventive approach of\n\"disallow such config\".\n\nJoint work with Lion Ackermann \u003cnnamrec@gmail.com\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:19:16.975Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cd796e269123e1994bfc4e99dd76680ba0946a97"
        },
        {
          "url": "https://git.kernel.org/stable/c/fe18c21d67dc7d1bcce1bba56515b1b0306db19b"
        },
        {
          "url": "https://git.kernel.org/stable/c/38646749d6e12f9d80a08d21ca39f0beca20230d"
        },
        {
          "url": "https://git.kernel.org/stable/c/deda09c0543a66fa51554abc5ffd723d99b191bf"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e2bd8c13b07e29a247c023c7444df23f9a79fd8"
        },
        {
          "url": "https://git.kernel.org/stable/c/73c7e1d6898ccbeee126194dcc05f58b8a795e70"
        },
        {
          "url": "https://git.kernel.org/stable/c/46c59ec33ec98aba20c15117630cae43a01404cc"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc50835e83f60f56e9bec2b392fb5544f250fb6f"
        }
      ],
      "title": "net: sched: Disallow replacing of child qdisc from one parent to another",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21700",
    "datePublished": "2025-02-13T11:30:19.003Z",
    "dateReserved": "2024-12-29T08:45:45.748Z",
    "dateUpdated": "2025-11-03T19:35:46.524Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56643 (GCVE-0-2024-56643)

Vulnerability from cvelistv5 – Published: 2024-12-27 15:02 – Updated: 2025-11-03 20:51

Title

dccp: Fix memory leak in dccp_feat_change_recv

Summary

In the Linux kernel, the following vulnerability has been resolved: dccp: Fix memory leak in dccp_feat_change_recv If dccp_feat_push_confirm() fails after new value for SP feature was accepted without reconciliation ('entry == NULL' branch), memory allocated for that value with dccp_feat_clone_sp_val() is never freed. Here is the kmemleak stack for this: unreferenced object 0xffff88801d4ab488 (size 8): comm "syz-executor310", pid 1127, jiffies 4295085598 (age 41.666s) hex dump (first 8 bytes): 01 b4 4a 1d 80 88 ff ff ..J..... backtrace: [<00000000db7cabfe>] kmemdup+0x23/0x50 mm/util.c:128 [<0000000019b38405>] kmemdup include/linux/string.h:465 [inline] [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:371 [inline] [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:367 [inline] [<0000000019b38405>] dccp_feat_change_recv net/dccp/feat.c:1145 [inline] [<0000000019b38405>] dccp_feat_parse_options+0x1196/0x2180 net/dccp/feat.c:1416 [<00000000b1f6d94a>] dccp_parse_options+0xa2a/0x1260 net/dccp/options.c:125 [<0000000030d7b621>] dccp_rcv_state_process+0x197/0x13d0 net/dccp/input.c:650 [<000000001f74c72e>] dccp_v4_do_rcv+0xf9/0x1a0 net/dccp/ipv4.c:688 [<00000000a6c24128>] sk_backlog_rcv include/net/sock.h:1041 [inline] [<00000000a6c24128>] __release_sock+0x139/0x3b0 net/core/sock.c:2570 [<00000000cf1f3a53>] release_sock+0x54/0x1b0 net/core/sock.c:3111 [<000000008422fa23>] inet_wait_for_connect net/ipv4/af_inet.c:603 [inline] [<000000008422fa23>] __inet_stream_connect+0x5d0/0xf70 net/ipv4/af_inet.c:696 [<0000000015b6f64d>] inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:735 [<0000000010122488>] __sys_connect_file+0x15c/0x1a0 net/socket.c:1865 [<00000000b4b70023>] __sys_connect+0x165/0x1a0 net/socket.c:1882 [<00000000f4cb3815>] __do_sys_connect net/socket.c:1892 [inline] [<00000000f4cb3815>] __se_sys_connect net/socket.c:1889 [inline] [<00000000f4cb3815>] __x64_sys_connect+0x6e/0xb0 net/socket.c:1889 [<00000000e7b1e839>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 [<0000000055e91434>] entry_SYSCALL_64_after_hwframe+0x67/0xd1 Clean up the allocated memory in case of dccp_feat_push_confirm() failure and bail out with an error reset code. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Severity ?

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-401 - Missing Release of Memory after Effective Lifetime

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/623be080ab3c13d71…
	https://git.kernel.org/stable/c/c99507fff94b926fc…
	https://git.kernel.org/stable/c/bc3d4423def1a9412…
	https://git.kernel.org/stable/c/6ff67909ee2ffad91…
	https://git.kernel.org/stable/c/d3ec686a369fae503…
	https://git.kernel.org/stable/c/9ee68b0f23706a77f…
	https://git.kernel.org/stable/c/22be4727a8f898442…

Impacted products

Vendor

Product

Version

Linux

Affected: e77b8363b2ea7c0d89919547c1a8b0562f298b57 , < 623be080ab3c13d71570bd32f7202a8efa8e2252 (git)
Affected: e77b8363b2ea7c0d89919547c1a8b0562f298b57 , < c99507fff94b926fc92279c92d80f229c91cb85d (git)
Affected: e77b8363b2ea7c0d89919547c1a8b0562f298b57 , < bc3d4423def1a9412a0ae454cb4477089ab79276 (git)
Affected: e77b8363b2ea7c0d89919547c1a8b0562f298b57 , < 6ff67909ee2ffad911e3122616df41dee23ff4f6 (git)
Affected: e77b8363b2ea7c0d89919547c1a8b0562f298b57 , < d3ec686a369fae5034303061f003cd3f94ddfd23 (git)
Affected: e77b8363b2ea7c0d89919547c1a8b0562f298b57 , < 9ee68b0f23706a77f53c832457b9384178b76421 (git)
Affected: e77b8363b2ea7c0d89919547c1a8b0562f298b57 , < 22be4727a8f898442066bcac34f8a1ad0bc72e14 (git)

Linux

Affected: 2.6.29
Unaffected: 0 , < 2.6.29 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "LOW",
              "baseScore": 3.3,
              "baseSeverity": "LOW",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56643",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-17T20:10:38.316606Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-401",
                "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-17T20:15:52.853Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:51:45.595Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/dccp/feat.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "623be080ab3c13d71570bd32f7202a8efa8e2252",
              "status": "affected",
              "version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57",
              "versionType": "git"
            },
            {
              "lessThan": "c99507fff94b926fc92279c92d80f229c91cb85d",
              "status": "affected",
              "version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57",
              "versionType": "git"
            },
            {
              "lessThan": "bc3d4423def1a9412a0ae454cb4477089ab79276",
              "status": "affected",
              "version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57",
              "versionType": "git"
            },
            {
              "lessThan": "6ff67909ee2ffad911e3122616df41dee23ff4f6",
              "status": "affected",
              "version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57",
              "versionType": "git"
            },
            {
              "lessThan": "d3ec686a369fae5034303061f003cd3f94ddfd23",
              "status": "affected",
              "version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57",
              "versionType": "git"
            },
            {
              "lessThan": "9ee68b0f23706a77f53c832457b9384178b76421",
              "status": "affected",
              "version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57",
              "versionType": "git"
            },
            {
              "lessThan": "22be4727a8f898442066bcac34f8a1ad0bc72e14",
              "status": "affected",
              "version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/dccp/feat.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.29"
            },
            {
              "lessThan": "2.6.29",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndccp: Fix memory leak in dccp_feat_change_recv\n\nIf dccp_feat_push_confirm() fails after new value for SP feature was accepted\nwithout reconciliation (\u0027entry == NULL\u0027 branch), memory allocated for that value\nwith dccp_feat_clone_sp_val() is never freed.\n\nHere is the kmemleak stack for this:\n\nunreferenced object 0xffff88801d4ab488 (size 8):\n  comm \"syz-executor310\", pid 1127, jiffies 4295085598 (age 41.666s)\n  hex dump (first 8 bytes):\n    01 b4 4a 1d 80 88 ff ff                          ..J.....\n  backtrace:\n    [\u003c00000000db7cabfe\u003e] kmemdup+0x23/0x50 mm/util.c:128\n    [\u003c0000000019b38405\u003e] kmemdup include/linux/string.h:465 [inline]\n    [\u003c0000000019b38405\u003e] dccp_feat_clone_sp_val net/dccp/feat.c:371 [inline]\n    [\u003c0000000019b38405\u003e] dccp_feat_clone_sp_val net/dccp/feat.c:367 [inline]\n    [\u003c0000000019b38405\u003e] dccp_feat_change_recv net/dccp/feat.c:1145 [inline]\n    [\u003c0000000019b38405\u003e] dccp_feat_parse_options+0x1196/0x2180 net/dccp/feat.c:1416\n    [\u003c00000000b1f6d94a\u003e] dccp_parse_options+0xa2a/0x1260 net/dccp/options.c:125\n    [\u003c0000000030d7b621\u003e] dccp_rcv_state_process+0x197/0x13d0 net/dccp/input.c:650\n    [\u003c000000001f74c72e\u003e] dccp_v4_do_rcv+0xf9/0x1a0 net/dccp/ipv4.c:688\n    [\u003c00000000a6c24128\u003e] sk_backlog_rcv include/net/sock.h:1041 [inline]\n    [\u003c00000000a6c24128\u003e] __release_sock+0x139/0x3b0 net/core/sock.c:2570\n    [\u003c00000000cf1f3a53\u003e] release_sock+0x54/0x1b0 net/core/sock.c:3111\n    [\u003c000000008422fa23\u003e] inet_wait_for_connect net/ipv4/af_inet.c:603 [inline]\n    [\u003c000000008422fa23\u003e] __inet_stream_connect+0x5d0/0xf70 net/ipv4/af_inet.c:696\n    [\u003c0000000015b6f64d\u003e] inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:735\n    [\u003c0000000010122488\u003e] __sys_connect_file+0x15c/0x1a0 net/socket.c:1865\n    [\u003c00000000b4b70023\u003e] __sys_connect+0x165/0x1a0 net/socket.c:1882\n    [\u003c00000000f4cb3815\u003e] __do_sys_connect net/socket.c:1892 [inline]\n    [\u003c00000000f4cb3815\u003e] __se_sys_connect net/socket.c:1889 [inline]\n    [\u003c00000000f4cb3815\u003e] __x64_sys_connect+0x6e/0xb0 net/socket.c:1889\n    [\u003c00000000e7b1e839\u003e] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n    [\u003c0000000055e91434\u003e] entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nClean up the allocated memory in case of dccp_feat_push_confirm() failure\nand bail out with an error reset code.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:00:51.915Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/623be080ab3c13d71570bd32f7202a8efa8e2252"
        },
        {
          "url": "https://git.kernel.org/stable/c/c99507fff94b926fc92279c92d80f229c91cb85d"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc3d4423def1a9412a0ae454cb4477089ab79276"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ff67909ee2ffad911e3122616df41dee23ff4f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3ec686a369fae5034303061f003cd3f94ddfd23"
        },
        {
          "url": "https://git.kernel.org/stable/c/9ee68b0f23706a77f53c832457b9384178b76421"
        },
        {
          "url": "https://git.kernel.org/stable/c/22be4727a8f898442066bcac34f8a1ad0bc72e14"
        }
      ],
      "title": "dccp: Fix memory leak in dccp_feat_change_recv",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56643",
    "datePublished": "2024-12-27T15:02:44.492Z",
    "dateReserved": "2024-12-27T15:00:39.840Z",
    "dateUpdated": "2025-11-03T20:51:45.595Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49950 (GCVE-0-2024-49950)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-03 22:23

Title

Bluetooth: L2CAP: Fix uaf in l2cap_connect

Summary

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix uaf in l2cap_connect [Syzbot reported] BUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949 Read of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54 CPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Workqueue: hci2 hci_rx_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc3/0x620 mm/kasan/report.c:488 kasan_report+0xd9/0x110 mm/kasan/report.c:601 l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949 l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline] l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline] l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline] l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825 l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514 hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline] hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231 process_scheduled_works kernel/workqueue.c:3312 [inline] worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 ... Freed by task 5245: kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579 poison_slab_object+0xf7/0x160 mm/kasan/common.c:240 __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2256 [inline] slab_free mm/slub.c:4477 [inline] kfree+0x12a/0x3b0 mm/slub.c:4598 l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline] kref_put include/linux/kref.h:65 [inline] l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline] l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802 l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241 hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline] hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265 hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583 abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917 hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231 process_scheduled_works kernel/workqueue.c:3312 [inline] worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/686e05c9dbd68766c…
	https://git.kernel.org/stable/c/b22346eec479a30bf…
	https://git.kernel.org/stable/c/b90907696c30172b8…
	https://git.kernel.org/stable/c/78d30ce16fdf9c301…
	https://git.kernel.org/stable/c/a1c6174e23df10b8e…
	https://git.kernel.org/stable/c/333b4fd11e89b29c8…

Impacted products

Vendor

Product

Version

Linux

Affected: 7b064edae38d62d8587a8c574f93b53ce75ae749 , < 686e05c9dbd68766c6bda5f31f7e077f36a7fb29 (git)
Affected: 7b064edae38d62d8587a8c574f93b53ce75ae749 , < b22346eec479a30bfa4a02ad2c551b54809694d0 (git)
Affected: 7b064edae38d62d8587a8c574f93b53ce75ae749 , < b90907696c30172b809aa3dd2f0caffae761e4c6 (git)
Affected: 7b064edae38d62d8587a8c574f93b53ce75ae749 , < 78d30ce16fdf9c301bcd8b83ce613cea079cea83 (git)
Affected: 7b064edae38d62d8587a8c574f93b53ce75ae749 , < a1c6174e23df10b8e5770e82d63bc6e2118a3dc7 (git)
Affected: 7b064edae38d62d8587a8c574f93b53ce75ae749 , < 333b4fd11e89b29c84c269123f871883a30be586 (git)

Linux

Affected: 3.8
Unaffected: 0 , < 3.8 (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.118 , ≤ 6.1.* (semver)
Unaffected: 6.6.55 , ≤ 6.6.* (semver)
Unaffected: 6.10.14 , ≤ 6.10.* (semver)
Unaffected: 6.11.3 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49950",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:36:31.459862Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:38:49.238Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:23:30.897Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_core.c",
            "net/bluetooth/hci_event.c",
            "net/bluetooth/l2cap_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "686e05c9dbd68766c6bda5f31f7e077f36a7fb29",
              "status": "affected",
              "version": "7b064edae38d62d8587a8c574f93b53ce75ae749",
              "versionType": "git"
            },
            {
              "lessThan": "b22346eec479a30bfa4a02ad2c551b54809694d0",
              "status": "affected",
              "version": "7b064edae38d62d8587a8c574f93b53ce75ae749",
              "versionType": "git"
            },
            {
              "lessThan": "b90907696c30172b809aa3dd2f0caffae761e4c6",
              "status": "affected",
              "version": "7b064edae38d62d8587a8c574f93b53ce75ae749",
              "versionType": "git"
            },
            {
              "lessThan": "78d30ce16fdf9c301bcd8b83ce613cea079cea83",
              "status": "affected",
              "version": "7b064edae38d62d8587a8c574f93b53ce75ae749",
              "versionType": "git"
            },
            {
              "lessThan": "a1c6174e23df10b8e5770e82d63bc6e2118a3dc7",
              "status": "affected",
              "version": "7b064edae38d62d8587a8c574f93b53ce75ae749",
              "versionType": "git"
            },
            {
              "lessThan": "333b4fd11e89b29c84c269123f871883a30be586",
              "status": "affected",
              "version": "7b064edae38d62d8587a8c574f93b53ce75ae749",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_core.c",
            "net/bluetooth/hci_event.c",
            "net/bluetooth/l2cap_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.8"
            },
            {
              "lessThan": "3.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.118",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.118",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:42:09.368Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/686e05c9dbd68766c6bda5f31f7e077f36a7fb29"
        },
        {
          "url": "https://git.kernel.org/stable/c/b22346eec479a30bfa4a02ad2c551b54809694d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/b90907696c30172b809aa3dd2f0caffae761e4c6"
        },
        {
          "url": "https://git.kernel.org/stable/c/78d30ce16fdf9c301bcd8b83ce613cea079cea83"
        },
        {
          "url": "https://git.kernel.org/stable/c/a1c6174e23df10b8e5770e82d63bc6e2118a3dc7"
        },
        {
          "url": "https://git.kernel.org/stable/c/333b4fd11e89b29c84c269123f871883a30be586"
        }
      ],
      "title": "Bluetooth: L2CAP: Fix uaf in l2cap_connect",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49950",
    "datePublished": "2024-10-21T18:02:06.387Z",
    "dateReserved": "2024-10-21T12:17:06.046Z",
    "dateUpdated": "2025-11-03T22:23:30.897Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47122 (GCVE-0-2021-47122)

Vulnerability from cvelistv5 – Published: 2024-03-15 20:14 – Updated: 2025-05-04 07:04

Title

net: caif: fix memory leak in caif_device_notify

Summary

In the Linux kernel, the following vulnerability has been resolved: net: caif: fix memory leak in caif_device_notify In case of caif_enroll_dev() fail, allocated link_support won't be assigned to the corresponding structure. So simply free allocated pointer in case of error

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b042e2b2039565eb8…
	https://git.kernel.org/stable/c/9348c1f10932f13b2…
	https://git.kernel.org/stable/c/4bca2034b41c15b62…
	https://git.kernel.org/stable/c/3be863c11cab725ad…
	https://git.kernel.org/stable/c/f52f4fd67264c70cd…
	https://git.kernel.org/stable/c/af2806345a37313f0…
	https://git.kernel.org/stable/c/6a0e317f61094d377…
	https://git.kernel.org/stable/c/b53558a950a898249…

Impacted products

Vendor

Product

Version

Linux

Affected: 7c18d2205ea76eef9674e59e1ecae4f332a53e9e , < b042e2b2039565eb8f0eb51c14fbe1ef463c8cd8 (git)
Affected: 7c18d2205ea76eef9674e59e1ecae4f332a53e9e , < 9348c1f10932f13b299cbc8b1bd5f780751fae49 (git)
Affected: 7c18d2205ea76eef9674e59e1ecae4f332a53e9e , < 4bca2034b41c15b62d47a19158bb76235fd4455d (git)
Affected: 7c18d2205ea76eef9674e59e1ecae4f332a53e9e , < 3be863c11cab725add9fef4237ed4e232c3fc3bb (git)
Affected: 7c18d2205ea76eef9674e59e1ecae4f332a53e9e , < f52f4fd67264c70cd0b4ba326962ebe12d9cba94 (git)
Affected: 7c18d2205ea76eef9674e59e1ecae4f332a53e9e , < af2806345a37313f01b1c9f15e046745b8ee2daa (git)
Affected: 7c18d2205ea76eef9674e59e1ecae4f332a53e9e , < 6a0e317f61094d377335547e015dd2ff12caf893 (git)
Affected: 7c18d2205ea76eef9674e59e1ecae4f332a53e9e , < b53558a950a89824938e9811eddfc8efcd94e1bb (git)

Linux

Affected: 3.3
Unaffected: 0 , < 3.3 (semver)
Unaffected: 4.4.272 , ≤ 4.4.* (semver)
Unaffected: 4.9.272 , ≤ 4.9.* (semver)
Unaffected: 4.14.236 , ≤ 4.14.* (semver)
Unaffected: 4.19.194 , ≤ 4.19.* (semver)
Unaffected: 5.4.125 , ≤ 5.4.* (semver)
Unaffected: 5.10.43 , ≤ 5.10.* (semver)
Unaffected: 5.12.10 , ≤ 5.12.* (semver)
Unaffected: 5.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47122",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T16:10:05.257169Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T16:10:13.492Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:24:39.852Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b042e2b2039565eb8f0eb51c14fbe1ef463c8cd8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9348c1f10932f13b299cbc8b1bd5f780751fae49"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4bca2034b41c15b62d47a19158bb76235fd4455d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3be863c11cab725add9fef4237ed4e232c3fc3bb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f52f4fd67264c70cd0b4ba326962ebe12d9cba94"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/af2806345a37313f01b1c9f15e046745b8ee2daa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6a0e317f61094d377335547e015dd2ff12caf893"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b53558a950a89824938e9811eddfc8efcd94e1bb"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/caif/caif_dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b042e2b2039565eb8f0eb51c14fbe1ef463c8cd8",
              "status": "affected",
              "version": "7c18d2205ea76eef9674e59e1ecae4f332a53e9e",
              "versionType": "git"
            },
            {
              "lessThan": "9348c1f10932f13b299cbc8b1bd5f780751fae49",
              "status": "affected",
              "version": "7c18d2205ea76eef9674e59e1ecae4f332a53e9e",
              "versionType": "git"
            },
            {
              "lessThan": "4bca2034b41c15b62d47a19158bb76235fd4455d",
              "status": "affected",
              "version": "7c18d2205ea76eef9674e59e1ecae4f332a53e9e",
              "versionType": "git"
            },
            {
              "lessThan": "3be863c11cab725add9fef4237ed4e232c3fc3bb",
              "status": "affected",
              "version": "7c18d2205ea76eef9674e59e1ecae4f332a53e9e",
              "versionType": "git"
            },
            {
              "lessThan": "f52f4fd67264c70cd0b4ba326962ebe12d9cba94",
              "status": "affected",
              "version": "7c18d2205ea76eef9674e59e1ecae4f332a53e9e",
              "versionType": "git"
            },
            {
              "lessThan": "af2806345a37313f01b1c9f15e046745b8ee2daa",
              "status": "affected",
              "version": "7c18d2205ea76eef9674e59e1ecae4f332a53e9e",
              "versionType": "git"
            },
            {
              "lessThan": "6a0e317f61094d377335547e015dd2ff12caf893",
              "status": "affected",
              "version": "7c18d2205ea76eef9674e59e1ecae4f332a53e9e",
              "versionType": "git"
            },
            {
              "lessThan": "b53558a950a89824938e9811eddfc8efcd94e1bb",
              "status": "affected",
              "version": "7c18d2205ea76eef9674e59e1ecae4f332a53e9e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/caif/caif_dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.3"
            },
            {
              "lessThan": "3.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.*",
              "status": "unaffected",
              "version": "4.4.272",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.272",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.236",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.194",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.125",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.4.272",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.272",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.236",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.194",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.125",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.43",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.10",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: caif: fix memory leak in caif_device_notify\n\nIn case of caif_enroll_dev() fail, allocated\nlink_support won\u0027t be assigned to the corresponding\nstructure. So simply free allocated pointer in case\nof error"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:04:34.716Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b042e2b2039565eb8f0eb51c14fbe1ef463c8cd8"
        },
        {
          "url": "https://git.kernel.org/stable/c/9348c1f10932f13b299cbc8b1bd5f780751fae49"
        },
        {
          "url": "https://git.kernel.org/stable/c/4bca2034b41c15b62d47a19158bb76235fd4455d"
        },
        {
          "url": "https://git.kernel.org/stable/c/3be863c11cab725add9fef4237ed4e232c3fc3bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/f52f4fd67264c70cd0b4ba326962ebe12d9cba94"
        },
        {
          "url": "https://git.kernel.org/stable/c/af2806345a37313f01b1c9f15e046745b8ee2daa"
        },
        {
          "url": "https://git.kernel.org/stable/c/6a0e317f61094d377335547e015dd2ff12caf893"
        },
        {
          "url": "https://git.kernel.org/stable/c/b53558a950a89824938e9811eddfc8efcd94e1bb"
        }
      ],
      "title": "net: caif: fix memory leak in caif_device_notify",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47122",
    "datePublished": "2024-03-15T20:14:28.089Z",
    "dateReserved": "2024-03-04T18:12:48.838Z",
    "dateUpdated": "2025-05-04T07:04:34.716Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-57913 (GCVE-0-2024-57913)

Vulnerability from cvelistv5 – Published: 2025-01-19 11:52 – Updated: 2025-11-03 20:55

Title

usb: gadget: f_fs: Remove WARN_ON in functionfs_bind

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Remove WARN_ON in functionfs_bind This commit addresses an issue related to below kernel panic where panic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON in functionsfs_bind, which easily leads to the following scenarios. 1.adb_write in adbd 2. UDC write via configfs ================= ===================== ->usb_ffs_open_thread() ->UDC write ->open_functionfs() ->configfs_write_iter() ->adb_open() ->gadget_dev_desc_UDC_store() ->adb_write() ->usb_gadget_register_driver_owner ->driver_register() ->StartMonitor() ->bus_add_driver() ->adb_read() ->gadget_bind_driver() <times-out without BIND event> ->configfs_composite_bind() ->usb_add_function() ->open_functionfs() ->ffs_func_bind() ->adb_open() ->functionfs_bind() <ffs->state !=FFS_ACTIVE> The adb_open, adb_read, and adb_write operations are invoked from the daemon, but trying to bind the function is a process that is invoked by UDC write through configfs, which opens up the possibility of a race condition between the two paths. In this race scenario, the kernel panic occurs due to the WARN_ON from functionfs_bind when panic_on_warn is enabled. This commit fixes the kernel panic by removing the unnecessary WARN_ON. Kernel panic - not syncing: kernel: panic_on_warn set ... [ 14.542395] Call trace: [ 14.542464] ffs_func_bind+0x1c8/0x14a8 [ 14.542468] usb_add_function+0xcc/0x1f0 [ 14.542473] configfs_composite_bind+0x468/0x588 [ 14.542478] gadget_bind_driver+0x108/0x27c [ 14.542483] really_probe+0x190/0x374 [ 14.542488] __driver_probe_device+0xa0/0x12c [ 14.542492] driver_probe_device+0x3c/0x220 [ 14.542498] __driver_attach+0x11c/0x1fc [ 14.542502] bus_for_each_dev+0x104/0x160 [ 14.542506] driver_attach+0x24/0x34 [ 14.542510] bus_add_driver+0x154/0x270 [ 14.542514] driver_register+0x68/0x104 [ 14.542518] usb_gadget_register_driver_owner+0x48/0xf4 [ 14.542523] gadget_dev_desc_UDC_store+0xf8/0x144 [ 14.542526] configfs_write_iter+0xf0/0x138

Severity ?

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/bfe60030fcd976e35…
	https://git.kernel.org/stable/c/3e4d32cc145955d5c…
	https://git.kernel.org/stable/c/19fc1c83454ca9d56…
	https://git.kernel.org/stable/c/82f60f3600aecd9ff…
	https://git.kernel.org/stable/c/ea6a1498742430eb2…
	https://git.kernel.org/stable/c/a8b6a18b9b66cc4c0…
	https://git.kernel.org/stable/c/dfc51e48bca475bbe…

Impacted products

Vendor

Product

Version

Linux

Affected: ddf8abd2599491cbad959c700b90ba72a5dce8d0 , < bfe60030fcd976e3546e1f73d6d0eb3fea26442e (git)
Affected: ddf8abd2599491cbad959c700b90ba72a5dce8d0 , < 3e4d32cc145955d5c56c5498a3ff057e4aafa9d1 (git)
Affected: ddf8abd2599491cbad959c700b90ba72a5dce8d0 , < 19fc1c83454ca9d5699e39633ec79ce26355251c (git)
Affected: ddf8abd2599491cbad959c700b90ba72a5dce8d0 , < 82f60f3600aecd9ffcd0fbc4e193694511c85b47 (git)
Affected: ddf8abd2599491cbad959c700b90ba72a5dce8d0 , < ea6a1498742430eb2effce0d1439ff29ef37dd7d (git)
Affected: ddf8abd2599491cbad959c700b90ba72a5dce8d0 , < a8b6a18b9b66cc4c016d63132b59ce5383f7cdd2 (git)
Affected: ddf8abd2599491cbad959c700b90ba72a5dce8d0 , < dfc51e48bca475bbee984e90f33fdc537ce09699 (git)

Linux

Affected: 2.6.35
Unaffected: 0 , < 2.6.35 (semver)
Unaffected: 5.4.290 , ≤ 5.4.* (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.125 , ≤ 6.1.* (semver)
Unaffected: 6.6.72 , ≤ 6.6.* (semver)
Unaffected: 6.12.10 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.7,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-57913",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:53:20.371926Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-362",
                "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:15.449Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:55:48.145Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/function/f_fs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bfe60030fcd976e3546e1f73d6d0eb3fea26442e",
              "status": "affected",
              "version": "ddf8abd2599491cbad959c700b90ba72a5dce8d0",
              "versionType": "git"
            },
            {
              "lessThan": "3e4d32cc145955d5c56c5498a3ff057e4aafa9d1",
              "status": "affected",
              "version": "ddf8abd2599491cbad959c700b90ba72a5dce8d0",
              "versionType": "git"
            },
            {
              "lessThan": "19fc1c83454ca9d5699e39633ec79ce26355251c",
              "status": "affected",
              "version": "ddf8abd2599491cbad959c700b90ba72a5dce8d0",
              "versionType": "git"
            },
            {
              "lessThan": "82f60f3600aecd9ffcd0fbc4e193694511c85b47",
              "status": "affected",
              "version": "ddf8abd2599491cbad959c700b90ba72a5dce8d0",
              "versionType": "git"
            },
            {
              "lessThan": "ea6a1498742430eb2effce0d1439ff29ef37dd7d",
              "status": "affected",
              "version": "ddf8abd2599491cbad959c700b90ba72a5dce8d0",
              "versionType": "git"
            },
            {
              "lessThan": "a8b6a18b9b66cc4c016d63132b59ce5383f7cdd2",
              "status": "affected",
              "version": "ddf8abd2599491cbad959c700b90ba72a5dce8d0",
              "versionType": "git"
            },
            {
              "lessThan": "dfc51e48bca475bbee984e90f33fdc537ce09699",
              "status": "affected",
              "version": "ddf8abd2599491cbad959c700b90ba72a5dce8d0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/function/f_fs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.35"
            },
            {
              "lessThan": "2.6.35",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.290",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.125",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.72",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.290",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.125",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.72",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.10",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_fs: Remove WARN_ON in functionfs_bind\n\nThis commit addresses an issue related to below kernel panic where\npanic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON\nin functionsfs_bind, which easily leads to the following scenarios.\n\n1.adb_write in adbd               2. UDC write via configfs\n  =================\t             =====================\n\n-\u003eusb_ffs_open_thread()           -\u003eUDC write\n -\u003eopen_functionfs()               -\u003econfigfs_write_iter()\n  -\u003eadb_open()                      -\u003egadget_dev_desc_UDC_store()\n   -\u003eadb_write()                     -\u003eusb_gadget_register_driver_owner\n                                      -\u003edriver_register()\n-\u003eStartMonitor()                       -\u003ebus_add_driver()\n -\u003eadb_read()                           -\u003egadget_bind_driver()\n\u003ctimes-out without BIND event\u003e           -\u003econfigfs_composite_bind()\n                                          -\u003eusb_add_function()\n-\u003eopen_functionfs()                        -\u003effs_func_bind()\n -\u003eadb_open()                               -\u003efunctionfs_bind()\n                                       \u003cffs-\u003estate !=FFS_ACTIVE\u003e\n\nThe adb_open, adb_read, and adb_write operations are invoked from the\ndaemon, but trying to bind the function is a process that is invoked by\nUDC write through configfs, which opens up the possibility of a race\ncondition between the two paths. In this race scenario, the kernel panic\noccurs due to the WARN_ON from functionfs_bind when panic_on_warn is\nenabled. This commit fixes the kernel panic by removing the unnecessary\nWARN_ON.\n\nKernel panic - not syncing: kernel: panic_on_warn set ...\n[   14.542395] Call trace:\n[   14.542464]  ffs_func_bind+0x1c8/0x14a8\n[   14.542468]  usb_add_function+0xcc/0x1f0\n[   14.542473]  configfs_composite_bind+0x468/0x588\n[   14.542478]  gadget_bind_driver+0x108/0x27c\n[   14.542483]  really_probe+0x190/0x374\n[   14.542488]  __driver_probe_device+0xa0/0x12c\n[   14.542492]  driver_probe_device+0x3c/0x220\n[   14.542498]  __driver_attach+0x11c/0x1fc\n[   14.542502]  bus_for_each_dev+0x104/0x160\n[   14.542506]  driver_attach+0x24/0x34\n[   14.542510]  bus_add_driver+0x154/0x270\n[   14.542514]  driver_register+0x68/0x104\n[   14.542518]  usb_gadget_register_driver_owner+0x48/0xf4\n[   14.542523]  gadget_dev_desc_UDC_store+0xf8/0x144\n[   14.542526]  configfs_write_iter+0xf0/0x138"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:06:31.910Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bfe60030fcd976e3546e1f73d6d0eb3fea26442e"
        },
        {
          "url": "https://git.kernel.org/stable/c/3e4d32cc145955d5c56c5498a3ff057e4aafa9d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/19fc1c83454ca9d5699e39633ec79ce26355251c"
        },
        {
          "url": "https://git.kernel.org/stable/c/82f60f3600aecd9ffcd0fbc4e193694511c85b47"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea6a1498742430eb2effce0d1439ff29ef37dd7d"
        },
        {
          "url": "https://git.kernel.org/stable/c/a8b6a18b9b66cc4c016d63132b59ce5383f7cdd2"
        },
        {
          "url": "https://git.kernel.org/stable/c/dfc51e48bca475bbee984e90f33fdc537ce09699"
        }
      ],
      "title": "usb: gadget: f_fs: Remove WARN_ON in functionfs_bind",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57913",
    "datePublished": "2025-01-19T11:52:35.149Z",
    "dateReserved": "2025-01-19T11:50:08.374Z",
    "dateUpdated": "2025-11-03T20:55:48.145Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49998 (GCVE-0-2024-49998)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2025-11-24 09:49

Title

net: dsa: improve shutdown sequence

Summary

In the Linux kernel, the following vulnerability has been resolved: net: dsa: improve shutdown sequence Alexander Sverdlin presents 2 problems during shutdown with the lan9303 driver. One is specific to lan9303 and the other just happens to reproduce there. The first problem is that lan9303 is unique among DSA drivers in that it calls dev_get_drvdata() at "arbitrary runtime" (not probe, not shutdown, not remove): phy_state_machine() -> ... -> dsa_user_phy_read() -> ds->ops->phy_read() -> lan9303_phy_read() -> chip->ops->phy_read() -> lan9303_mdio_phy_read() -> dev_get_drvdata() But we never stop the phy_state_machine(), so it may continue to run after dsa_switch_shutdown(). Our common pattern in all DSA drivers is to set drvdata to NULL to suppress the remove() method that may come afterwards. But in this case it will result in an NPD. The second problem is that the way in which we set dp->conduit->dsa_ptr = NULL; is concurrent with receive packet processing. dsa_switch_rcv() checks once whether dev->dsa_ptr is NULL, but afterwards, rather than continuing to use that non-NULL value, dev->dsa_ptr is dereferenced again and again without NULL checks: dsa_conduit_find_user() and many other places. In between dereferences, there is no locking to ensure that what was valid once continues to be valid. Both problems have the common aspect that closing the conduit interface solves them. In the first case, dev_close(conduit) triggers the NETDEV_GOING_DOWN event in dsa_user_netdevice_event() which closes user ports as well. dsa_port_disable_rt() calls phylink_stop(), which synchronously stops the phylink state machine, and ds->ops->phy_read() will thus no longer call into the driver after this point. In the second case, dev_close(conduit) should do this, as per Documentation/networking/driver.rst: | Quiescence | ---------- | | After the ndo_stop routine has been called, the hardware must | not receive or transmit any data. All in flight packets must | be aborted. If necessary, poll or wait for completion of | any reset commands. So it should be sufficient to ensure that later, when we zeroize conduit->dsa_ptr, there will be no concurrent dsa_switch_rcv() call on this conduit. The addition of the netif_device_detach() function is to ensure that ioctls, rtnetlinks and ethtool requests on the user ports no longer propagate down to the driver - we're no longer prepared to handle them. The race condition actually did not exist when commit 0650bf52b31f ("net: dsa: be compatible with masters which unregister on shutdown") first introduced dsa_switch_shutdown(). It was created later, when we stopped unregistering the user interfaces from a bad spot, and we just replaced that sequence with a racy zeroization of conduit->dsa_ptr (one which doesn't ensure that the interfaces aren't up).

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/87bd909a7014e3279…
	https://git.kernel.org/stable/c/2e93bf719462ac6d2…
	https://git.kernel.org/stable/c/ab5d3420a11209507…
	https://git.kernel.org/stable/c/b4a65d479213fe84e…
	https://git.kernel.org/stable/c/6c24a03a61a245fe3…

Impacted products

Vendor

Product

Version

Linux

Affected: ff45899e732e57088985e3a497b1d9100571c0f5 , < 87bd909a7014e32790e8c759d5b7694a95778ca5 (git)
Affected: ee534378f00561207656663d93907583958339ae , < 2e93bf719462ac6d23c881c8b93e5dc9bf5ab7f5 (git)
Affected: ee534378f00561207656663d93907583958339ae , < ab5d3420a1120950703dbdc33698b28a6ebc3d23 (git)
Affected: ee534378f00561207656663d93907583958339ae , < b4a65d479213fe84ecb14e328271251eebe69492 (git)
Affected: ee534378f00561207656663d93907583958339ae , < 6c24a03a61a245fe34d47582898331fa034b6ccd (git)
Affected: 89b60402d43cdab4387dbbf24afebda5cf092ae7 (git)

Linux

Affected: 5.17
Unaffected: 0 , < 5.17 (semver)
Unaffected: 5.15.176 , ≤ 5.15.* (semver)
Unaffected: 6.6.117 , ≤ 6.6.* (semver)
Unaffected: 6.10.14 , ≤ 6.10.* (semver)
Unaffected: 6.11.3 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49998",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:30:20.999100Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:38:41.547Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/dsa/dsa.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "87bd909a7014e32790e8c759d5b7694a95778ca5",
              "status": "affected",
              "version": "ff45899e732e57088985e3a497b1d9100571c0f5",
              "versionType": "git"
            },
            {
              "lessThan": "2e93bf719462ac6d23c881c8b93e5dc9bf5ab7f5",
              "status": "affected",
              "version": "ee534378f00561207656663d93907583958339ae",
              "versionType": "git"
            },
            {
              "lessThan": "ab5d3420a1120950703dbdc33698b28a6ebc3d23",
              "status": "affected",
              "version": "ee534378f00561207656663d93907583958339ae",
              "versionType": "git"
            },
            {
              "lessThan": "b4a65d479213fe84ecb14e328271251eebe69492",
              "status": "affected",
              "version": "ee534378f00561207656663d93907583958339ae",
              "versionType": "git"
            },
            {
              "lessThan": "6c24a03a61a245fe34d47582898331fa034b6ccd",
              "status": "affected",
              "version": "ee534378f00561207656663d93907583958339ae",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "89b60402d43cdab4387dbbf24afebda5cf092ae7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/dsa/dsa.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.17"
            },
            {
              "lessThan": "5.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.117",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.176",
                  "versionStartIncluding": "5.15.155",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.117",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.16.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: improve shutdown sequence\n\nAlexander Sverdlin presents 2 problems during shutdown with the\nlan9303 driver. One is specific to lan9303 and the other just happens\nto reproduce there.\n\nThe first problem is that lan9303 is unique among DSA drivers in that it\ncalls dev_get_drvdata() at \"arbitrary runtime\" (not probe, not shutdown,\nnot remove):\n\nphy_state_machine()\n-\u003e ...\n   -\u003e dsa_user_phy_read()\n      -\u003e ds-\u003eops-\u003ephy_read()\n         -\u003e lan9303_phy_read()\n            -\u003e chip-\u003eops-\u003ephy_read()\n               -\u003e lan9303_mdio_phy_read()\n                  -\u003e dev_get_drvdata()\n\nBut we never stop the phy_state_machine(), so it may continue to run\nafter dsa_switch_shutdown(). Our common pattern in all DSA drivers is\nto set drvdata to NULL to suppress the remove() method that may come\nafterwards. But in this case it will result in an NPD.\n\nThe second problem is that the way in which we set\ndp-\u003econduit-\u003edsa_ptr = NULL; is concurrent with receive packet\nprocessing. dsa_switch_rcv() checks once whether dev-\u003edsa_ptr is NULL,\nbut afterwards, rather than continuing to use that non-NULL value,\ndev-\u003edsa_ptr is dereferenced again and again without NULL checks:\ndsa_conduit_find_user() and many other places. In between dereferences,\nthere is no locking to ensure that what was valid once continues to be\nvalid.\n\nBoth problems have the common aspect that closing the conduit interface\nsolves them.\n\nIn the first case, dev_close(conduit) triggers the NETDEV_GOING_DOWN\nevent in dsa_user_netdevice_event() which closes user ports as well.\ndsa_port_disable_rt() calls phylink_stop(), which synchronously stops\nthe phylink state machine, and ds-\u003eops-\u003ephy_read() will thus no longer\ncall into the driver after this point.\n\nIn the second case, dev_close(conduit) should do this, as per\nDocumentation/networking/driver.rst:\n\n| Quiescence\n| ----------\n|\n| After the ndo_stop routine has been called, the hardware must\n| not receive or transmit any data.  All in flight packets must\n| be aborted. If necessary, poll or wait for completion of\n| any reset commands.\n\nSo it should be sufficient to ensure that later, when we zeroize\nconduit-\u003edsa_ptr, there will be no concurrent dsa_switch_rcv() call\non this conduit.\n\nThe addition of the netif_device_detach() function is to ensure that\nioctls, rtnetlinks and ethtool requests on the user ports no longer\npropagate down to the driver - we\u0027re no longer prepared to handle them.\n\nThe race condition actually did not exist when commit 0650bf52b31f\n(\"net: dsa: be compatible with masters which unregister on shutdown\")\nfirst introduced dsa_switch_shutdown(). It was created later, when we\nstopped unregistering the user interfaces from a bad spot, and we just\nreplaced that sequence with a racy zeroization of conduit-\u003edsa_ptr\n(one which doesn\u0027t ensure that the interfaces aren\u0027t up)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-24T09:49:35.851Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/87bd909a7014e32790e8c759d5b7694a95778ca5"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e93bf719462ac6d23c881c8b93e5dc9bf5ab7f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/ab5d3420a1120950703dbdc33698b28a6ebc3d23"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4a65d479213fe84ecb14e328271251eebe69492"
        },
        {
          "url": "https://git.kernel.org/stable/c/6c24a03a61a245fe34d47582898331fa034b6ccd"
        }
      ],
      "title": "net: dsa: improve shutdown sequence",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49998",
    "datePublished": "2024-10-21T18:02:38.316Z",
    "dateReserved": "2024-10-21T12:17:06.057Z",
    "dateUpdated": "2025-11-24T09:49:35.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53136 (GCVE-0-2024-53136)

Vulnerability from cvelistv5 – Published: 2024-12-04 14:20 – Updated: 2025-11-03 22:29

Title

mm: revert "mm: shmem: fix data-race in shmem_getattr()"

Summary

In the Linux kernel, the following vulnerability has been resolved: mm: revert "mm: shmem: fix data-race in shmem_getattr()" Revert d949d1d14fa2 ("mm: shmem: fix data-race in shmem_getattr()") as suggested by Chuck [1]. It is causing deadlocks when accessing tmpfs over NFS. As Hugh commented, "added just to silence a syzbot sanitizer splat: added where there has never been any practical problem".

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/36b537e8f302f670c…
	https://git.kernel.org/stable/c/a3c65022d89d5baa2…
	https://git.kernel.org/stable/c/57cc8d253099d1b86…
	https://git.kernel.org/stable/c/d3f9d88c2c03b2646…
	https://git.kernel.org/stable/c/5874c1150e7729656…
	https://git.kernel.org/stable/c/64e67e8694252c1bf…
	https://git.kernel.org/stable/c/901dc2ad7c3789fa8…
	https://git.kernel.org/stable/c/d1aa0c04294e29883…

Impacted products

Vendor

Product

Version

Linux

Affected: 9fb9703cd43ee20a6de8ccdef991677b7274cec0 , < 36b537e8f302f670c7cf35d88a3a294443e32d52 (git)
Affected: 7cc30ada84323be19395094d567579536e0d187e , < a3c65022d89d5baa2cea8e87a6de983ea305f14c (git)
Affected: bda1a99a0dd644f31a87d636ac624eeb975cb65a , < 57cc8d253099d1b8627f0fb487ee011d9158ccc9 (git)
Affected: 3d9528484480e8f4979b3a347930ed383be99f89 , < d3f9d88c2c03b2646ace336236adca19f7697bd3 (git)
Affected: 82cae1e30bd940253593c2d4f16d88343d1358f4 , < 5874c1150e77296565ad6e495ef41fbf87570d14 (git)
Affected: edd1f905050686fdc4cfe233d818469fdf7d5ff8 , < 64e67e8694252c1bf01b802ee911be3fee62c36b (git)
Affected: ffd56612566bc23877c8f45def2801f3324a222a , < 901dc2ad7c3789fa87dc3956f6697c5d62d5cf7e (git)
Affected: d949d1d14fa281ace388b1de978e8f2cd52875cf , < d1aa0c04294e29883d65eac6c2f72fe95cc7c049 (git)

Linux

Affected: 4.19.323 , < 4.19.325 (semver)
Affected: 5.4.285 , < 5.4.287 (semver)
Affected: 5.10.229 , < 5.10.231 (semver)
Affected: 5.15.171 , < 5.15.174 (semver)
Affected: 6.1.116 , < 6.1.119 (semver)
Affected: 6.6.60 , < 6.6.63 (semver)
Affected: 6.11.7 , < 6.11.10 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:29:39.267Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/shmem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "36b537e8f302f670c7cf35d88a3a294443e32d52",
              "status": "affected",
              "version": "9fb9703cd43ee20a6de8ccdef991677b7274cec0",
              "versionType": "git"
            },
            {
              "lessThan": "a3c65022d89d5baa2cea8e87a6de983ea305f14c",
              "status": "affected",
              "version": "7cc30ada84323be19395094d567579536e0d187e",
              "versionType": "git"
            },
            {
              "lessThan": "57cc8d253099d1b8627f0fb487ee011d9158ccc9",
              "status": "affected",
              "version": "bda1a99a0dd644f31a87d636ac624eeb975cb65a",
              "versionType": "git"
            },
            {
              "lessThan": "d3f9d88c2c03b2646ace336236adca19f7697bd3",
              "status": "affected",
              "version": "3d9528484480e8f4979b3a347930ed383be99f89",
              "versionType": "git"
            },
            {
              "lessThan": "5874c1150e77296565ad6e495ef41fbf87570d14",
              "status": "affected",
              "version": "82cae1e30bd940253593c2d4f16d88343d1358f4",
              "versionType": "git"
            },
            {
              "lessThan": "64e67e8694252c1bf01b802ee911be3fee62c36b",
              "status": "affected",
              "version": "edd1f905050686fdc4cfe233d818469fdf7d5ff8",
              "versionType": "git"
            },
            {
              "lessThan": "901dc2ad7c3789fa87dc3956f6697c5d62d5cf7e",
              "status": "affected",
              "version": "ffd56612566bc23877c8f45def2801f3324a222a",
              "versionType": "git"
            },
            {
              "lessThan": "d1aa0c04294e29883d65eac6c2f72fe95cc7c049",
              "status": "affected",
              "version": "d949d1d14fa281ace388b1de978e8f2cd52875cf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/shmem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4.19.325",
              "status": "affected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThan": "5.4.287",
              "status": "affected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThan": "5.10.231",
              "status": "affected",
              "version": "5.10.229",
              "versionType": "semver"
            },
            {
              "lessThan": "5.15.174",
              "status": "affected",
              "version": "5.15.171",
              "versionType": "semver"
            },
            {
              "lessThan": "6.1.119",
              "status": "affected",
              "version": "6.1.116",
              "versionType": "semver"
            },
            {
              "lessThan": "6.6.63",
              "status": "affected",
              "version": "6.6.60",
              "versionType": "semver"
            },
            {
              "lessThan": "6.11.10",
              "status": "affected",
              "version": "6.11.7",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "4.19.323",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "5.4.285",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "5.10.229",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.15.171",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.119",
                  "versionStartIncluding": "6.1.116",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.63",
                  "versionStartIncluding": "6.6.60",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.10",
                  "versionStartIncluding": "6.11.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: revert \"mm: shmem: fix data-race in shmem_getattr()\"\n\nRevert d949d1d14fa2 (\"mm: shmem: fix data-race in shmem_getattr()\") as\nsuggested by Chuck [1].  It is causing deadlocks when accessing tmpfs over\nNFS.\n\nAs Hugh commented, \"added just to silence a syzbot sanitizer splat: added\nwhere there has never been any practical problem\"."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:53:56.403Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/36b537e8f302f670c7cf35d88a3a294443e32d52"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3c65022d89d5baa2cea8e87a6de983ea305f14c"
        },
        {
          "url": "https://git.kernel.org/stable/c/57cc8d253099d1b8627f0fb487ee011d9158ccc9"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3f9d88c2c03b2646ace336236adca19f7697bd3"
        },
        {
          "url": "https://git.kernel.org/stable/c/5874c1150e77296565ad6e495ef41fbf87570d14"
        },
        {
          "url": "https://git.kernel.org/stable/c/64e67e8694252c1bf01b802ee911be3fee62c36b"
        },
        {
          "url": "https://git.kernel.org/stable/c/901dc2ad7c3789fa87dc3956f6697c5d62d5cf7e"
        },
        {
          "url": "https://git.kernel.org/stable/c/d1aa0c04294e29883d65eac6c2f72fe95cc7c049"
        }
      ],
      "title": "mm: revert \"mm: shmem: fix data-race in shmem_getattr()\"",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53136",
    "datePublished": "2024-12-04T14:20:41.634Z",
    "dateReserved": "2024-11-19T17:17:24.996Z",
    "dateUpdated": "2025-11-03T22:29:39.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56642 (GCVE-0-2024-56642)

Vulnerability from cvelistv5 – Published: 2024-12-27 15:02 – Updated: 2025-11-03 20:51

Title

tipc: Fix use-after-free of kernel socket in cleanup_bearer().

Summary

In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free of kernel socket in cleanup_bearer(). syzkaller reported a use-after-free of UDP kernel socket in cleanup_bearer() without repro. [0][1] When bearer_disable() calls tipc_udp_disable(), cleanup of the UDP kernel socket is deferred by work calling cleanup_bearer(). tipc_exit_net() waits for such works to finish by checking tipc_net(net)->wq_count. However, the work decrements the count too early before releasing the kernel socket, unblocking cleanup_net() and resulting in use-after-free. Let's move the decrement after releasing the socket in cleanup_bearer(). [0]: ref_tracker: net notrefcnt@000000009b3d1faf has 1/1 users at sk_alloc+0x438/0x608 inet_create+0x4c8/0xcb0 __sock_create+0x350/0x6b8 sock_create_kern+0x58/0x78 udp_sock_create4+0x68/0x398 udp_sock_create+0x88/0xc8 tipc_udp_enable+0x5e8/0x848 __tipc_nl_bearer_enable+0x84c/0xed8 tipc_nl_bearer_enable+0x38/0x60 genl_family_rcv_msg_doit+0x170/0x248 genl_rcv_msg+0x400/0x5b0 netlink_rcv_skb+0x1dc/0x398 genl_rcv+0x44/0x68 netlink_unicast+0x678/0x8b0 netlink_sendmsg+0x5e4/0x898 ____sys_sendmsg+0x500/0x830 [1]: BUG: KMSAN: use-after-free in udp_hashslot include/net/udp.h:85 [inline] BUG: KMSAN: use-after-free in udp_lib_unhash+0x3b8/0x930 net/ipv4/udp.c:1979 udp_hashslot include/net/udp.h:85 [inline] udp_lib_unhash+0x3b8/0x930 net/ipv4/udp.c:1979 sk_common_release+0xaf/0x3f0 net/core/sock.c:3820 inet_release+0x1e0/0x260 net/ipv4/af_inet.c:437 inet6_release+0x6f/0xd0 net/ipv6/af_inet6.c:489 __sock_release net/socket.c:658 [inline] sock_release+0xa0/0x210 net/socket.c:686 cleanup_bearer+0x42d/0x4c0 net/tipc/udp_media.c:819 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xcaf/0x1c90 kernel/workqueue.c:3310 worker_thread+0xf6c/0x1510 kernel/workqueue.c:3391 kthread+0x531/0x6b0 kernel/kthread.c:389 ret_from_fork+0x60/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244 Uninit was created at: slab_free_hook mm/slub.c:2269 [inline] slab_free mm/slub.c:4580 [inline] kmem_cache_free+0x207/0xc40 mm/slub.c:4682 net_free net/core/net_namespace.c:454 [inline] cleanup_net+0x16f2/0x19d0 net/core/net_namespace.c:647 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xcaf/0x1c90 kernel/workqueue.c:3310 worker_thread+0xf6c/0x1510 kernel/workqueue.c:3391 kthread+0x531/0x6b0 kernel/kthread.c:389 ret_from_fork+0x60/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244 CPU: 0 UID: 0 PID: 54 Comm: kworker/0:2 Not tainted 6.12.0-rc1-00131-gf66ebf37d69c #7 91723d6f74857f70725e1583cba3cf4adc716cfa Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 Workqueue: events cleanup_bearer

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4e69457f9dfae6743…
	https://git.kernel.org/stable/c/650ee9a22d7a2de89…
	https://git.kernel.org/stable/c/d2a4894f238551eae…
	https://git.kernel.org/stable/c/d62d5180c036eeac0…
	https://git.kernel.org/stable/c/d00d4470bf8c42826…
	https://git.kernel.org/stable/c/e48b211c4c59062cb…
	https://git.kernel.org/stable/c/6a2fa13312e51a621…

Impacted products

Vendor

Product

Version

Linux

Affected: d1f76dfadaf8f47ed1753f97dbcbd41c16215ffa , < 4e69457f9dfae67435f3ccf29008768eae860415 (git)
Affected: 5195ec5e365a2a9331bfeb585b613a6e94f98dba , < 650ee9a22d7a2de8999fac2d45983597a0c22359 (git)
Affected: 04c26faa51d1e2fe71cf13c45791f5174c37f986 , < d2a4894f238551eae178904e7f45af87577074fd (git)
Affected: 04c26faa51d1e2fe71cf13c45791f5174c37f986 , < d62d5180c036eeac09f80660edc7a602b369125f (git)
Affected: 04c26faa51d1e2fe71cf13c45791f5174c37f986 , < d00d4470bf8c4282617a3a10e76b20a9c7e4cffa (git)
Affected: 04c26faa51d1e2fe71cf13c45791f5174c37f986 , < e48b211c4c59062cb6dd6c2c37c51a7cc235a464 (git)
Affected: 04c26faa51d1e2fe71cf13c45791f5174c37f986 , < 6a2fa13312e51a621f652d522d7e2df7066330b6 (git)
Affected: b9f5b7ad4ac3af006443f535b1ce7bff1d130d7d (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56642",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T15:41:46.826025Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T15:45:21.774Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:51:42.786Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/udp_media.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4e69457f9dfae67435f3ccf29008768eae860415",
              "status": "affected",
              "version": "d1f76dfadaf8f47ed1753f97dbcbd41c16215ffa",
              "versionType": "git"
            },
            {
              "lessThan": "650ee9a22d7a2de8999fac2d45983597a0c22359",
              "status": "affected",
              "version": "5195ec5e365a2a9331bfeb585b613a6e94f98dba",
              "versionType": "git"
            },
            {
              "lessThan": "d2a4894f238551eae178904e7f45af87577074fd",
              "status": "affected",
              "version": "04c26faa51d1e2fe71cf13c45791f5174c37f986",
              "versionType": "git"
            },
            {
              "lessThan": "d62d5180c036eeac09f80660edc7a602b369125f",
              "status": "affected",
              "version": "04c26faa51d1e2fe71cf13c45791f5174c37f986",
              "versionType": "git"
            },
            {
              "lessThan": "d00d4470bf8c4282617a3a10e76b20a9c7e4cffa",
              "status": "affected",
              "version": "04c26faa51d1e2fe71cf13c45791f5174c37f986",
              "versionType": "git"
            },
            {
              "lessThan": "e48b211c4c59062cb6dd6c2c37c51a7cc235a464",
              "status": "affected",
              "version": "04c26faa51d1e2fe71cf13c45791f5174c37f986",
              "versionType": "git"
            },
            {
              "lessThan": "6a2fa13312e51a621f652d522d7e2df7066330b6",
              "status": "affected",
              "version": "04c26faa51d1e2fe71cf13c45791f5174c37f986",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "b9f5b7ad4ac3af006443f535b1ce7bff1d130d7d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/udp_media.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "5.4.124",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "5.10.42",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.12.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Fix use-after-free of kernel socket in cleanup_bearer().\n\nsyzkaller reported a use-after-free of UDP kernel socket\nin cleanup_bearer() without repro. [0][1]\n\nWhen bearer_disable() calls tipc_udp_disable(), cleanup\nof the UDP kernel socket is deferred by work calling\ncleanup_bearer().\n\ntipc_exit_net() waits for such works to finish by checking\ntipc_net(net)-\u003ewq_count.  However, the work decrements the\ncount too early before releasing the kernel socket,\nunblocking cleanup_net() and resulting in use-after-free.\n\nLet\u0027s move the decrement after releasing the socket in\ncleanup_bearer().\n\n[0]:\nref_tracker: net notrefcnt@000000009b3d1faf has 1/1 users at\n     sk_alloc+0x438/0x608\n     inet_create+0x4c8/0xcb0\n     __sock_create+0x350/0x6b8\n     sock_create_kern+0x58/0x78\n     udp_sock_create4+0x68/0x398\n     udp_sock_create+0x88/0xc8\n     tipc_udp_enable+0x5e8/0x848\n     __tipc_nl_bearer_enable+0x84c/0xed8\n     tipc_nl_bearer_enable+0x38/0x60\n     genl_family_rcv_msg_doit+0x170/0x248\n     genl_rcv_msg+0x400/0x5b0\n     netlink_rcv_skb+0x1dc/0x398\n     genl_rcv+0x44/0x68\n     netlink_unicast+0x678/0x8b0\n     netlink_sendmsg+0x5e4/0x898\n     ____sys_sendmsg+0x500/0x830\n\n[1]:\nBUG: KMSAN: use-after-free in udp_hashslot include/net/udp.h:85 [inline]\nBUG: KMSAN: use-after-free in udp_lib_unhash+0x3b8/0x930 net/ipv4/udp.c:1979\n udp_hashslot include/net/udp.h:85 [inline]\n udp_lib_unhash+0x3b8/0x930 net/ipv4/udp.c:1979\n sk_common_release+0xaf/0x3f0 net/core/sock.c:3820\n inet_release+0x1e0/0x260 net/ipv4/af_inet.c:437\n inet6_release+0x6f/0xd0 net/ipv6/af_inet6.c:489\n __sock_release net/socket.c:658 [inline]\n sock_release+0xa0/0x210 net/socket.c:686\n cleanup_bearer+0x42d/0x4c0 net/tipc/udp_media.c:819\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xcaf/0x1c90 kernel/workqueue.c:3310\n worker_thread+0xf6c/0x1510 kernel/workqueue.c:3391\n kthread+0x531/0x6b0 kernel/kthread.c:389\n ret_from_fork+0x60/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244\n\nUninit was created at:\n slab_free_hook mm/slub.c:2269 [inline]\n slab_free mm/slub.c:4580 [inline]\n kmem_cache_free+0x207/0xc40 mm/slub.c:4682\n net_free net/core/net_namespace.c:454 [inline]\n cleanup_net+0x16f2/0x19d0 net/core/net_namespace.c:647\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xcaf/0x1c90 kernel/workqueue.c:3310\n worker_thread+0xf6c/0x1510 kernel/workqueue.c:3391\n kthread+0x531/0x6b0 kernel/kthread.c:389\n ret_from_fork+0x60/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/0:2 Not tainted 6.12.0-rc1-00131-gf66ebf37d69c #7 91723d6f74857f70725e1583cba3cf4adc716cfa\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nWorkqueue: events cleanup_bearer"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T13:00:56.851Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4e69457f9dfae67435f3ccf29008768eae860415"
        },
        {
          "url": "https://git.kernel.org/stable/c/650ee9a22d7a2de8999fac2d45983597a0c22359"
        },
        {
          "url": "https://git.kernel.org/stable/c/d2a4894f238551eae178904e7f45af87577074fd"
        },
        {
          "url": "https://git.kernel.org/stable/c/d62d5180c036eeac09f80660edc7a602b369125f"
        },
        {
          "url": "https://git.kernel.org/stable/c/d00d4470bf8c4282617a3a10e76b20a9c7e4cffa"
        },
        {
          "url": "https://git.kernel.org/stable/c/e48b211c4c59062cb6dd6c2c37c51a7cc235a464"
        },
        {
          "url": "https://git.kernel.org/stable/c/6a2fa13312e51a621f652d522d7e2df7066330b6"
        }
      ],
      "title": "tipc: Fix use-after-free of kernel socket in cleanup_bearer().",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56642",
    "datePublished": "2024-12-27T15:02:43.660Z",
    "dateReserved": "2024-12-27T15:00:39.839Z",
    "dateUpdated": "2025-11-03T20:51:42.786Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56759 (GCVE-0-2024-56759)

Vulnerability from cvelistv5 – Published: 2025-01-06 16:20 – Updated: 2026-01-05 10:56

Title

btrfs: fix use-after-free when COWing tree bock and tracing is enabled

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when COWing tree bock and tracing is enabled When a COWing a tree block, at btrfs_cow_block(), and we have the tracepoint trace_btrfs_cow_block() enabled and preemption is also enabled (CONFIG_PREEMPT=y), we can trigger a use-after-free in the COWed extent buffer while inside the tracepoint code. This is because in some paths that call btrfs_cow_block(), such as btrfs_search_slot(), we are holding the last reference on the extent buffer @buf so btrfs_force_cow_block() drops the last reference on the @buf extent buffer when it calls free_extent_buffer_stale(buf), which schedules the release of the extent buffer with RCU. This means that if we are on a kernel with preemption, the current task may be preempted before calling trace_btrfs_cow_block() and the extent buffer already released by the time trace_btrfs_cow_block() is called, resulting in a use-after-free. Fix this by moving the trace_btrfs_cow_block() from btrfs_cow_block() to btrfs_force_cow_block() before the COWed extent buffer is freed. This also has a side effect of invoking the tracepoint in the tree defrag code, at defrag.c:btrfs_realloc_node(), since btrfs_force_cow_block() is called there, but this is fine and it was actually missing there.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ba5120a2fb5f23b4d…
	https://git.kernel.org/stable/c/526ff5b27f090fb15…
	https://git.kernel.org/stable/c/66376f1a73cba57fd…
	https://git.kernel.org/stable/c/9a466b8693b9add05…
	https://git.kernel.org/stable/c/c3a403d8ce36f5a80…
	https://git.kernel.org/stable/c/44f52bbe96dfdbe4a…

Impacted products

Vendor

Product

Version

Linux

Affected: 3083ee2e18b701122a3b841db83448543a87a583 , < ba5120a2fb5f23b4d39d302e181aa5d4e28a90d1 (git)
Affected: 3083ee2e18b701122a3b841db83448543a87a583 , < 526ff5b27f090fb15040471f892cd2c9899ce314 (git)
Affected: 3083ee2e18b701122a3b841db83448543a87a583 , < 66376f1a73cba57fd0af2631d7888605b738e499 (git)
Affected: 3083ee2e18b701122a3b841db83448543a87a583 , < 9a466b8693b9add05de99af00c7bdff8259ecf19 (git)
Affected: 3083ee2e18b701122a3b841db83448543a87a583 , < c3a403d8ce36f5a809a492581de5ad17843e4701 (git)
Affected: 3083ee2e18b701122a3b841db83448543a87a583 , < 44f52bbe96dfdbe4aca3818a2534520082a07040 (git)

Linux

Affected: 3.4
Unaffected: 0 , < 3.4 (semver)
Unaffected: 5.10.233 , ≤ 5.10.* (semver)
Unaffected: 5.15.176 , ≤ 5.15.* (semver)
Unaffected: 6.1.124 , ≤ 6.1.* (semver)
Unaffected: 6.6.70 , ≤ 6.6.* (semver)
Unaffected: 6.12.8 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56759",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T15:41:24.236942Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T15:45:20.928Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:53:52.637Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/ctree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ba5120a2fb5f23b4d39d302e181aa5d4e28a90d1",
              "status": "affected",
              "version": "3083ee2e18b701122a3b841db83448543a87a583",
              "versionType": "git"
            },
            {
              "lessThan": "526ff5b27f090fb15040471f892cd2c9899ce314",
              "status": "affected",
              "version": "3083ee2e18b701122a3b841db83448543a87a583",
              "versionType": "git"
            },
            {
              "lessThan": "66376f1a73cba57fd0af2631d7888605b738e499",
              "status": "affected",
              "version": "3083ee2e18b701122a3b841db83448543a87a583",
              "versionType": "git"
            },
            {
              "lessThan": "9a466b8693b9add05de99af00c7bdff8259ecf19",
              "status": "affected",
              "version": "3083ee2e18b701122a3b841db83448543a87a583",
              "versionType": "git"
            },
            {
              "lessThan": "c3a403d8ce36f5a809a492581de5ad17843e4701",
              "status": "affected",
              "version": "3083ee2e18b701122a3b841db83448543a87a583",
              "versionType": "git"
            },
            {
              "lessThan": "44f52bbe96dfdbe4aca3818a2534520082a07040",
              "status": "affected",
              "version": "3083ee2e18b701122a3b841db83448543a87a583",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/ctree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.4"
            },
            {
              "lessThan": "3.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.233",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.124",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.70",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.233",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.176",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.124",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.70",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.8",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free when COWing tree bock and tracing is enabled\n\nWhen a COWing a tree block, at btrfs_cow_block(), and we have the\ntracepoint trace_btrfs_cow_block() enabled and preemption is also enabled\n(CONFIG_PREEMPT=y), we can trigger a use-after-free in the COWed extent\nbuffer while inside the tracepoint code. This is because in some paths\nthat call btrfs_cow_block(), such as btrfs_search_slot(), we are holding\nthe last reference on the extent buffer @buf so btrfs_force_cow_block()\ndrops the last reference on the @buf extent buffer when it calls\nfree_extent_buffer_stale(buf), which schedules the release of the extent\nbuffer with RCU. This means that if we are on a kernel with preemption,\nthe current task may be preempted before calling trace_btrfs_cow_block()\nand the extent buffer already released by the time trace_btrfs_cow_block()\nis called, resulting in a use-after-free.\n\nFix this by moving the trace_btrfs_cow_block() from btrfs_cow_block() to\nbtrfs_force_cow_block() before the COWed extent buffer is freed.\nThis also has a side effect of invoking the tracepoint in the tree defrag\ncode, at defrag.c:btrfs_realloc_node(), since btrfs_force_cow_block() is\ncalled there, but this is fine and it was actually missing there."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:56:17.233Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ba5120a2fb5f23b4d39d302e181aa5d4e28a90d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/526ff5b27f090fb15040471f892cd2c9899ce314"
        },
        {
          "url": "https://git.kernel.org/stable/c/66376f1a73cba57fd0af2631d7888605b738e499"
        },
        {
          "url": "https://git.kernel.org/stable/c/9a466b8693b9add05de99af00c7bdff8259ecf19"
        },
        {
          "url": "https://git.kernel.org/stable/c/c3a403d8ce36f5a809a492581de5ad17843e4701"
        },
        {
          "url": "https://git.kernel.org/stable/c/44f52bbe96dfdbe4aca3818a2534520082a07040"
        }
      ],
      "title": "btrfs: fix use-after-free when COWing tree bock and tracing is enabled",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56759",
    "datePublished": "2025-01-06T16:20:39.668Z",
    "dateReserved": "2024-12-29T11:26:39.761Z",
    "dateUpdated": "2026-01-05T10:56:17.233Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-57910 (GCVE-0-2024-57910)

Vulnerability from cvelistv5 – Published: 2025-01-19 11:52 – Updated: 2025-11-03 20:55

Title

iio: light: vcnl4035: fix information leak in triggered buffer

Summary

In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The 'buffer' local array is used to push data to userspace from a triggered buffer, but it does not set an initial value for the single data element, which is an u16 aligned to 8 bytes. That leaves at least 4 bytes uninitialized even after writing an integer value with regmap_read(). Initialize the array to zero before using it to avoid pushing uninitialized information to userspace.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-908 - Use of Uninitialized Resource

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/13e56229fc81051a4…
	https://git.kernel.org/stable/c/b0e9c11c762e42867…
	https://git.kernel.org/stable/c/cb488706cdec0d6d1…
	https://git.kernel.org/stable/c/47d245be86492974d…
	https://git.kernel.org/stable/c/a15ea87d4337479c9…
	https://git.kernel.org/stable/c/f6fb1c59776b42636…
	https://git.kernel.org/stable/c/47b43e53c0a0edf55…

Impacted products

Vendor

Product

Version

Linux

Affected: da8ef748fec2d55db0ae424ab40eee0c737564aa , < 13e56229fc81051a42731046e200493c4a7c28ff (git)
Affected: 49739675048d372946c1ef136c466d5675eba9f0 , < b0e9c11c762e4286732d80e66c08c2cb3157b06b (git)
Affected: ec90b52c07c0403a6db60d752484ec08d605ead0 , < cb488706cdec0d6d13f2895bcdf0c32b283a7cc7 (git)
Affected: ec90b52c07c0403a6db60d752484ec08d605ead0 , < 47d245be86492974db3aeb048609542167f56518 (git)
Affected: ec90b52c07c0403a6db60d752484ec08d605ead0 , < a15ea87d4337479c9446b5d71616f4668337afed (git)
Affected: ec90b52c07c0403a6db60d752484ec08d605ead0 , < f6fb1c59776b4263634c472a5be8204c906ffc2c (git)
Affected: ec90b52c07c0403a6db60d752484ec08d605ead0 , < 47b43e53c0a0edf5578d5d12f5fc71c019649279 (git)
Affected: d69f0d132563a63688efb0afb4dfeaa74a217306 (git)
Affected: 4637815d7922c4bce3bacb13dd1fb5e9a7d167d8 (git)

Linux

Affected: 5.14
Unaffected: 0 , < 5.14 (semver)
Unaffected: 5.4.290 , ≤ 5.4.* (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.125 , ≤ 6.1.* (semver)
Unaffected: 6.6.72 , ≤ 6.6.* (semver)
Unaffected: 6.12.10 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-57910",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:53:29.860211Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-908",
                "description": "CWE-908 Use of Uninitialized Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:16.077Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:55:39.753Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/iio/light/vcnl4035.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "13e56229fc81051a42731046e200493c4a7c28ff",
              "status": "affected",
              "version": "da8ef748fec2d55db0ae424ab40eee0c737564aa",
              "versionType": "git"
            },
            {
              "lessThan": "b0e9c11c762e4286732d80e66c08c2cb3157b06b",
              "status": "affected",
              "version": "49739675048d372946c1ef136c466d5675eba9f0",
              "versionType": "git"
            },
            {
              "lessThan": "cb488706cdec0d6d13f2895bcdf0c32b283a7cc7",
              "status": "affected",
              "version": "ec90b52c07c0403a6db60d752484ec08d605ead0",
              "versionType": "git"
            },
            {
              "lessThan": "47d245be86492974db3aeb048609542167f56518",
              "status": "affected",
              "version": "ec90b52c07c0403a6db60d752484ec08d605ead0",
              "versionType": "git"
            },
            {
              "lessThan": "a15ea87d4337479c9446b5d71616f4668337afed",
              "status": "affected",
              "version": "ec90b52c07c0403a6db60d752484ec08d605ead0",
              "versionType": "git"
            },
            {
              "lessThan": "f6fb1c59776b4263634c472a5be8204c906ffc2c",
              "status": "affected",
              "version": "ec90b52c07c0403a6db60d752484ec08d605ead0",
              "versionType": "git"
            },
            {
              "lessThan": "47b43e53c0a0edf5578d5d12f5fc71c019649279",
              "status": "affected",
              "version": "ec90b52c07c0403a6db60d752484ec08d605ead0",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d69f0d132563a63688efb0afb4dfeaa74a217306",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "4637815d7922c4bce3bacb13dd1fb5e9a7d167d8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/iio/light/vcnl4035.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.290",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.125",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.72",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.290",
                  "versionStartIncluding": "5.4.132",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "5.10.50",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.125",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.72",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.10",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.12.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.13.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: vcnl4035: fix information leak in triggered buffer\n\nThe \u0027buffer\u0027 local array is used to push data to userspace from a\ntriggered buffer, but it does not set an initial value for the single\ndata element, which is an u16 aligned to 8 bytes. That leaves at least\n4 bytes uninitialized even after writing an integer value with\nregmap_read().\n\nInitialize the array to zero before using it to avoid pushing\nuninitialized information to userspace."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T13:01:40.485Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/13e56229fc81051a42731046e200493c4a7c28ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/b0e9c11c762e4286732d80e66c08c2cb3157b06b"
        },
        {
          "url": "https://git.kernel.org/stable/c/cb488706cdec0d6d13f2895bcdf0c32b283a7cc7"
        },
        {
          "url": "https://git.kernel.org/stable/c/47d245be86492974db3aeb048609542167f56518"
        },
        {
          "url": "https://git.kernel.org/stable/c/a15ea87d4337479c9446b5d71616f4668337afed"
        },
        {
          "url": "https://git.kernel.org/stable/c/f6fb1c59776b4263634c472a5be8204c906ffc2c"
        },
        {
          "url": "https://git.kernel.org/stable/c/47b43e53c0a0edf5578d5d12f5fc71c019649279"
        }
      ],
      "title": "iio: light: vcnl4035: fix information leak in triggered buffer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57910",
    "datePublished": "2025-01-19T11:52:33.140Z",
    "dateReserved": "2025-01-19T11:50:08.373Z",
    "dateUpdated": "2025-11-03T20:55:39.753Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56539 (GCVE-0-2024-56539)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:11 – Updated: 2025-11-03 20:49

Title

wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Replace one-element array with a flexible-array member in `struct mwifiex_ie_types_wildcard_ssid_params` to fix the following warning on a MT8173 Chromebook (mt8173-elm-hana): [ 356.775250] ------------[ cut here ]------------ [ 356.784543] memcpy: detected field-spanning write (size 6) of single field "wildcard_ssid_tlv->ssid" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1) [ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex] The "(size 6)" above is exactly the length of the SSID of the network this device was connected to. The source of the warning looks like: ssid_len = user_scan_in->ssid_list[i].ssid_len; [...] memcpy(wildcard_ssid_tlv->ssid, user_scan_in->ssid_list[i].ssid, ssid_len); There is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this struct, but it already didn't account for the size of the one-element array, so it doesn't need to be changed.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a09760c513ae0f98c…
	https://git.kernel.org/stable/c/1de0ca1d7320a645b…
	https://git.kernel.org/stable/c/5fa329c44e1e635da…
	https://git.kernel.org/stable/c/581261b2d6fdb4237…
	https://git.kernel.org/stable/c/b466746cfb6be43f9…
	https://git.kernel.org/stable/c/c4698ef8c42e02782…
	https://git.kernel.org/stable/c/e2de22e4b6213371d…
	https://git.kernel.org/stable/c/d7774910c5583e61c…
	https://git.kernel.org/stable/c/d241a139c2e9f8a47…

Impacted products

Vendor

Product

Version

Linux

Affected: 5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e , < a09760c513ae0f98c7082a1deace7fb6284ee866 (git)
Affected: 5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e , < 1de0ca1d7320a645ba2ee5954f64be08935b002a (git)
Affected: 5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e , < 5fa329c44e1e635da2541eab28b6cdb8464fc8d1 (git)
Affected: 5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e , < 581261b2d6fdb4237b24fa13f5a5f87bf2861f2c (git)
Affected: 5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e , < b466746cfb6be43f9a1457bbee52ade397fb23ea (git)
Affected: 5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e , < c4698ef8c42e02782604bf4f8a489dbf6b0c1365 (git)
Affected: 5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e , < e2de22e4b6213371d9e76f74a10ce817572a8d74 (git)
Affected: 5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e , < d7774910c5583e61c5fe2571280366624ef48036 (git)
Affected: 5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e , < d241a139c2e9f8a479f25c75ebd5391e6a448500 (git)

Linux

Affected: 3.0
Unaffected: 0 , < 3.0 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:49:19.347Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/marvell/mwifiex/fw.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a09760c513ae0f98c7082a1deace7fb6284ee866",
              "status": "affected",
              "version": "5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e",
              "versionType": "git"
            },
            {
              "lessThan": "1de0ca1d7320a645ba2ee5954f64be08935b002a",
              "status": "affected",
              "version": "5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e",
              "versionType": "git"
            },
            {
              "lessThan": "5fa329c44e1e635da2541eab28b6cdb8464fc8d1",
              "status": "affected",
              "version": "5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e",
              "versionType": "git"
            },
            {
              "lessThan": "581261b2d6fdb4237b24fa13f5a5f87bf2861f2c",
              "status": "affected",
              "version": "5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e",
              "versionType": "git"
            },
            {
              "lessThan": "b466746cfb6be43f9a1457bbee52ade397fb23ea",
              "status": "affected",
              "version": "5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e",
              "versionType": "git"
            },
            {
              "lessThan": "c4698ef8c42e02782604bf4f8a489dbf6b0c1365",
              "status": "affected",
              "version": "5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e",
              "versionType": "git"
            },
            {
              "lessThan": "e2de22e4b6213371d9e76f74a10ce817572a8d74",
              "status": "affected",
              "version": "5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e",
              "versionType": "git"
            },
            {
              "lessThan": "d7774910c5583e61c5fe2571280366624ef48036",
              "status": "affected",
              "version": "5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e",
              "versionType": "git"
            },
            {
              "lessThan": "d241a139c2e9f8a479f25c75ebd5391e6a448500",
              "status": "affected",
              "version": "5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/marvell/mwifiex/fw.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "lessThan": "3.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[  356.775250] ------------[ cut here ]------------\n[  356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv-\u003essid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[  356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n    ssid_len = user_scan_in-\u003essid_list[i].ssid_len;\n    [...]\n    memcpy(wildcard_ssid_tlv-\u003essid,\n           user_scan_in-\u003essid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn\u0027t account for the size of the one-element\narray, so it doesn\u0027t need to be changed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:57:43.419Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a09760c513ae0f98c7082a1deace7fb6284ee866"
        },
        {
          "url": "https://git.kernel.org/stable/c/1de0ca1d7320a645ba2ee5954f64be08935b002a"
        },
        {
          "url": "https://git.kernel.org/stable/c/5fa329c44e1e635da2541eab28b6cdb8464fc8d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/581261b2d6fdb4237b24fa13f5a5f87bf2861f2c"
        },
        {
          "url": "https://git.kernel.org/stable/c/b466746cfb6be43f9a1457bbee52ade397fb23ea"
        },
        {
          "url": "https://git.kernel.org/stable/c/c4698ef8c42e02782604bf4f8a489dbf6b0c1365"
        },
        {
          "url": "https://git.kernel.org/stable/c/e2de22e4b6213371d9e76f74a10ce817572a8d74"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7774910c5583e61c5fe2571280366624ef48036"
        },
        {
          "url": "https://git.kernel.org/stable/c/d241a139c2e9f8a479f25c75ebd5391e6a448500"
        }
      ],
      "title": "wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56539",
    "datePublished": "2024-12-27T14:11:21.487Z",
    "dateReserved": "2024-12-27T14:03:05.987Z",
    "dateUpdated": "2025-11-03T20:49:19.347Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-57948 (GCVE-0-2024-57948)

Vulnerability from cvelistv5 – Published: 2025-01-31 11:25 – Updated: 2026-01-05 10:56

Title

mac802154: check local interfaces before deleting sdata list

Summary

In the Linux kernel, the following vulnerability has been resolved: mac802154: check local interfaces before deleting sdata list syzkaller reported a corrupted list in ieee802154_if_remove. [1] Remove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4 hardware device from the system. CPU0 CPU1 ==== ==== genl_family_rcv_msg_doit ieee802154_unregister_hw ieee802154_del_iface ieee802154_remove_interfaces rdev_del_virtual_intf_deprecated list_del(&sdata->list) ieee802154_if_remove list_del_rcu The net device has been unregistered, since the rcu grace period, unregistration must be run before ieee802154_if_remove. To avoid this issue, add a check for local->interfaces before deleting sdata list. [1] kernel BUG at lib/list_debug.c:58! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56 Code: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 <0f> 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7 RSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246 RAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00 RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 RBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d R10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000 R13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0 FS: 0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __list_del_entry_valid include/linux/list.h:124 [inline] __list_del_entry include/linux/list.h:215 [inline] list_del_rcu include/linux/rculist.h:157 [inline] ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687 rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline] ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323 genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline] genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline] netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357 netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:729 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:744 ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607 ___sys_sendmsg net/socket.c:2661 [inline] __sys_sendmsg+0x292/0x380 net/socket.c:2690 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0d11dc30edfc4acef…
	https://git.kernel.org/stable/c/98ea165a2ac240345…
	https://git.kernel.org/stable/c/80aee0bc0dbe253b6…
	https://git.kernel.org/stable/c/41e4ca8acba39f1ce…
	https://git.kernel.org/stable/c/2e41e98c4e79edae3…
	https://git.kernel.org/stable/c/b856d2c1384bc5a74…
	https://git.kernel.org/stable/c/eb09fbeb48709fe66…

Impacted products

Vendor

Product

Version

Linux

Affected: 62610ad21870a8cf842d4a48f07c3a964e1d2622 , < 0d11dc30edfc4acef0acef130bb5ca596317190a (git)
Affected: 62610ad21870a8cf842d4a48f07c3a964e1d2622 , < 98ea165a2ac240345c48b57c0a3d08bbcad02929 (git)
Affected: 62610ad21870a8cf842d4a48f07c3a964e1d2622 , < 80aee0bc0dbe253b6692d33e64455dc742fc52f1 (git)
Affected: 62610ad21870a8cf842d4a48f07c3a964e1d2622 , < 41e4ca8acba39f1cecff2dfdf14ace4ee52c4272 (git)
Affected: 62610ad21870a8cf842d4a48f07c3a964e1d2622 , < 2e41e98c4e79edae338f2662dbdf74ac2245d183 (git)
Affected: 62610ad21870a8cf842d4a48f07c3a964e1d2622 , < b856d2c1384bc5a7456262afd21aa439ee5cdf6e (git)
Affected: 62610ad21870a8cf842d4a48f07c3a964e1d2622 , < eb09fbeb48709fe66c0d708aed81e910a577a30a (git)

Linux

Affected: 3.5
Unaffected: 0 , < 3.5 (semver)
Unaffected: 5.4.290 , ≤ 5.4.* (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.127 , ≤ 6.1.* (semver)
Unaffected: 6.6.74 , ≤ 6.6.* (semver)
Unaffected: 6.12.11 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:56:15.610Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/mac802154/iface.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0d11dc30edfc4acef0acef130bb5ca596317190a",
              "status": "affected",
              "version": "62610ad21870a8cf842d4a48f07c3a964e1d2622",
              "versionType": "git"
            },
            {
              "lessThan": "98ea165a2ac240345c48b57c0a3d08bbcad02929",
              "status": "affected",
              "version": "62610ad21870a8cf842d4a48f07c3a964e1d2622",
              "versionType": "git"
            },
            {
              "lessThan": "80aee0bc0dbe253b6692d33e64455dc742fc52f1",
              "status": "affected",
              "version": "62610ad21870a8cf842d4a48f07c3a964e1d2622",
              "versionType": "git"
            },
            {
              "lessThan": "41e4ca8acba39f1cecff2dfdf14ace4ee52c4272",
              "status": "affected",
              "version": "62610ad21870a8cf842d4a48f07c3a964e1d2622",
              "versionType": "git"
            },
            {
              "lessThan": "2e41e98c4e79edae338f2662dbdf74ac2245d183",
              "status": "affected",
              "version": "62610ad21870a8cf842d4a48f07c3a964e1d2622",
              "versionType": "git"
            },
            {
              "lessThan": "b856d2c1384bc5a7456262afd21aa439ee5cdf6e",
              "status": "affected",
              "version": "62610ad21870a8cf842d4a48f07c3a964e1d2622",
              "versionType": "git"
            },
            {
              "lessThan": "eb09fbeb48709fe66c0d708aed81e910a577a30a",
              "status": "affected",
              "version": "62610ad21870a8cf842d4a48f07c3a964e1d2622",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/mac802154/iface.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.5"
            },
            {
              "lessThan": "3.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.290",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.127",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.74",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.290",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.127",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.74",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.11",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: check local interfaces before deleting sdata list\n\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\n\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\nhardware device from the system.\n\nCPU0\t\t\t\t\tCPU1\n====\t\t\t\t\t====\ngenl_family_rcv_msg_doit\t\tieee802154_unregister_hw\nieee802154_del_iface\t\t\tieee802154_remove_interfaces\nrdev_del_virtual_intf_deprecated\tlist_del(\u0026sdata-\u003elist)\nieee802154_if_remove\nlist_del_rcu\n\nThe net device has been unregistered, since the rcu grace period,\nunregistration must be run before ieee802154_if_remove.\n\nTo avoid this issue, add a check for local-\u003einterfaces before deleting\nsdata list.\n\n[1]\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56\nCode: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 \u003c0f\u003e 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7\nRSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246\nRAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d\nR10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000\nR13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0\nFS:  0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __list_del_entry_valid include/linux/list.h:124 [inline]\n __list_del_entry include/linux/list.h:215 [inline]\n list_del_rcu include/linux/rculist.h:157 [inline]\n ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687\n rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline]\n ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:744\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607\n ___sys_sendmsg net/socket.c:2661 [inline]\n __sys_sendmsg+0x292/0x380 net/socket.c:2690\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:56:42.731Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0d11dc30edfc4acef0acef130bb5ca596317190a"
        },
        {
          "url": "https://git.kernel.org/stable/c/98ea165a2ac240345c48b57c0a3d08bbcad02929"
        },
        {
          "url": "https://git.kernel.org/stable/c/80aee0bc0dbe253b6692d33e64455dc742fc52f1"
        },
        {
          "url": "https://git.kernel.org/stable/c/41e4ca8acba39f1cecff2dfdf14ace4ee52c4272"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e41e98c4e79edae338f2662dbdf74ac2245d183"
        },
        {
          "url": "https://git.kernel.org/stable/c/b856d2c1384bc5a7456262afd21aa439ee5cdf6e"
        },
        {
          "url": "https://git.kernel.org/stable/c/eb09fbeb48709fe66c0d708aed81e910a577a30a"
        }
      ],
      "title": "mac802154: check local interfaces before deleting sdata list",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57948",
    "datePublished": "2025-01-31T11:25:29.762Z",
    "dateReserved": "2025-01-19T11:50:08.380Z",
    "dateUpdated": "2026-01-05T10:56:42.731Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53227 (GCVE-0-2024-53227)

Vulnerability from cvelistv5 – Published: 2024-12-27 13:50 – Updated: 2025-11-03 20:47

Title

scsi: bfa: Fix use-after-free in bfad_im_module_exit()

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Fix use-after-free in bfad_im_module_exit() BUG: KASAN: slab-use-after-free in __lock_acquire+0x2aca/0x3a20 Read of size 8 at addr ffff8881082d80c8 by task modprobe/25303 Call Trace: <TASK> dump_stack_lvl+0x95/0xe0 print_report+0xcb/0x620 kasan_report+0xbd/0xf0 __lock_acquire+0x2aca/0x3a20 lock_acquire+0x19b/0x520 _raw_spin_lock+0x2b/0x40 attribute_container_unregister+0x30/0x160 fc_release_transport+0x19/0x90 [scsi_transport_fc] bfad_im_module_exit+0x23/0x60 [bfa] bfad_init+0xdb/0xff0 [bfa] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f </TASK> Allocated by task 25303: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x7f/0x90 fc_attach_transport+0x4f/0x4740 [scsi_transport_fc] bfad_im_module_init+0x17/0x80 [bfa] bfad_init+0x23/0xff0 [bfa] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 25303: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x38/0x50 kfree+0x212/0x480 bfad_im_module_init+0x7e/0x80 [bfa] bfad_init+0x23/0xff0 [bfa] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Above issue happens as follows: bfad_init error = bfad_im_module_init() fc_release_transport(bfad_im_scsi_transport_template); if (error) goto ext; ext: bfad_im_module_exit(); fc_release_transport(bfad_im_scsi_transport_template); --> Trigger double release Don't call bfad_im_module_exit() if bfad_im_module_init() failed.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0ceac8012d3ddea33…
	https://git.kernel.org/stable/c/3932c753f805a02e9…
	https://git.kernel.org/stable/c/ef2c2580189ea88a0…
	https://git.kernel.org/stable/c/e76181a5be90abcc3…
	https://git.kernel.org/stable/c/8f5a97443b547b4c8…
	https://git.kernel.org/stable/c/c28409f851abd93b3…
	https://git.kernel.org/stable/c/1ffdde30a90bf8efe…
	https://git.kernel.org/stable/c/a2b5035ab0e368e8d…
	https://git.kernel.org/stable/c/178b8f38932d635e9…

Impacted products

Vendor

Product

Version

Linux

Affected: 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e , < 0ceac8012d3ddea3317f0d82934293d05feb8af1 (git)
Affected: 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e , < 3932c753f805a02e9364a4c58b590f21901f8490 (git)
Affected: 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e , < ef2c2580189ea88a0dcaf56eb3a565763a900edb (git)
Affected: 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e , < e76181a5be90abcc3ed8a300bd13878aa214d022 (git)
Affected: 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e , < 8f5a97443b547b4c83f876f1d6a11df0f1fd4efb (git)
Affected: 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e , < c28409f851abd93b37969cac7498828ad533afd9 (git)
Affected: 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e , < 1ffdde30a90bf8efe8f270407f486706962b3292 (git)
Affected: 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e , < a2b5035ab0e368e8d8a371e27fbc72f133c0bd40 (git)
Affected: 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e , < 178b8f38932d635e90f5f0e9af1986c6f4a89271 (git)

Linux

Affected: 2.6.32
Unaffected: 0 , < 2.6.32 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-53227",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T15:43:06.746226Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T15:45:25.837Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:47:54.103Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/bfa/bfad.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0ceac8012d3ddea3317f0d82934293d05feb8af1",
              "status": "affected",
              "version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e",
              "versionType": "git"
            },
            {
              "lessThan": "3932c753f805a02e9364a4c58b590f21901f8490",
              "status": "affected",
              "version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e",
              "versionType": "git"
            },
            {
              "lessThan": "ef2c2580189ea88a0dcaf56eb3a565763a900edb",
              "status": "affected",
              "version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e",
              "versionType": "git"
            },
            {
              "lessThan": "e76181a5be90abcc3ed8a300bd13878aa214d022",
              "status": "affected",
              "version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e",
              "versionType": "git"
            },
            {
              "lessThan": "8f5a97443b547b4c83f876f1d6a11df0f1fd4efb",
              "status": "affected",
              "version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e",
              "versionType": "git"
            },
            {
              "lessThan": "c28409f851abd93b37969cac7498828ad533afd9",
              "status": "affected",
              "version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e",
              "versionType": "git"
            },
            {
              "lessThan": "1ffdde30a90bf8efe8f270407f486706962b3292",
              "status": "affected",
              "version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e",
              "versionType": "git"
            },
            {
              "lessThan": "a2b5035ab0e368e8d8a371e27fbc72f133c0bd40",
              "status": "affected",
              "version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e",
              "versionType": "git"
            },
            {
              "lessThan": "178b8f38932d635e90f5f0e9af1986c6f4a89271",
              "status": "affected",
              "version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/bfa/bfad.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.32"
            },
            {
              "lessThan": "2.6.32",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Fix use-after-free in bfad_im_module_exit()\n\nBUG: KASAN: slab-use-after-free in __lock_acquire+0x2aca/0x3a20\nRead of size 8 at addr ffff8881082d80c8 by task modprobe/25303\n\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x95/0xe0\n print_report+0xcb/0x620\n kasan_report+0xbd/0xf0\n __lock_acquire+0x2aca/0x3a20\n lock_acquire+0x19b/0x520\n _raw_spin_lock+0x2b/0x40\n attribute_container_unregister+0x30/0x160\n fc_release_transport+0x19/0x90 [scsi_transport_fc]\n bfad_im_module_exit+0x23/0x60 [bfa]\n bfad_init+0xdb/0xff0 [bfa]\n do_one_initcall+0xdc/0x550\n do_init_module+0x22d/0x6b0\n load_module+0x4e96/0x5ff0\n init_module_from_file+0xcd/0x130\n idempotent_init_module+0x330/0x620\n __x64_sys_finit_module+0xb3/0x110\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nAllocated by task 25303:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n fc_attach_transport+0x4f/0x4740 [scsi_transport_fc]\n bfad_im_module_init+0x17/0x80 [bfa]\n bfad_init+0x23/0xff0 [bfa]\n do_one_initcall+0xdc/0x550\n do_init_module+0x22d/0x6b0\n load_module+0x4e96/0x5ff0\n init_module_from_file+0xcd/0x130\n idempotent_init_module+0x330/0x620\n __x64_sys_finit_module+0xb3/0x110\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 25303:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x38/0x50\n kfree+0x212/0x480\n bfad_im_module_init+0x7e/0x80 [bfa]\n bfad_init+0x23/0xff0 [bfa]\n do_one_initcall+0xdc/0x550\n do_init_module+0x22d/0x6b0\n load_module+0x4e96/0x5ff0\n init_module_from_file+0xcd/0x130\n idempotent_init_module+0x330/0x620\n __x64_sys_finit_module+0xb3/0x110\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nAbove issue happens as follows:\n\nbfad_init\n  error = bfad_im_module_init()\n    fc_release_transport(bfad_im_scsi_transport_template);\n  if (error)\n    goto ext;\n\next:\n  bfad_im_module_exit();\n    fc_release_transport(bfad_im_scsi_transport_template);\n    --\u003e Trigger double release\n\nDon\u0027t call bfad_im_module_exit() if bfad_im_module_init() failed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:56:26.643Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0ceac8012d3ddea3317f0d82934293d05feb8af1"
        },
        {
          "url": "https://git.kernel.org/stable/c/3932c753f805a02e9364a4c58b590f21901f8490"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef2c2580189ea88a0dcaf56eb3a565763a900edb"
        },
        {
          "url": "https://git.kernel.org/stable/c/e76181a5be90abcc3ed8a300bd13878aa214d022"
        },
        {
          "url": "https://git.kernel.org/stable/c/8f5a97443b547b4c83f876f1d6a11df0f1fd4efb"
        },
        {
          "url": "https://git.kernel.org/stable/c/c28409f851abd93b37969cac7498828ad533afd9"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ffdde30a90bf8efe8f270407f486706962b3292"
        },
        {
          "url": "https://git.kernel.org/stable/c/a2b5035ab0e368e8d8a371e27fbc72f133c0bd40"
        },
        {
          "url": "https://git.kernel.org/stable/c/178b8f38932d635e90f5f0e9af1986c6f4a89271"
        }
      ],
      "title": "scsi: bfa: Fix use-after-free in bfad_im_module_exit()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53227",
    "datePublished": "2024-12-27T13:50:16.175Z",
    "dateReserved": "2024-11-19T17:17:25.025Z",
    "dateUpdated": "2025-11-03T20:47:54.103Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21638 (GCVE-0-2025-21638)

Vulnerability from cvelistv5 – Published: 2025-01-19 10:17 – Updated: 2025-11-03 20:58

Title

sctp: sysctl: auth_enable: avoid using current->nsproxy

Summary

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: auth_enable: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The 'net' structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, but that would increase the size of this fix, while 'sctp.ctl_sock' still needs to be retrieved from 'net' structure.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/cf387cdebfaebae22…
	https://git.kernel.org/stable/c/dc583e7e5f8515ca4…
	https://git.kernel.org/stable/c/bd2a2939423566c65…
	https://git.kernel.org/stable/c/1b67030d39f2b00f9…
	https://git.kernel.org/stable/c/7ec30c54f339c640a…
	https://git.kernel.org/stable/c/c184bc621e3cef03a…
	https://git.kernel.org/stable/c/15649fd5415eda664…

Impacted products

Vendor

Product

Version

Linux

Affected: b14878ccb7fac0242db82720b784ab62c467c0dc , < cf387cdebfaebae228dfba162f94c567a67610c3 (git)
Affected: b14878ccb7fac0242db82720b784ab62c467c0dc , < dc583e7e5f8515ca489c0df28e4362a70eade382 (git)
Affected: b14878ccb7fac0242db82720b784ab62c467c0dc , < bd2a2939423566c654545fa3e96a656662a0af9e (git)
Affected: b14878ccb7fac0242db82720b784ab62c467c0dc , < 1b67030d39f2b00f94ac1f0af11ba6657589e4d3 (git)
Affected: b14878ccb7fac0242db82720b784ab62c467c0dc , < 7ec30c54f339c640aa7e49d7e9f7bbed6bd42bf6 (git)
Affected: b14878ccb7fac0242db82720b784ab62c467c0dc , < c184bc621e3cef03ac9ba81a50dda2dae6a21d36 (git)
Affected: b14878ccb7fac0242db82720b784ab62c467c0dc , < 15649fd5415eda664ef35780c2013adeb5d9c695 (git)
Affected: e5eae4a0511241959498b180fa0df0d4f1b11b9c (git)
Affected: 88830f227a1f96e44d82ddfcb0cc81d517ec6dd8 (git)
Affected: 3938b0336a93fa5faa242dc9e5823ac69df9e066 (git)

Linux

Affected: 3.15
Unaffected: 0 , < 3.15 (semver)
Unaffected: 5.4.292 , ≤ 5.4.* (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.125 , ≤ 6.1.* (semver)
Unaffected: 6.6.72 , ≤ 6.6.* (semver)
Unaffected: 6.12.10 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:58:17.877Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sctp/sysctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cf387cdebfaebae228dfba162f94c567a67610c3",
              "status": "affected",
              "version": "b14878ccb7fac0242db82720b784ab62c467c0dc",
              "versionType": "git"
            },
            {
              "lessThan": "dc583e7e5f8515ca489c0df28e4362a70eade382",
              "status": "affected",
              "version": "b14878ccb7fac0242db82720b784ab62c467c0dc",
              "versionType": "git"
            },
            {
              "lessThan": "bd2a2939423566c654545fa3e96a656662a0af9e",
              "status": "affected",
              "version": "b14878ccb7fac0242db82720b784ab62c467c0dc",
              "versionType": "git"
            },
            {
              "lessThan": "1b67030d39f2b00f94ac1f0af11ba6657589e4d3",
              "status": "affected",
              "version": "b14878ccb7fac0242db82720b784ab62c467c0dc",
              "versionType": "git"
            },
            {
              "lessThan": "7ec30c54f339c640aa7e49d7e9f7bbed6bd42bf6",
              "status": "affected",
              "version": "b14878ccb7fac0242db82720b784ab62c467c0dc",
              "versionType": "git"
            },
            {
              "lessThan": "c184bc621e3cef03ac9ba81a50dda2dae6a21d36",
              "status": "affected",
              "version": "b14878ccb7fac0242db82720b784ab62c467c0dc",
              "versionType": "git"
            },
            {
              "lessThan": "15649fd5415eda664ef35780c2013adeb5d9c695",
              "status": "affected",
              "version": "b14878ccb7fac0242db82720b784ab62c467c0dc",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "e5eae4a0511241959498b180fa0df0d4f1b11b9c",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "88830f227a1f96e44d82ddfcb0cc81d517ec6dd8",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "3938b0336a93fa5faa242dc9e5823ac69df9e066",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sctp/sysctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.15"
            },
            {
              "lessThan": "3.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.292",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.125",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.72",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.292",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.125",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.72",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.10",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.10.41",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.12.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.14.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n  from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n  (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n  syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T13:06:00.778Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cf387cdebfaebae228dfba162f94c567a67610c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc583e7e5f8515ca489c0df28e4362a70eade382"
        },
        {
          "url": "https://git.kernel.org/stable/c/bd2a2939423566c654545fa3e96a656662a0af9e"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b67030d39f2b00f94ac1f0af11ba6657589e4d3"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ec30c54f339c640aa7e49d7e9f7bbed6bd42bf6"
        },
        {
          "url": "https://git.kernel.org/stable/c/c184bc621e3cef03ac9ba81a50dda2dae6a21d36"
        },
        {
          "url": "https://git.kernel.org/stable/c/15649fd5415eda664ef35780c2013adeb5d9c695"
        }
      ],
      "title": "sctp: sysctl: auth_enable: avoid using current-\u003ensproxy",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21638",
    "datePublished": "2025-01-19T10:17:56.084Z",
    "dateReserved": "2024-12-29T08:45:45.727Z",
    "dateUpdated": "2025-11-03T20:58:17.877Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53120 (GCVE-0-2024-53120)

Vulnerability from cvelistv5 – Published: 2024-12-02 13:44 – Updated: 2025-11-03 22:29

Title

net/mlx5e: CT: Fix null-ptr-deref in add rule err flow

Summary

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow In error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add() callback returns error, zone_rule->attr is used uninitiated. Fix it to use attr which has the needed pointer value. Kernel log: BUG: kernel NULL pointer dereference, address: 0000000000000110 RIP: 0010:mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core] … Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x150/0x3e0 ? exc_page_fault+0x74/0x140 ? asm_exc_page_fault+0x22/0x30 ? mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core] ? mlx5_tc_ct_entry_add_rule+0x1d5/0x2f0 [mlx5_core] mlx5_tc_ct_block_flow_offload+0xc6a/0xf90 [mlx5_core] ? nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table] nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table] flow_offload_work_handler+0x142/0x320 [nf_flow_table] ? finish_task_switch.isra.0+0x15b/0x2b0 process_one_work+0x16c/0x320 worker_thread+0x28c/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xb8/0xf0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK>

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/882f392d9e3649557…
	https://git.kernel.org/stable/c/0c7c70ff8b696cfed…
	https://git.kernel.org/stable/c/06dc488a593020bd2…
	https://git.kernel.org/stable/c/6030f8bd7902e9e27…
	https://git.kernel.org/stable/c/e99c6873229fe0482…

Impacted products

Vendor

Product

Version

Linux

Affected: 7fac5c2eced36f335ee19ff316bd3182fbeda823 , < 882f392d9e3649557e71efd78ae20c86039ffb7c (git)
Affected: 7fac5c2eced36f335ee19ff316bd3182fbeda823 , < 0c7c70ff8b696cfedba350411dca736361ef9a0f (git)
Affected: 7fac5c2eced36f335ee19ff316bd3182fbeda823 , < 06dc488a593020bd2f006798557d2a32104d8359 (git)
Affected: 7fac5c2eced36f335ee19ff316bd3182fbeda823 , < 6030f8bd7902e9e276a0edc09bf11979e4e2bc2e (git)
Affected: 7fac5c2eced36f335ee19ff316bd3182fbeda823 , < e99c6873229fe0482e7ceb7d5600e32d623ed9d9 (git)

Linux

Affected: 5.14
Unaffected: 0 , < 5.14 (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.119 , ≤ 6.1.* (semver)
Unaffected: 6.6.63 , ≤ 6.6.* (semver)
Unaffected: 6.11.10 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:29:26.030Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "882f392d9e3649557e71efd78ae20c86039ffb7c",
              "status": "affected",
              "version": "7fac5c2eced36f335ee19ff316bd3182fbeda823",
              "versionType": "git"
            },
            {
              "lessThan": "0c7c70ff8b696cfedba350411dca736361ef9a0f",
              "status": "affected",
              "version": "7fac5c2eced36f335ee19ff316bd3182fbeda823",
              "versionType": "git"
            },
            {
              "lessThan": "06dc488a593020bd2f006798557d2a32104d8359",
              "status": "affected",
              "version": "7fac5c2eced36f335ee19ff316bd3182fbeda823",
              "versionType": "git"
            },
            {
              "lessThan": "6030f8bd7902e9e276a0edc09bf11979e4e2bc2e",
              "status": "affected",
              "version": "7fac5c2eced36f335ee19ff316bd3182fbeda823",
              "versionType": "git"
            },
            {
              "lessThan": "e99c6873229fe0482e7ceb7d5600e32d623ed9d9",
              "status": "affected",
              "version": "7fac5c2eced36f335ee19ff316bd3182fbeda823",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.119",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.63",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.10",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: CT: Fix null-ptr-deref in add rule err flow\n\nIn error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add()\ncallback returns error, zone_rule-\u003eattr is used uninitiated. Fix it to\nuse attr which has the needed pointer value.\n\nKernel log:\n BUG: kernel NULL pointer dereference, address: 0000000000000110\n RIP: 0010:mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core]\n\u2026\n Call Trace:\n  \u003cTASK\u003e\n  ? __die+0x20/0x70\n  ? page_fault_oops+0x150/0x3e0\n  ? exc_page_fault+0x74/0x140\n  ? asm_exc_page_fault+0x22/0x30\n  ? mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core]\n  ? mlx5_tc_ct_entry_add_rule+0x1d5/0x2f0 [mlx5_core]\n  mlx5_tc_ct_block_flow_offload+0xc6a/0xf90 [mlx5_core]\n  ? nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table]\n  nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table]\n  flow_offload_work_handler+0x142/0x320 [nf_flow_table]\n  ? finish_task_switch.isra.0+0x15b/0x2b0\n  process_one_work+0x16c/0x320\n  worker_thread+0x28c/0x3a0\n  ? __pfx_worker_thread+0x10/0x10\n  kthread+0xb8/0xf0\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork+0x2d/0x50\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork_asm+0x1a/0x30\n  \u003c/TASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:53:31.381Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/882f392d9e3649557e71efd78ae20c86039ffb7c"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c7c70ff8b696cfedba350411dca736361ef9a0f"
        },
        {
          "url": "https://git.kernel.org/stable/c/06dc488a593020bd2f006798557d2a32104d8359"
        },
        {
          "url": "https://git.kernel.org/stable/c/6030f8bd7902e9e276a0edc09bf11979e4e2bc2e"
        },
        {
          "url": "https://git.kernel.org/stable/c/e99c6873229fe0482e7ceb7d5600e32d623ed9d9"
        }
      ],
      "title": "net/mlx5e: CT: Fix null-ptr-deref in add rule err flow",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53120",
    "datePublished": "2024-12-02T13:44:51.098Z",
    "dateReserved": "2024-11-19T17:17:24.994Z",
    "dateUpdated": "2025-11-03T22:29:26.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53239 (GCVE-0-2024-53239)

Vulnerability from cvelistv5 – Published: 2024-12-27 13:50 – Updated: 2025-11-03 20:48

Title

ALSA: 6fire: Release resources at card release

Summary

In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: Release resources at card release The current 6fire code tries to release the resources right after the call of usb6fire_chip_abort(). But at this moment, the card object might be still in use (as we're calling snd_card_free_when_closed()). For avoid potential UAFs, move the release of resources to the card's private_free instead of the manual call of usb6fire_chip_destroy() at the USB disconnect callback.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/74357d0b5cd3ef544…
	https://git.kernel.org/stable/c/273eec23467dfbfbd…
	https://git.kernel.org/stable/c/f2d06d4e129e2508e…
	https://git.kernel.org/stable/c/b889a7d68d7e76b87…
	https://git.kernel.org/stable/c/ea8cc56db659cf0ae…
	https://git.kernel.org/stable/c/b754e831a94f82f25…
	https://git.kernel.org/stable/c/0df7f4b5cc10f5adf…
	https://git.kernel.org/stable/c/57860a80f03f9dc69…
	https://git.kernel.org/stable/c/a0810c3d6dd2d29a9…

Impacted products

Vendor

Product

Version

Linux

Affected: c6d43ba816d1cf1d125bfbfc938f2a28a87facf9 , < 74357d0b5cd3ef544752bc9f21cbeee4902fae6c (git)
Affected: c6d43ba816d1cf1d125bfbfc938f2a28a87facf9 , < 273eec23467dfbfbd0e4c10302579ba441fb1e13 (git)
Affected: c6d43ba816d1cf1d125bfbfc938f2a28a87facf9 , < f2d06d4e129e2508e356136f99bb20a332ff1a00 (git)
Affected: c6d43ba816d1cf1d125bfbfc938f2a28a87facf9 , < b889a7d68d7e76b8795b754a75c91a2d561d5e8c (git)
Affected: c6d43ba816d1cf1d125bfbfc938f2a28a87facf9 , < ea8cc56db659cf0ae57073e32a4735ead7bd7ee3 (git)
Affected: c6d43ba816d1cf1d125bfbfc938f2a28a87facf9 , < b754e831a94f82f2593af806741392903f359168 (git)
Affected: c6d43ba816d1cf1d125bfbfc938f2a28a87facf9 , < 0df7f4b5cc10f5adf98be0845372e9eef7bb5b09 (git)
Affected: c6d43ba816d1cf1d125bfbfc938f2a28a87facf9 , < 57860a80f03f9dc69a34a5c37b0941ad032a0a8c (git)
Affected: c6d43ba816d1cf1d125bfbfc938f2a28a87facf9 , < a0810c3d6dd2d29a9b92604d682eacd2902ce947 (git)

Linux

Affected: 2.6.39
Unaffected: 0 , < 2.6.39 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-53239",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-10T17:12:52.535037Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-10T17:21:08.762Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:48:08.091Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/usb/6fire/chip.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "74357d0b5cd3ef544752bc9f21cbeee4902fae6c",
              "status": "affected",
              "version": "c6d43ba816d1cf1d125bfbfc938f2a28a87facf9",
              "versionType": "git"
            },
            {
              "lessThan": "273eec23467dfbfbd0e4c10302579ba441fb1e13",
              "status": "affected",
              "version": "c6d43ba816d1cf1d125bfbfc938f2a28a87facf9",
              "versionType": "git"
            },
            {
              "lessThan": "f2d06d4e129e2508e356136f99bb20a332ff1a00",
              "status": "affected",
              "version": "c6d43ba816d1cf1d125bfbfc938f2a28a87facf9",
              "versionType": "git"
            },
            {
              "lessThan": "b889a7d68d7e76b8795b754a75c91a2d561d5e8c",
              "status": "affected",
              "version": "c6d43ba816d1cf1d125bfbfc938f2a28a87facf9",
              "versionType": "git"
            },
            {
              "lessThan": "ea8cc56db659cf0ae57073e32a4735ead7bd7ee3",
              "status": "affected",
              "version": "c6d43ba816d1cf1d125bfbfc938f2a28a87facf9",
              "versionType": "git"
            },
            {
              "lessThan": "b754e831a94f82f2593af806741392903f359168",
              "status": "affected",
              "version": "c6d43ba816d1cf1d125bfbfc938f2a28a87facf9",
              "versionType": "git"
            },
            {
              "lessThan": "0df7f4b5cc10f5adf98be0845372e9eef7bb5b09",
              "status": "affected",
              "version": "c6d43ba816d1cf1d125bfbfc938f2a28a87facf9",
              "versionType": "git"
            },
            {
              "lessThan": "57860a80f03f9dc69a34a5c37b0941ad032a0a8c",
              "status": "affected",
              "version": "c6d43ba816d1cf1d125bfbfc938f2a28a87facf9",
              "versionType": "git"
            },
            {
              "lessThan": "a0810c3d6dd2d29a9b92604d682eacd2902ce947",
              "status": "affected",
              "version": "c6d43ba816d1cf1d125bfbfc938f2a28a87facf9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/usb/6fire/chip.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.39"
            },
            {
              "lessThan": "2.6.39",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort().  But at this moment, the card object\nmight be still in use (as we\u0027re calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card\u0027s\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:56:45.927Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/74357d0b5cd3ef544752bc9f21cbeee4902fae6c"
        },
        {
          "url": "https://git.kernel.org/stable/c/273eec23467dfbfbd0e4c10302579ba441fb1e13"
        },
        {
          "url": "https://git.kernel.org/stable/c/f2d06d4e129e2508e356136f99bb20a332ff1a00"
        },
        {
          "url": "https://git.kernel.org/stable/c/b889a7d68d7e76b8795b754a75c91a2d561d5e8c"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea8cc56db659cf0ae57073e32a4735ead7bd7ee3"
        },
        {
          "url": "https://git.kernel.org/stable/c/b754e831a94f82f2593af806741392903f359168"
        },
        {
          "url": "https://git.kernel.org/stable/c/0df7f4b5cc10f5adf98be0845372e9eef7bb5b09"
        },
        {
          "url": "https://git.kernel.org/stable/c/57860a80f03f9dc69a34a5c37b0941ad032a0a8c"
        },
        {
          "url": "https://git.kernel.org/stable/c/a0810c3d6dd2d29a9b92604d682eacd2902ce947"
        }
      ],
      "title": "ALSA: 6fire: Release resources at card release",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53239",
    "datePublished": "2024-12-27T13:50:24.896Z",
    "dateReserved": "2024-11-19T17:17:25.026Z",
    "dateUpdated": "2025-11-03T20:48:08.091Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-50167 (GCVE-0-2024-50167)

Vulnerability from cvelistv5 – Published: 2024-11-07 09:31 – Updated: 2025-11-03 22:26

Title

be2net: fix potential memory leak in be_xmit()

Summary

In the Linux kernel, the following vulnerability has been resolved: be2net: fix potential memory leak in be_xmit() The be_xmit() returns NETDEV_TX_OK without freeing skb in case of be_xmit_enqueue() fails, add dev_kfree_skb_any() to fix it.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-401 - Missing Release of Memory after Effective Lifetime

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/941026023c2569399…
	https://git.kernel.org/stable/c/6b7ce8ee01c33c380…
	https://git.kernel.org/stable/c/77bc881d370e850b7…
	https://git.kernel.org/stable/c/919ab6e2370289a27…
	https://git.kernel.org/stable/c/4c5f170ef4f85731a…
	https://git.kernel.org/stable/c/641c1beed52bf3c6d…
	https://git.kernel.org/stable/c/e86a79b804e26e3b7…
	https://git.kernel.org/stable/c/e4dd8bfe0f6a23acd…

Impacted products

Vendor

Product

Version

Linux

Affected: 760c295e0e8d982917d004c9095cff61c0cbd803 , < 941026023c256939943a47d1c66671526befbb26 (git)
Affected: 760c295e0e8d982917d004c9095cff61c0cbd803 , < 6b7ce8ee01c33c380aaa5077ff25215492e7eb0e (git)
Affected: 760c295e0e8d982917d004c9095cff61c0cbd803 , < 77bc881d370e850b7f3cd2b5eae67d596b40efbc (git)
Affected: 760c295e0e8d982917d004c9095cff61c0cbd803 , < 919ab6e2370289a2748780f44a43333cd3878aa7 (git)
Affected: 760c295e0e8d982917d004c9095cff61c0cbd803 , < 4c5f170ef4f85731a4d43ad9a6ac51106c0946be (git)
Affected: 760c295e0e8d982917d004c9095cff61c0cbd803 , < 641c1beed52bf3c6deb0193fe4d38ec9ff75d2ae (git)
Affected: 760c295e0e8d982917d004c9095cff61c0cbd803 , < e86a79b804e26e3b7f1e415b22a085c0bb7ea3d3 (git)
Affected: 760c295e0e8d982917d004c9095cff61c0cbd803 , < e4dd8bfe0f6a23acd305f9b892c00899089bd621 (git)

Linux

Affected: 4.2
Unaffected: 0 , < 4.2 (semver)
Unaffected: 4.19.323 , ≤ 4.19.* (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.229 , ≤ 5.10.* (semver)
Unaffected: 5.15.170 , ≤ 5.15.* (semver)
Unaffected: 6.1.115 , ≤ 6.1.* (semver)
Unaffected: 6.6.59 , ≤ 6.6.* (semver)
Unaffected: 6.11.6 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-50167",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:19:54.476932Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-401",
                "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:27:11.504Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:26:22.074Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/emulex/benet/be_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "941026023c256939943a47d1c66671526befbb26",
              "status": "affected",
              "version": "760c295e0e8d982917d004c9095cff61c0cbd803",
              "versionType": "git"
            },
            {
              "lessThan": "6b7ce8ee01c33c380aaa5077ff25215492e7eb0e",
              "status": "affected",
              "version": "760c295e0e8d982917d004c9095cff61c0cbd803",
              "versionType": "git"
            },
            {
              "lessThan": "77bc881d370e850b7f3cd2b5eae67d596b40efbc",
              "status": "affected",
              "version": "760c295e0e8d982917d004c9095cff61c0cbd803",
              "versionType": "git"
            },
            {
              "lessThan": "919ab6e2370289a2748780f44a43333cd3878aa7",
              "status": "affected",
              "version": "760c295e0e8d982917d004c9095cff61c0cbd803",
              "versionType": "git"
            },
            {
              "lessThan": "4c5f170ef4f85731a4d43ad9a6ac51106c0946be",
              "status": "affected",
              "version": "760c295e0e8d982917d004c9095cff61c0cbd803",
              "versionType": "git"
            },
            {
              "lessThan": "641c1beed52bf3c6deb0193fe4d38ec9ff75d2ae",
              "status": "affected",
              "version": "760c295e0e8d982917d004c9095cff61c0cbd803",
              "versionType": "git"
            },
            {
              "lessThan": "e86a79b804e26e3b7f1e415b22a085c0bb7ea3d3",
              "status": "affected",
              "version": "760c295e0e8d982917d004c9095cff61c0cbd803",
              "versionType": "git"
            },
            {
              "lessThan": "e4dd8bfe0f6a23acd305f9b892c00899089bd621",
              "status": "affected",
              "version": "760c295e0e8d982917d004c9095cff61c0cbd803",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/emulex/benet/be_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.170",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.115",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.59",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.229",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.170",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.115",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.59",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.6",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbe2net: fix potential memory leak in be_xmit()\n\nThe be_xmit() returns NETDEV_TX_OK without freeing skb\nin case of be_xmit_enqueue() fails, add dev_kfree_skb_any() to fix it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:47:44.974Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/941026023c256939943a47d1c66671526befbb26"
        },
        {
          "url": "https://git.kernel.org/stable/c/6b7ce8ee01c33c380aaa5077ff25215492e7eb0e"
        },
        {
          "url": "https://git.kernel.org/stable/c/77bc881d370e850b7f3cd2b5eae67d596b40efbc"
        },
        {
          "url": "https://git.kernel.org/stable/c/919ab6e2370289a2748780f44a43333cd3878aa7"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c5f170ef4f85731a4d43ad9a6ac51106c0946be"
        },
        {
          "url": "https://git.kernel.org/stable/c/641c1beed52bf3c6deb0193fe4d38ec9ff75d2ae"
        },
        {
          "url": "https://git.kernel.org/stable/c/e86a79b804e26e3b7f1e415b22a085c0bb7ea3d3"
        },
        {
          "url": "https://git.kernel.org/stable/c/e4dd8bfe0f6a23acd305f9b892c00899089bd621"
        }
      ],
      "title": "be2net: fix potential memory leak in be_xmit()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50167",
    "datePublished": "2024-11-07T09:31:43.782Z",
    "dateReserved": "2024-10-21T19:36:19.962Z",
    "dateUpdated": "2025-11-03T22:26:22.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56616 (GCVE-0-2024-56616)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:51 – Updated: 2026-01-05 10:56

Title

drm/dp_mst: Fix MST sideband message body length check

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix MST sideband message body length check Fix the MST sideband message body length check, which must be at least 1 byte accounting for the message body CRC (aka message data CRC) at the end of the message. This fixes a case where an MST branch device returns a header with a correct header CRC (indicating a correctly received body length), with the body length being incorrectly set to 0. This will later lead to a memory corruption in drm_dp_sideband_append_payload() and the following errors in dmesg: UBSAN: array-index-out-of-bounds in drivers/gpu/drm/display/drm_dp_mst_topology.c:786:25 index -1 is out of range for type 'u8 [48]' Call Trace: drm_dp_sideband_append_payload+0x33d/0x350 [drm_display_helper] drm_dp_get_one_sb_msg+0x3ce/0x5f0 [drm_display_helper] drm_dp_mst_hpd_irq_handle_event+0xc8/0x1580 [drm_display_helper] memcpy: detected field-spanning write (size 18446744073709551615) of single field "&msg->msg[msg->curlen]" at drivers/gpu/drm/display/drm_dp_mst_topology.c:791 (size 256) Call Trace: drm_dp_sideband_append_payload+0x324/0x350 [drm_display_helper] drm_dp_get_one_sb_msg+0x3ce/0x5f0 [drm_display_helper] drm_dp_mst_hpd_irq_handle_event+0xc8/0x1580 [drm_display_helper]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/109f91d8b9335b0f3…
	https://git.kernel.org/stable/c/70e7166612f4e6da8…
	https://git.kernel.org/stable/c/780fa184d4dc38ad6…
	https://git.kernel.org/stable/c/c58947a8d4a500902…
	https://git.kernel.org/stable/c/1fc1f32c4a3421b9d…
	https://git.kernel.org/stable/c/bd2fccac61b40eaf0…

Impacted products

Vendor

Product

Version

Linux

Affected: ad7f8a1f9ced7f049f9b66d588723f243a7034cd , < 109f91d8b9335b0f3714ef9920eae5a8b21d56af (git)
Affected: ad7f8a1f9ced7f049f9b66d588723f243a7034cd , < 70e7166612f4e6da8d7d0305c47c465d88d037e5 (git)
Affected: ad7f8a1f9ced7f049f9b66d588723f243a7034cd , < 780fa184d4dc38ad6c4fded345ab8f9be7a63e96 (git)
Affected: ad7f8a1f9ced7f049f9b66d588723f243a7034cd , < c58947a8d4a500902597ee1dbadf0518d7ff8801 (git)
Affected: ad7f8a1f9ced7f049f9b66d588723f243a7034cd , < 1fc1f32c4a3421b9d803f18ec3ef49db2fb5d5ef (git)
Affected: ad7f8a1f9ced7f049f9b66d588723f243a7034cd , < bd2fccac61b40eaf08d9546acc9fef958bfe4763 (git)

Linux

Affected: 3.17
Unaffected: 0 , < 3.17 (semver)
Unaffected: 5.10.233 , ≤ 5.10.* (semver)
Unaffected: 5.15.176 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:51:05.388Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/display/drm_dp_mst_topology.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "109f91d8b9335b0f3714ef9920eae5a8b21d56af",
              "status": "affected",
              "version": "ad7f8a1f9ced7f049f9b66d588723f243a7034cd",
              "versionType": "git"
            },
            {
              "lessThan": "70e7166612f4e6da8d7d0305c47c465d88d037e5",
              "status": "affected",
              "version": "ad7f8a1f9ced7f049f9b66d588723f243a7034cd",
              "versionType": "git"
            },
            {
              "lessThan": "780fa184d4dc38ad6c4fded345ab8f9be7a63e96",
              "status": "affected",
              "version": "ad7f8a1f9ced7f049f9b66d588723f243a7034cd",
              "versionType": "git"
            },
            {
              "lessThan": "c58947a8d4a500902597ee1dbadf0518d7ff8801",
              "status": "affected",
              "version": "ad7f8a1f9ced7f049f9b66d588723f243a7034cd",
              "versionType": "git"
            },
            {
              "lessThan": "1fc1f32c4a3421b9d803f18ec3ef49db2fb5d5ef",
              "status": "affected",
              "version": "ad7f8a1f9ced7f049f9b66d588723f243a7034cd",
              "versionType": "git"
            },
            {
              "lessThan": "bd2fccac61b40eaf08d9546acc9fef958bfe4763",
              "status": "affected",
              "version": "ad7f8a1f9ced7f049f9b66d588723f243a7034cd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/display/drm_dp_mst_topology.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.17"
            },
            {
              "lessThan": "3.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.233",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.233",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.176",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/dp_mst: Fix MST sideband message body length check\n\nFix the MST sideband message body length check, which must be at least 1\nbyte accounting for the message body CRC (aka message data CRC) at the\nend of the message.\n\nThis fixes a case where an MST branch device returns a header with a\ncorrect header CRC (indicating a correctly received body length), with\nthe body length being incorrectly set to 0. This will later lead to a\nmemory corruption in drm_dp_sideband_append_payload() and the following\nerrors in dmesg:\n\n   UBSAN: array-index-out-of-bounds in drivers/gpu/drm/display/drm_dp_mst_topology.c:786:25\n   index -1 is out of range for type \u0027u8 [48]\u0027\n   Call Trace:\n    drm_dp_sideband_append_payload+0x33d/0x350 [drm_display_helper]\n    drm_dp_get_one_sb_msg+0x3ce/0x5f0 [drm_display_helper]\n    drm_dp_mst_hpd_irq_handle_event+0xc8/0x1580 [drm_display_helper]\n\n   memcpy: detected field-spanning write (size 18446744073709551615) of single field \"\u0026msg-\u003emsg[msg-\u003ecurlen]\" at drivers/gpu/drm/display/drm_dp_mst_topology.c:791 (size 256)\n   Call Trace:\n    drm_dp_sideband_append_payload+0x324/0x350 [drm_display_helper]\n    drm_dp_get_one_sb_msg+0x3ce/0x5f0 [drm_display_helper]\n    drm_dp_mst_hpd_irq_handle_event+0xc8/0x1580 [drm_display_helper]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:56:15.912Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/109f91d8b9335b0f3714ef9920eae5a8b21d56af"
        },
        {
          "url": "https://git.kernel.org/stable/c/70e7166612f4e6da8d7d0305c47c465d88d037e5"
        },
        {
          "url": "https://git.kernel.org/stable/c/780fa184d4dc38ad6c4fded345ab8f9be7a63e96"
        },
        {
          "url": "https://git.kernel.org/stable/c/c58947a8d4a500902597ee1dbadf0518d7ff8801"
        },
        {
          "url": "https://git.kernel.org/stable/c/1fc1f32c4a3421b9d803f18ec3ef49db2fb5d5ef"
        },
        {
          "url": "https://git.kernel.org/stable/c/bd2fccac61b40eaf08d9546acc9fef958bfe4763"
        }
      ],
      "title": "drm/dp_mst: Fix MST sideband message body length check",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56616",
    "datePublished": "2024-12-27T14:51:21.009Z",
    "dateReserved": "2024-12-27T14:03:06.014Z",
    "dateUpdated": "2026-01-05T10:56:15.912Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-57925 (GCVE-0-2024-57925)

Vulnerability from cvelistv5 – Published: 2025-01-19 11:52 – Updated: 2025-11-03 20:55

Title

ksmbd: fix a missing return value check bug

Summary

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix a missing return value check bug In the smb2_send_interim_resp(), if ksmbd_alloc_work_struct() fails to allocate a node, it returns a NULL pointer to the in_work pointer. This can lead to an illegal memory write of in_work->response_buf when allocate_interim_rsp_buf() attempts to perform a kzalloc() on it. To address this issue, incorporating a check for the return value of ksmbd_alloc_work_struct() ensures that the function returns immediately upon allocation failure, thereby preventing the aforementioned illegal memory access.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/781c743e18bfd9b7d…
	https://git.kernel.org/stable/c/ee7e40f7fb17f08a8…
	https://git.kernel.org/stable/c/271ae0edbfc942795…
	https://git.kernel.org/stable/c/2976e91a3e569cf2c…
	https://git.kernel.org/stable/c/4c16e1cadcbcaf3c8…

Impacted products

Vendor

Product

Version

Linux

Affected: 6f0207218c4c125f5bf32055ac4220b4ef3b7e67 , < 781c743e18bfd9b7dc0383f036ae952bd1486f21 (git)
Affected: f8cf1ebb7de62c7d807707ce4abb69d483629263 , < ee7e40f7fb17f08a8cbae50553e5c2e10ae32fce (git)
Affected: 041bba4414cda37d00063952c9bff9c3d5812a19 , < 271ae0edbfc942795c162e6cf20d2bc02bd7fde4 (git)
Affected: 041bba4414cda37d00063952c9bff9c3d5812a19 , < 2976e91a3e569cf2c92c9f71512c0ab1312fe965 (git)
Affected: 041bba4414cda37d00063952c9bff9c3d5812a19 , < 4c16e1cadcbcaf3c82d5fc310fbd34d0f5d0db7c (git)

Linux

Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.125 , ≤ 6.1.* (semver)
Unaffected: 6.6.72 , ≤ 6.6.* (semver)
Unaffected: 6.12.10 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-57925",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:53:03.932205Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:14.579Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:55:55.097Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/server/smb2pdu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "781c743e18bfd9b7dc0383f036ae952bd1486f21",
              "status": "affected",
              "version": "6f0207218c4c125f5bf32055ac4220b4ef3b7e67",
              "versionType": "git"
            },
            {
              "lessThan": "ee7e40f7fb17f08a8cbae50553e5c2e10ae32fce",
              "status": "affected",
              "version": "f8cf1ebb7de62c7d807707ce4abb69d483629263",
              "versionType": "git"
            },
            {
              "lessThan": "271ae0edbfc942795c162e6cf20d2bc02bd7fde4",
              "status": "affected",
              "version": "041bba4414cda37d00063952c9bff9c3d5812a19",
              "versionType": "git"
            },
            {
              "lessThan": "2976e91a3e569cf2c92c9f71512c0ab1312fe965",
              "status": "affected",
              "version": "041bba4414cda37d00063952c9bff9c3d5812a19",
              "versionType": "git"
            },
            {
              "lessThan": "4c16e1cadcbcaf3c82d5fc310fbd34d0f5d0db7c",
              "status": "affected",
              "version": "041bba4414cda37d00063952c9bff9c3d5812a19",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/server/smb2pdu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.125",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.72",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "5.15.145",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.125",
                  "versionStartIncluding": "6.1.71",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.72",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.10",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix a missing return value check bug\n\nIn the smb2_send_interim_resp(), if ksmbd_alloc_work_struct()\nfails to allocate a node, it returns a NULL pointer to the\nin_work pointer. This can lead to an illegal memory write of\nin_work-\u003eresponse_buf when allocate_interim_rsp_buf() attempts\nto perform a kzalloc() on it.\n\nTo address this issue, incorporating a check for the return\nvalue of ksmbd_alloc_work_struct() ensures that the function\nreturns immediately upon allocation failure, thereby preventing\nthe aforementioned illegal memory access."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:06:46.206Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/781c743e18bfd9b7dc0383f036ae952bd1486f21"
        },
        {
          "url": "https://git.kernel.org/stable/c/ee7e40f7fb17f08a8cbae50553e5c2e10ae32fce"
        },
        {
          "url": "https://git.kernel.org/stable/c/271ae0edbfc942795c162e6cf20d2bc02bd7fde4"
        },
        {
          "url": "https://git.kernel.org/stable/c/2976e91a3e569cf2c92c9f71512c0ab1312fe965"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c16e1cadcbcaf3c82d5fc310fbd34d0f5d0db7c"
        }
      ],
      "title": "ksmbd: fix a missing return value check bug",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57925",
    "datePublished": "2025-01-19T11:52:43.244Z",
    "dateReserved": "2025-01-19T11:50:08.376Z",
    "dateUpdated": "2025-11-03T20:55:55.097Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56369 (GCVE-0-2024-56369)

Vulnerability from cvelistv5 – Published: 2025-01-11 12:35 – Updated: 2025-11-03 20:49

Title

drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() drm_mode_vrefresh() is trying to avoid divide by zero by checking whether htotal or vtotal are zero. But we may still end up with a div-by-zero of vtotal*htotal*...

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-369 - Divide By Zero

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e7c7b48a0fc5ed83b…
	https://git.kernel.org/stable/c/69fbb01e891701e6d…
	https://git.kernel.org/stable/c/b39de5a71bac5641d…
	https://git.kernel.org/stable/c/47c8b6cf1d08f0ad4…
	https://git.kernel.org/stable/c/9398332f23fab10c5…

Impacted products

Vendor

Product

Version

Linux

Affected: 2f0e9d804935970a4ce0f58dd046b41881bfd8f3 , < e7c7b48a0fc5ed83baae400a1b15e33978c25d7f (git)
Affected: 2f0e9d804935970a4ce0f58dd046b41881bfd8f3 , < 69fbb01e891701e6d04db1ddb5ad49e42c4dd963 (git)
Affected: 2f0e9d804935970a4ce0f58dd046b41881bfd8f3 , < b39de5a71bac5641d0fda33d1cf5682d82cf1ae5 (git)
Affected: 2f0e9d804935970a4ce0f58dd046b41881bfd8f3 , < 47c8b6cf1d08f0ad40d7ea7b025442e51b35ee1f (git)
Affected: 2f0e9d804935970a4ce0f58dd046b41881bfd8f3 , < 9398332f23fab10c5ec57c168b44e72997d6318e (git)

Linux

Affected: 4.17
Unaffected: 0 , < 4.17 (semver)
Unaffected: 5.15.176 , ≤ 5.15.* (semver)
Unaffected: 6.1.122 , ≤ 6.1.* (semver)
Unaffected: 6.6.68 , ≤ 6.6.* (semver)
Unaffected: 6.12.7 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56369",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:55:17.719047Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-369",
                "description": "CWE-369 Divide By Zero",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:20.893Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:49:08.142Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/drm_modes.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e7c7b48a0fc5ed83baae400a1b15e33978c25d7f",
              "status": "affected",
              "version": "2f0e9d804935970a4ce0f58dd046b41881bfd8f3",
              "versionType": "git"
            },
            {
              "lessThan": "69fbb01e891701e6d04db1ddb5ad49e42c4dd963",
              "status": "affected",
              "version": "2f0e9d804935970a4ce0f58dd046b41881bfd8f3",
              "versionType": "git"
            },
            {
              "lessThan": "b39de5a71bac5641d0fda33d1cf5682d82cf1ae5",
              "status": "affected",
              "version": "2f0e9d804935970a4ce0f58dd046b41881bfd8f3",
              "versionType": "git"
            },
            {
              "lessThan": "47c8b6cf1d08f0ad40d7ea7b025442e51b35ee1f",
              "status": "affected",
              "version": "2f0e9d804935970a4ce0f58dd046b41881bfd8f3",
              "versionType": "git"
            },
            {
              "lessThan": "9398332f23fab10c5ec57c168b44e72997d6318e",
              "status": "affected",
              "version": "2f0e9d804935970a4ce0f58dd046b41881bfd8f3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/drm_modes.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.17"
            },
            {
              "lessThan": "4.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.122",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.68",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.176",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.122",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.68",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.7",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/modes: Avoid divide by zero harder in drm_mode_vrefresh()\n\ndrm_mode_vrefresh() is trying to avoid divide by zero\nby checking whether htotal or vtotal are zero. But we may\nstill end up with a div-by-zero of vtotal*htotal*..."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:57:22.189Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e7c7b48a0fc5ed83baae400a1b15e33978c25d7f"
        },
        {
          "url": "https://git.kernel.org/stable/c/69fbb01e891701e6d04db1ddb5ad49e42c4dd963"
        },
        {
          "url": "https://git.kernel.org/stable/c/b39de5a71bac5641d0fda33d1cf5682d82cf1ae5"
        },
        {
          "url": "https://git.kernel.org/stable/c/47c8b6cf1d08f0ad40d7ea7b025442e51b35ee1f"
        },
        {
          "url": "https://git.kernel.org/stable/c/9398332f23fab10c5ec57c168b44e72997d6318e"
        }
      ],
      "title": "drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56369",
    "datePublished": "2025-01-11T12:35:46.439Z",
    "dateReserved": "2025-01-11T12:34:02.670Z",
    "dateUpdated": "2025-11-03T20:49:08.142Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56634 (GCVE-0-2024-56634)

Vulnerability from cvelistv5 – Published: 2024-12-27 15:02 – Updated: 2025-11-03 20:51

Title

gpio: grgpio: Add NULL check in grgpio_probe

Summary

In the Linux kernel, the following vulnerability has been resolved: gpio: grgpio: Add NULL check in grgpio_probe devm_kasprintf() can return a NULL pointer on failure,but this returned value in grgpio_probe is not checked. Add NULL check in grgpio_probe, to handle kernel NULL pointer dereference error.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/53ff0caa6ad57372d…
	https://git.kernel.org/stable/c/4733f68e59bb7b9e3…
	https://git.kernel.org/stable/c/ad4dfa7ea7f5f7e9a…
	https://git.kernel.org/stable/c/09adf8792b61c09ae…
	https://git.kernel.org/stable/c/8d2ca6ac3711a4f40…
	https://git.kernel.org/stable/c/db2fc255fcf41f536…
	https://git.kernel.org/stable/c/050b23d081da0f294…

Impacted products

Vendor

Product

Version

Linux

Affected: 7eb6ce2f272336ff8337f40fa8668fa04dc2d684 , < 53ff0caa6ad57372d426b4f48fc0f66df43a731f (git)
Affected: 7eb6ce2f272336ff8337f40fa8668fa04dc2d684 , < 4733f68e59bb7b9e3d395699abb18366954b9ba7 (git)
Affected: 7eb6ce2f272336ff8337f40fa8668fa04dc2d684 , < ad4dfa7ea7f5f7e9a3c78627cfc749bc7005ca7a (git)
Affected: 7eb6ce2f272336ff8337f40fa8668fa04dc2d684 , < 09adf8792b61c09ae543972a1ece1884ef773848 (git)
Affected: 7eb6ce2f272336ff8337f40fa8668fa04dc2d684 , < 8d2ca6ac3711a4f4015d26b7cc84f325ac608edb (git)
Affected: 7eb6ce2f272336ff8337f40fa8668fa04dc2d684 , < db2fc255fcf41f536ac8666409849e11659af88d (git)
Affected: 7eb6ce2f272336ff8337f40fa8668fa04dc2d684 , < 050b23d081da0f29474de043e9538c1f7a351b3b (git)

Linux

Affected: 4.14
Unaffected: 0 , < 4.14 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56634",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:00:39.281598Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:12.022Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:51:32.959Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpio/gpio-grgpio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "53ff0caa6ad57372d426b4f48fc0f66df43a731f",
              "status": "affected",
              "version": "7eb6ce2f272336ff8337f40fa8668fa04dc2d684",
              "versionType": "git"
            },
            {
              "lessThan": "4733f68e59bb7b9e3d395699abb18366954b9ba7",
              "status": "affected",
              "version": "7eb6ce2f272336ff8337f40fa8668fa04dc2d684",
              "versionType": "git"
            },
            {
              "lessThan": "ad4dfa7ea7f5f7e9a3c78627cfc749bc7005ca7a",
              "status": "affected",
              "version": "7eb6ce2f272336ff8337f40fa8668fa04dc2d684",
              "versionType": "git"
            },
            {
              "lessThan": "09adf8792b61c09ae543972a1ece1884ef773848",
              "status": "affected",
              "version": "7eb6ce2f272336ff8337f40fa8668fa04dc2d684",
              "versionType": "git"
            },
            {
              "lessThan": "8d2ca6ac3711a4f4015d26b7cc84f325ac608edb",
              "status": "affected",
              "version": "7eb6ce2f272336ff8337f40fa8668fa04dc2d684",
              "versionType": "git"
            },
            {
              "lessThan": "db2fc255fcf41f536ac8666409849e11659af88d",
              "status": "affected",
              "version": "7eb6ce2f272336ff8337f40fa8668fa04dc2d684",
              "versionType": "git"
            },
            {
              "lessThan": "050b23d081da0f29474de043e9538c1f7a351b3b",
              "status": "affected",
              "version": "7eb6ce2f272336ff8337f40fa8668fa04dc2d684",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpio/gpio-grgpio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: grgpio: Add NULL check in grgpio_probe\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in grgpio_probe is not checked.\nAdd NULL check in grgpio_probe, to handle kernel NULL\npointer dereference error."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:00:38.405Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/53ff0caa6ad57372d426b4f48fc0f66df43a731f"
        },
        {
          "url": "https://git.kernel.org/stable/c/4733f68e59bb7b9e3d395699abb18366954b9ba7"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad4dfa7ea7f5f7e9a3c78627cfc749bc7005ca7a"
        },
        {
          "url": "https://git.kernel.org/stable/c/09adf8792b61c09ae543972a1ece1884ef773848"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d2ca6ac3711a4f4015d26b7cc84f325ac608edb"
        },
        {
          "url": "https://git.kernel.org/stable/c/db2fc255fcf41f536ac8666409849e11659af88d"
        },
        {
          "url": "https://git.kernel.org/stable/c/050b23d081da0f29474de043e9538c1f7a351b3b"
        }
      ],
      "title": "gpio: grgpio: Add NULL check in grgpio_probe",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56634",
    "datePublished": "2024-12-27T15:02:32.192Z",
    "dateReserved": "2024-12-27T15:00:39.838Z",
    "dateUpdated": "2025-11-03T20:51:32.959Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47235 (GCVE-0-2021-47235)

Vulnerability from cvelistv5 – Published: 2024-05-21 14:19 – Updated: 2025-05-04 07:06

Title

net: ethernet: fix potential use-after-free in ec_bhf_remove

Summary

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: fix potential use-after-free in ec_bhf_remove static void ec_bhf_remove(struct pci_dev *dev) { ... struct ec_bhf_priv *priv = netdev_priv(net_dev); unregister_netdev(net_dev); free_netdev(net_dev); pci_iounmap(dev, priv->dma_io); pci_iounmap(dev, priv->io); ... } priv is netdev private data, but it is used after free_netdev(). It can cause use-after-free when accessing priv pointer. So, fix it by moving free_netdev() after pci_iounmap() calls.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/db2bc3cfd2bc01621…
	https://git.kernel.org/stable/c/1cafc540b7bf1b6a5…
	https://git.kernel.org/stable/c/b1ad283755095a4b9…
	https://git.kernel.org/stable/c/0260916843cc74f39…
	https://git.kernel.org/stable/c/19f88ca68ccf87712…
	https://git.kernel.org/stable/c/95deeb29d831e2fae…
	https://git.kernel.org/stable/c/d11d79e52ba080ee5…
	https://git.kernel.org/stable/c/9cca0c2d701491604…

Impacted products

Vendor

Product

Version

Linux

Affected: 6af55ff52b02d492d45db88df3e461fa51a6f753 , < db2bc3cfd2bc01621014d4f17cdfc74611f339c8 (git)
Affected: 6af55ff52b02d492d45db88df3e461fa51a6f753 , < 1cafc540b7bf1b6a5a77dc000205fe337ef6eba6 (git)
Affected: 6af55ff52b02d492d45db88df3e461fa51a6f753 , < b1ad283755095a4b9d1431aeb357d7df1a33d3bb (git)
Affected: 6af55ff52b02d492d45db88df3e461fa51a6f753 , < 0260916843cc74f3906acf8b6f256693e01530a2 (git)
Affected: 6af55ff52b02d492d45db88df3e461fa51a6f753 , < 19f88ca68ccf8771276a606765239b167654f84a (git)
Affected: 6af55ff52b02d492d45db88df3e461fa51a6f753 , < 95deeb29d831e2fae608439e243e7a520611e7ea (git)
Affected: 6af55ff52b02d492d45db88df3e461fa51a6f753 , < d11d79e52ba080ee567cb7d7eb42a5ade60a8130 (git)
Affected: 6af55ff52b02d492d45db88df3e461fa51a6f753 , < 9cca0c2d70149160407bda9a9446ce0c29b6e6c6 (git)

Linux

Affected: 3.15
Unaffected: 0 , < 3.15 (semver)
Unaffected: 4.4.274 , ≤ 4.4.* (semver)
Unaffected: 4.9.274 , ≤ 4.9.* (semver)
Unaffected: 4.14.238 , ≤ 4.14.* (semver)
Unaffected: 4.19.196 , ≤ 4.19.* (semver)
Unaffected: 5.4.128 , ≤ 5.4.* (semver)
Unaffected: 5.10.46 , ≤ 5.10.* (semver)
Unaffected: 5.12.13 , ≤ 5.12.* (semver)
Unaffected: 5.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47235",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:38:04.934934Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:40:03.824Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:32:07.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/db2bc3cfd2bc01621014d4f17cdfc74611f339c8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1cafc540b7bf1b6a5a77dc000205fe337ef6eba6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b1ad283755095a4b9d1431aeb357d7df1a33d3bb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0260916843cc74f3906acf8b6f256693e01530a2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/19f88ca68ccf8771276a606765239b167654f84a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/95deeb29d831e2fae608439e243e7a520611e7ea"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d11d79e52ba080ee567cb7d7eb42a5ade60a8130"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9cca0c2d70149160407bda9a9446ce0c29b6e6c6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/ec_bhf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "db2bc3cfd2bc01621014d4f17cdfc74611f339c8",
              "status": "affected",
              "version": "6af55ff52b02d492d45db88df3e461fa51a6f753",
              "versionType": "git"
            },
            {
              "lessThan": "1cafc540b7bf1b6a5a77dc000205fe337ef6eba6",
              "status": "affected",
              "version": "6af55ff52b02d492d45db88df3e461fa51a6f753",
              "versionType": "git"
            },
            {
              "lessThan": "b1ad283755095a4b9d1431aeb357d7df1a33d3bb",
              "status": "affected",
              "version": "6af55ff52b02d492d45db88df3e461fa51a6f753",
              "versionType": "git"
            },
            {
              "lessThan": "0260916843cc74f3906acf8b6f256693e01530a2",
              "status": "affected",
              "version": "6af55ff52b02d492d45db88df3e461fa51a6f753",
              "versionType": "git"
            },
            {
              "lessThan": "19f88ca68ccf8771276a606765239b167654f84a",
              "status": "affected",
              "version": "6af55ff52b02d492d45db88df3e461fa51a6f753",
              "versionType": "git"
            },
            {
              "lessThan": "95deeb29d831e2fae608439e243e7a520611e7ea",
              "status": "affected",
              "version": "6af55ff52b02d492d45db88df3e461fa51a6f753",
              "versionType": "git"
            },
            {
              "lessThan": "d11d79e52ba080ee567cb7d7eb42a5ade60a8130",
              "status": "affected",
              "version": "6af55ff52b02d492d45db88df3e461fa51a6f753",
              "versionType": "git"
            },
            {
              "lessThan": "9cca0c2d70149160407bda9a9446ce0c29b6e6c6",
              "status": "affected",
              "version": "6af55ff52b02d492d45db88df3e461fa51a6f753",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/ec_bhf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.15"
            },
            {
              "lessThan": "3.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.*",
              "status": "unaffected",
              "version": "4.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.238",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.196",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.4.274",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.274",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.238",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.196",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.128",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.46",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.13",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: fix potential use-after-free in ec_bhf_remove\n\nstatic void ec_bhf_remove(struct pci_dev *dev)\n{\n...\n\tstruct ec_bhf_priv *priv = netdev_priv(net_dev);\n\n\tunregister_netdev(net_dev);\n\tfree_netdev(net_dev);\n\n\tpci_iounmap(dev, priv-\u003edma_io);\n\tpci_iounmap(dev, priv-\u003eio);\n...\n}\n\npriv is netdev private data, but it is used\nafter free_netdev(). It can cause use-after-free when accessing priv\npointer. So, fix it by moving free_netdev() after pci_iounmap()\ncalls."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:06:51.851Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/db2bc3cfd2bc01621014d4f17cdfc74611f339c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/1cafc540b7bf1b6a5a77dc000205fe337ef6eba6"
        },
        {
          "url": "https://git.kernel.org/stable/c/b1ad283755095a4b9d1431aeb357d7df1a33d3bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/0260916843cc74f3906acf8b6f256693e01530a2"
        },
        {
          "url": "https://git.kernel.org/stable/c/19f88ca68ccf8771276a606765239b167654f84a"
        },
        {
          "url": "https://git.kernel.org/stable/c/95deeb29d831e2fae608439e243e7a520611e7ea"
        },
        {
          "url": "https://git.kernel.org/stable/c/d11d79e52ba080ee567cb7d7eb42a5ade60a8130"
        },
        {
          "url": "https://git.kernel.org/stable/c/9cca0c2d70149160407bda9a9446ce0c29b6e6c6"
        }
      ],
      "title": "net: ethernet: fix potential use-after-free in ec_bhf_remove",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47235",
    "datePublished": "2024-05-21T14:19:37.070Z",
    "dateReserved": "2024-04-10T18:59:19.531Z",
    "dateUpdated": "2025-05-04T07:06:51.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-56625 (GCVE-0-2024-56625)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:51 – Updated: 2025-11-03 20:51

Title

can: dev: can_set_termination(): allow sleeping GPIOs

Summary

In the Linux kernel, the following vulnerability has been resolved: can: dev: can_set_termination(): allow sleeping GPIOs In commit 6e86a1543c37 ("can: dev: provide optional GPIO based termination support") GPIO based termination support was added. For no particular reason that patch uses gpiod_set_value() to set the GPIO. This leads to the following warning, if the systems uses a sleeping GPIO, i.e. behind an I2C port expander: | WARNING: CPU: 0 PID: 379 at /drivers/gpio/gpiolib.c:3496 gpiod_set_value+0x50/0x6c | CPU: 0 UID: 0 PID: 379 Comm: ip Not tainted 6.11.0-20241016-1 #1 823affae360cc91126e4d316d7a614a8bf86236c Replace gpiod_set_value() by gpiod_set_value_cansleep() to allow the use of sleeping GPIOs.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/faa0a1975a6fbce30…
	https://git.kernel.org/stable/c/46637a608fb1ee871…
	https://git.kernel.org/stable/c/1ac442f25c19953d2…
	https://git.kernel.org/stable/c/3b0c5bb437d31a986…
	https://git.kernel.org/stable/c/ee1dfbdd8b4b6de85…

Impacted products

Vendor

Product

Version

Linux

Affected: 6e86a1543c378f2e8837ad88f361b7bf606c80f7 , < faa0a1975a6fbce30616775216606eb8d6388ea1 (git)
Affected: 6e86a1543c378f2e8837ad88f361b7bf606c80f7 , < 46637a608fb1ee871a0ad8bf70d917d5d95ac251 (git)
Affected: 6e86a1543c378f2e8837ad88f361b7bf606c80f7 , < 1ac442f25c19953d2f33b92549628b0aeac83db6 (git)
Affected: 6e86a1543c378f2e8837ad88f361b7bf606c80f7 , < 3b0c5bb437d31a9864f633b85cbc42d2f6c51c96 (git)
Affected: 6e86a1543c378f2e8837ad88f361b7bf606c80f7 , < ee1dfbdd8b4b6de85e96ae2059dc9c1bdb6b49b5 (git)

Linux

Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:51:13.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/can/dev/dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "faa0a1975a6fbce30616775216606eb8d6388ea1",
              "status": "affected",
              "version": "6e86a1543c378f2e8837ad88f361b7bf606c80f7",
              "versionType": "git"
            },
            {
              "lessThan": "46637a608fb1ee871a0ad8bf70d917d5d95ac251",
              "status": "affected",
              "version": "6e86a1543c378f2e8837ad88f361b7bf606c80f7",
              "versionType": "git"
            },
            {
              "lessThan": "1ac442f25c19953d2f33b92549628b0aeac83db6",
              "status": "affected",
              "version": "6e86a1543c378f2e8837ad88f361b7bf606c80f7",
              "versionType": "git"
            },
            {
              "lessThan": "3b0c5bb437d31a9864f633b85cbc42d2f6c51c96",
              "status": "affected",
              "version": "6e86a1543c378f2e8837ad88f361b7bf606c80f7",
              "versionType": "git"
            },
            {
              "lessThan": "ee1dfbdd8b4b6de85e96ae2059dc9c1bdb6b49b5",
              "status": "affected",
              "version": "6e86a1543c378f2e8837ad88f361b7bf606c80f7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/can/dev/dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: dev: can_set_termination(): allow sleeping GPIOs\n\nIn commit 6e86a1543c37 (\"can: dev: provide optional GPIO based\ntermination support\") GPIO based termination support was added.\n\nFor no particular reason that patch uses gpiod_set_value() to set the\nGPIO. This leads to the following warning, if the systems uses a\nsleeping GPIO, i.e. behind an I2C port expander:\n\n| WARNING: CPU: 0 PID: 379 at /drivers/gpio/gpiolib.c:3496 gpiod_set_value+0x50/0x6c\n| CPU: 0 UID: 0 PID: 379 Comm: ip Not tainted 6.11.0-20241016-1 #1 823affae360cc91126e4d316d7a614a8bf86236c\n\nReplace gpiod_set_value() by gpiod_set_value_cansleep() to allow the\nuse of sleeping GPIOs."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:00:14.732Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/faa0a1975a6fbce30616775216606eb8d6388ea1"
        },
        {
          "url": "https://git.kernel.org/stable/c/46637a608fb1ee871a0ad8bf70d917d5d95ac251"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ac442f25c19953d2f33b92549628b0aeac83db6"
        },
        {
          "url": "https://git.kernel.org/stable/c/3b0c5bb437d31a9864f633b85cbc42d2f6c51c96"
        },
        {
          "url": "https://git.kernel.org/stable/c/ee1dfbdd8b4b6de85e96ae2059dc9c1bdb6b49b5"
        }
      ],
      "title": "can: dev: can_set_termination(): allow sleeping GPIOs",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56625",
    "datePublished": "2024-12-27T14:51:28.206Z",
    "dateReserved": "2024-12-27T14:03:06.017Z",
    "dateUpdated": "2025-11-03T20:51:13.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-50302 (GCVE-0-2024-50302)

Vulnerability from cvelistv5 – Published: 2024-11-19 01:30 – Updated: 2025-11-03 22:28

Title

HID: core: zero-initialize the report buffer

Summary

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-908 - Use of Uninitialized Resource

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e7ea60184e1e88a3c…
	https://git.kernel.org/stable/c/3f9e88f2672c46359…
	https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3…
	https://git.kernel.org/stable/c/05ade5d4337867929…
	https://git.kernel.org/stable/c/1884ab3d22536a5c1…
	https://git.kernel.org/stable/c/9d9f5c75c0c7f3176…
	https://git.kernel.org/stable/c/492015e6249fbcd42…
	https://git.kernel.org/stable/c/177f25d1292c7e16e…

Impacted products

Vendor

Product

Version

Linux

Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < e7ea60184e1e88a3c9e437b3265cbb6439aa7e26 (git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 3f9e88f2672c4635960570ee9741778d4135ecf5 (git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < d7dc68d82ab3fcfc3f65322465da3d7031d4ab46 (git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 05ade5d4337867929e7ef664e7ac8e0c734f1aaf (git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 1884ab3d22536a5c14b17c78c2ce76d1734e8b0b (git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 9d9f5c75c0c7f31766ec27d90f7a6ac673193191 (git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 492015e6249fbcd42138b49de3c588d826dd9648 (git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 177f25d1292c7e16e1199b39c85480f7f8815552 (git)
Affected: b2b6cadad699d44a8a5b2a60f3d960e00d6fb3b7 (git)
Affected: fe6c9b48ebc920ff21c10c50ab2729440c734254 (git)

Linux

Affected: 3.12
Unaffected: 0 , < 3.12 (semver)
Unaffected: 4.19.324 , ≤ 4.19.* (semver)
Unaffected: 5.4.286 , ≤ 5.4.* (semver)
Unaffected: 5.10.230 , ≤ 5.10.* (semver)
Unaffected: 5.15.172 , ≤ 5.15.* (semver)
Unaffected: 6.1.117 , ≤ 6.1.* (semver)
Unaffected: 6.6.61 , ≤ 6.6.* (semver)
Unaffected: 6.11.8 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-50302",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T04:55:26.718337Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-03-04",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-908",
                "description": "CWE-908 Use of Uninitialized Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:35.755Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-03-04T00:00:00+00:00",
            "value": "CVE-2024-50302 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:28:19.656Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e7ea60184e1e88a3c9e437b3265cbb6439aa7e26",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "3f9e88f2672c4635960570ee9741778d4135ecf5",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "d7dc68d82ab3fcfc3f65322465da3d7031d4ab46",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "05ade5d4337867929e7ef664e7ac8e0c734f1aaf",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "1884ab3d22536a5c14b17c78c2ce76d1734e8b0b",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "9d9f5c75c0c7f31766ec27d90f7a6ac673193191",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "492015e6249fbcd42138b49de3c588d826dd9648",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "177f25d1292c7e16e1199b39c85480f7f8815552",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "b2b6cadad699d44a8a5b2a60f3d960e00d6fb3b7",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "fe6c9b48ebc920ff21c10c50ab2729440c734254",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.12"
            },
            {
              "lessThan": "3.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.324",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.286",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.230",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.172",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.117",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.61",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.324",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.286",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.230",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.172",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.117",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.61",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.8",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.10.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.11.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T13:00:14.113Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26"
        },
        {
          "url": "https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46"
        },
        {
          "url": "https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf"
        },
        {
          "url": "https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191"
        },
        {
          "url": "https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648"
        },
        {
          "url": "https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552"
        }
      ],
      "title": "HID: core: zero-initialize the report buffer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50302",
    "datePublished": "2024-11-19T01:30:51.300Z",
    "dateReserved": "2024-10-21T19:36:19.987Z",
    "dateUpdated": "2025-11-03T22:28:19.656Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56739 (GCVE-0-2024-56739)

Vulnerability from cvelistv5 – Published: 2024-12-29 11:30 – Updated: 2025-11-03 20:53

Title

rtc: check if __rtc_read_time was successful in rtc_timer_do_work()

Summary

In the Linux kernel, the following vulnerability has been resolved: rtc: check if __rtc_read_time was successful in rtc_timer_do_work() If the __rtc_read_time call fails,, the struct rtc_time tm; may contain uninitialized data, or an illegal date/time read from the RTC hardware. When calling rtc_tm_to_ktime later, the result may be a very large value (possibly KTIME_MAX). If there are periodic timers in rtc->timerqueue, they will continually expire, may causing kernel softlockup.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-908 - Use of Uninitialized Resource

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/39ad0a1ae17b54509…
	https://git.kernel.org/stable/c/44b3257ff705d63d5…
	https://git.kernel.org/stable/c/0d68e8514d9040108…
	https://git.kernel.org/stable/c/246f621d363988e70…
	https://git.kernel.org/stable/c/fde56535505dde333…
	https://git.kernel.org/stable/c/dd4b1cbcc916fad5d…
	https://git.kernel.org/stable/c/a1f0b4af90cc18b10…
	https://git.kernel.org/stable/c/e77bce0a8c3989b41…
	https://git.kernel.org/stable/c/e8ba8a2bc4f60a106…

Impacted products

Vendor

Product

Version

Linux

Affected: 6610e0893b8bc6f59b14fed7f089c5997f035f88 , < 39ad0a1ae17b54509cd9e93dcd8cec16e7c12d3f (git)
Affected: 6610e0893b8bc6f59b14fed7f089c5997f035f88 , < 44b3257ff705d63d5f00ef8ed314a0eeb7ec37f2 (git)
Affected: 6610e0893b8bc6f59b14fed7f089c5997f035f88 , < 0d68e8514d9040108ff7d1b37ca71096674b6efe (git)
Affected: 6610e0893b8bc6f59b14fed7f089c5997f035f88 , < 246f621d363988e7040f4546d20203dc713fa3e1 (git)
Affected: 6610e0893b8bc6f59b14fed7f089c5997f035f88 , < fde56535505dde3336df438e949ef4742b6d6d6e (git)
Affected: 6610e0893b8bc6f59b14fed7f089c5997f035f88 , < dd4b1cbcc916fad5d10c2662b62def9f05e453d4 (git)
Affected: 6610e0893b8bc6f59b14fed7f089c5997f035f88 , < a1f0b4af90cc18b10261ecde56c6a56b22c75bd1 (git)
Affected: 6610e0893b8bc6f59b14fed7f089c5997f035f88 , < e77bce0a8c3989b4173c36f4195122bca8f4a3e1 (git)
Affected: 6610e0893b8bc6f59b14fed7f089c5997f035f88 , < e8ba8a2bc4f60a1065f23d6a0e7cbea945a0f40d (git)

Linux

Affected: 2.6.38
Unaffected: 0 , < 2.6.38 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56739",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:57:41.389389Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-908",
                "description": "CWE-908 Use of Uninitialized Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:04.223Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:53:29.335Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/rtc/interface.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "39ad0a1ae17b54509cd9e93dcd8cec16e7c12d3f",
              "status": "affected",
              "version": "6610e0893b8bc6f59b14fed7f089c5997f035f88",
              "versionType": "git"
            },
            {
              "lessThan": "44b3257ff705d63d5f00ef8ed314a0eeb7ec37f2",
              "status": "affected",
              "version": "6610e0893b8bc6f59b14fed7f089c5997f035f88",
              "versionType": "git"
            },
            {
              "lessThan": "0d68e8514d9040108ff7d1b37ca71096674b6efe",
              "status": "affected",
              "version": "6610e0893b8bc6f59b14fed7f089c5997f035f88",
              "versionType": "git"
            },
            {
              "lessThan": "246f621d363988e7040f4546d20203dc713fa3e1",
              "status": "affected",
              "version": "6610e0893b8bc6f59b14fed7f089c5997f035f88",
              "versionType": "git"
            },
            {
              "lessThan": "fde56535505dde3336df438e949ef4742b6d6d6e",
              "status": "affected",
              "version": "6610e0893b8bc6f59b14fed7f089c5997f035f88",
              "versionType": "git"
            },
            {
              "lessThan": "dd4b1cbcc916fad5d10c2662b62def9f05e453d4",
              "status": "affected",
              "version": "6610e0893b8bc6f59b14fed7f089c5997f035f88",
              "versionType": "git"
            },
            {
              "lessThan": "a1f0b4af90cc18b10261ecde56c6a56b22c75bd1",
              "status": "affected",
              "version": "6610e0893b8bc6f59b14fed7f089c5997f035f88",
              "versionType": "git"
            },
            {
              "lessThan": "e77bce0a8c3989b4173c36f4195122bca8f4a3e1",
              "status": "affected",
              "version": "6610e0893b8bc6f59b14fed7f089c5997f035f88",
              "versionType": "git"
            },
            {
              "lessThan": "e8ba8a2bc4f60a1065f23d6a0e7cbea945a0f40d",
              "status": "affected",
              "version": "6610e0893b8bc6f59b14fed7f089c5997f035f88",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/rtc/interface.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.38"
            },
            {
              "lessThan": "2.6.38",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: check if __rtc_read_time was successful in rtc_timer_do_work()\n\nIf the __rtc_read_time call fails,, the struct rtc_time tm; may contain\nuninitialized data, or an illegal date/time read from the RTC hardware.\n\nWhen calling rtc_tm_to_ktime later, the result may be a very large value\n(possibly KTIME_MAX). If there are periodic timers in rtc-\u003etimerqueue,\nthey will continually expire, may causing kernel softlockup."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:03:35.296Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/39ad0a1ae17b54509cd9e93dcd8cec16e7c12d3f"
        },
        {
          "url": "https://git.kernel.org/stable/c/44b3257ff705d63d5f00ef8ed314a0eeb7ec37f2"
        },
        {
          "url": "https://git.kernel.org/stable/c/0d68e8514d9040108ff7d1b37ca71096674b6efe"
        },
        {
          "url": "https://git.kernel.org/stable/c/246f621d363988e7040f4546d20203dc713fa3e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/fde56535505dde3336df438e949ef4742b6d6d6e"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd4b1cbcc916fad5d10c2662b62def9f05e453d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/a1f0b4af90cc18b10261ecde56c6a56b22c75bd1"
        },
        {
          "url": "https://git.kernel.org/stable/c/e77bce0a8c3989b4173c36f4195122bca8f4a3e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8ba8a2bc4f60a1065f23d6a0e7cbea945a0f40d"
        }
      ],
      "title": "rtc: check if __rtc_read_time was successful in rtc_timer_do_work()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56739",
    "datePublished": "2024-12-29T11:30:08.512Z",
    "dateReserved": "2024-12-29T11:26:39.757Z",
    "dateUpdated": "2025-11-03T20:53:29.335Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-45828 (GCVE-0-2024-45828)

Vulnerability from cvelistv5 – Published: 2025-01-11 12:25 – Updated: 2025-11-03 20:39

Title

i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request

Summary

In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request Bus cleanup path in DMA mode may trigger a RING_OP_STAT interrupt when the ring is being stopped. Depending on timing between ring stop request completion, interrupt handler removal and code execution this may lead to a NULL pointer dereference in hci_dma_irq_handler() if it gets to run after the io_data pointer is set to NULL in hci_dma_cleanup(). Prevent this my masking the ring interrupts before ring stop request.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a6cddf68b3405b272…
	https://git.kernel.org/stable/c/9d745a56aea45e47f…
	https://git.kernel.org/stable/c/a6dc4b4fda2e147e5…
	https://git.kernel.org/stable/c/19cc5767334bfe980…
	https://git.kernel.org/stable/c/6ca2738174e4ee44e…

Impacted products

Vendor

Product

Version

Linux

Affected: 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 , < a6cddf68b3405b272b5a3cad9657be0b02b34bf4 (git)
Affected: 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 , < 9d745a56aea45e47f4755bc12e6429d6314dbb54 (git)
Affected: 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 , < a6dc4b4fda2e147e557050eaae51ff15edeb680b (git)
Affected: 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 , < 19cc5767334bfe980f52421627d0826c0da86721 (git)
Affected: 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 , < 6ca2738174e4ee44edb2ab2d86ce74f015a0cc32 (git)

Linux

Affected: 5.0
Unaffected: 0 , < 5.0 (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-45828",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:55:58.058798Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:22.815Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:39:13.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/i3c/master/mipi-i3c-hci/dma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a6cddf68b3405b272b5a3cad9657be0b02b34bf4",
              "status": "affected",
              "version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
              "versionType": "git"
            },
            {
              "lessThan": "9d745a56aea45e47f4755bc12e6429d6314dbb54",
              "status": "affected",
              "version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
              "versionType": "git"
            },
            {
              "lessThan": "a6dc4b4fda2e147e557050eaae51ff15edeb680b",
              "status": "affected",
              "version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
              "versionType": "git"
            },
            {
              "lessThan": "19cc5767334bfe980f52421627d0826c0da86721",
              "status": "affected",
              "version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
              "versionType": "git"
            },
            {
              "lessThan": "6ca2738174e4ee44edb2ab2d86ce74f015a0cc32",
              "status": "affected",
              "version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/i3c/master/mipi-i3c-hci/dma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Mask ring interrupts before ring stop request\n\nBus cleanup path in DMA mode may trigger a RING_OP_STAT interrupt when\nthe ring is being stopped. Depending on timing between ring stop request\ncompletion, interrupt handler removal and code execution this may lead\nto a NULL pointer dereference in hci_dma_irq_handler() if it gets to run\nafter the io_data pointer is set to NULL in hci_dma_cleanup().\n\nPrevent this my masking the ring interrupts before ring stop request."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:31:33.748Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a6cddf68b3405b272b5a3cad9657be0b02b34bf4"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d745a56aea45e47f4755bc12e6429d6314dbb54"
        },
        {
          "url": "https://git.kernel.org/stable/c/a6dc4b4fda2e147e557050eaae51ff15edeb680b"
        },
        {
          "url": "https://git.kernel.org/stable/c/19cc5767334bfe980f52421627d0826c0da86721"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ca2738174e4ee44edb2ab2d86ce74f015a0cc32"
        }
      ],
      "title": "i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-45828",
    "datePublished": "2025-01-11T12:25:11.560Z",
    "dateReserved": "2025-01-09T09:51:32.498Z",
    "dateUpdated": "2025-11-03T20:39:13.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42315 (GCVE-0-2024-42315)

Vulnerability from cvelistv5 – Published: 2024-08-17 09:09 – Updated: 2025-11-03 20:38

Title

exfat: fix potential deadlock on __exfat_get_dentry_set

Summary

In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on __exfat_get_dentry_set When accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array is allocated in __exfat_get_entry_set. The problem is that the bh-array is allocated with GFP_KERNEL. It does not make sense. In the following cases, a deadlock for sbi->s_lock between the two processes may occur. CPU0 CPU1 ---- ---- kswapd balance_pgdat lock(fs_reclaim) exfat_iterate lock(&sbi->s_lock) exfat_readdir exfat_get_uniname_from_ext_entry exfat_get_dentry_set __exfat_get_dentry_set kmalloc_array ... lock(fs_reclaim) ... evict exfat_evict_inode lock(&sbi->s_lock) To fix this, let's allocate bh-array with GFP_NOFS.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/632fb232b6bbf8277…
	https://git.kernel.org/stable/c/c052f775ee6ccacd3…
	https://git.kernel.org/stable/c/cd1c7858641384191…
	https://git.kernel.org/stable/c/a7ac198f8dba791e3…
	https://git.kernel.org/stable/c/1d1970493c289e3f4…
	https://git.kernel.org/stable/c/89fc548767a215523…

Impacted products

Vendor

Product

Version

Linux

Affected: bd3bdb9e0d656f760b11d0c638d35d7f7068144d , < 632fb232b6bbf8277edcbe9ecd4b4d98ecb122eb (git)
Affected: 92dcd7d6c6068bf4fd35a6f64d606e27d634807e , < c052f775ee6ccacd3c97e4cf41a2a657e63d4259 (git)
Affected: d8fe01ad2d8ab33aaf8f2efad9e8f1dae11c4b0c , < cd1c7858641384191ff7033fb1fc65dfcd559c6f (git)
Affected: a3ff29a95fde16906304455aa8c0bd84eb770258 , < a7ac198f8dba791e3144c4da48a5a9b95773ee4b (git)
Affected: a3ff29a95fde16906304455aa8c0bd84eb770258 , < 1d1970493c289e3f44b9ec847ed26a5dbdf56a62 (git)
Affected: a3ff29a95fde16906304455aa8c0bd84eb770258 , < 89fc548767a2155231128cb98726d6d2ea1256c9 (git)

Linux

Affected: 6.2
Unaffected: 0 , < 6.2 (semver)
Unaffected: 5.10.232 , ≤ 5.10.* (semver)
Unaffected: 5.15.175 , ≤ 5.15.* (semver)
Unaffected: 6.6.44 , ≤ 6.6.* (semver)
Unaffected: 6.10.3 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42315",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:09:45.977516Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:26.638Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:38:38.291Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/exfat/dir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "632fb232b6bbf8277edcbe9ecd4b4d98ecb122eb",
              "status": "affected",
              "version": "bd3bdb9e0d656f760b11d0c638d35d7f7068144d",
              "versionType": "git"
            },
            {
              "lessThan": "c052f775ee6ccacd3c97e4cf41a2a657e63d4259",
              "status": "affected",
              "version": "92dcd7d6c6068bf4fd35a6f64d606e27d634807e",
              "versionType": "git"
            },
            {
              "lessThan": "cd1c7858641384191ff7033fb1fc65dfcd559c6f",
              "status": "affected",
              "version": "d8fe01ad2d8ab33aaf8f2efad9e8f1dae11c4b0c",
              "versionType": "git"
            },
            {
              "lessThan": "a7ac198f8dba791e3144c4da48a5a9b95773ee4b",
              "status": "affected",
              "version": "a3ff29a95fde16906304455aa8c0bd84eb770258",
              "versionType": "git"
            },
            {
              "lessThan": "1d1970493c289e3f44b9ec847ed26a5dbdf56a62",
              "status": "affected",
              "version": "a3ff29a95fde16906304455aa8c0bd84eb770258",
              "versionType": "git"
            },
            {
              "lessThan": "89fc548767a2155231128cb98726d6d2ea1256c9",
              "status": "affected",
              "version": "a3ff29a95fde16906304455aa8c0bd84eb770258",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/exfat/dir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "lessThan": "6.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.232",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.175",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.232",
                  "versionStartIncluding": "5.10.190",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.175",
                  "versionStartIncluding": "5.15.150",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.44",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.3",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix potential deadlock on __exfat_get_dentry_set\n\nWhen accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array\nis allocated in __exfat_get_entry_set. The problem is that the bh-array is\nallocated with GFP_KERNEL. It does not make sense. In the following cases,\na deadlock for sbi-\u003es_lock between the two processes may occur.\n\n       CPU0                CPU1\n       ----                ----\n  kswapd\n   balance_pgdat\n    lock(fs_reclaim)\n                      exfat_iterate\n                       lock(\u0026sbi-\u003es_lock)\n                       exfat_readdir\n                        exfat_get_uniname_from_ext_entry\n                         exfat_get_dentry_set\n                          __exfat_get_dentry_set\n                           kmalloc_array\n                            ...\n                            lock(fs_reclaim)\n    ...\n    evict\n     exfat_evict_inode\n      lock(\u0026sbi-\u003es_lock)\n\nTo fix this, let\u0027s allocate bh-array with GFP_NOFS."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:26:35.431Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/632fb232b6bbf8277edcbe9ecd4b4d98ecb122eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/c052f775ee6ccacd3c97e4cf41a2a657e63d4259"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd1c7858641384191ff7033fb1fc65dfcd559c6f"
        },
        {
          "url": "https://git.kernel.org/stable/c/a7ac198f8dba791e3144c4da48a5a9b95773ee4b"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d1970493c289e3f44b9ec847ed26a5dbdf56a62"
        },
        {
          "url": "https://git.kernel.org/stable/c/89fc548767a2155231128cb98726d6d2ea1256c9"
        }
      ],
      "title": "exfat: fix potential deadlock on __exfat_get_dentry_set",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42315",
    "datePublished": "2024-08-17T09:09:23.779Z",
    "dateReserved": "2024-07-30T07:40:12.278Z",
    "dateUpdated": "2025-11-03T20:38:38.291Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-50242 (GCVE-0-2024-50242)

Vulnerability from cvelistv5 – Published: 2024-11-09 10:14 – Updated: 2025-11-03 22:27

Title

fs/ntfs3: Additional check in ntfs_file_release

Summary

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Additional check in ntfs_file_release

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/542532afe249588ae…
	https://git.kernel.org/stable/c/d1ac7e2620302e3e4…
	https://git.kernel.org/stable/c/550ef40fa6366d5d1…
	https://git.kernel.org/stable/c/82685eb6ca1db2bd1…
	https://git.kernel.org/stable/c/031d6f608290c847b…

Impacted products

Vendor

Product

Version

Linux

Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < 542532afe249588ae88d8409d4bf861c315f8862 (git)
Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < d1ac7e2620302e3e49573df39bd4e868e8b4962a (git)
Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < 550ef40fa6366d5d11b122e5f36b1f9aa20c087e (git)
Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < 82685eb6ca1db2bd11190451085bcb86ed03aa24 (git)
Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < 031d6f608290c847ba6378322d0986d08d1a645a (git)

Linux

Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 5.15.178 , ≤ 5.15.* (semver)
Unaffected: 6.1.119 , ≤ 6.1.* (semver)
Unaffected: 6.6.60 , ≤ 6.6.* (semver)
Unaffected: 6.11.7 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:27:21.431Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ntfs3/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "542532afe249588ae88d8409d4bf861c315f8862",
              "status": "affected",
              "version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
              "versionType": "git"
            },
            {
              "lessThan": "d1ac7e2620302e3e49573df39bd4e868e8b4962a",
              "status": "affected",
              "version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
              "versionType": "git"
            },
            {
              "lessThan": "550ef40fa6366d5d11b122e5f36b1f9aa20c087e",
              "status": "affected",
              "version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
              "versionType": "git"
            },
            {
              "lessThan": "82685eb6ca1db2bd11190451085bcb86ed03aa24",
              "status": "affected",
              "version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
              "versionType": "git"
            },
            {
              "lessThan": "031d6f608290c847ba6378322d0986d08d1a645a",
              "status": "affected",
              "version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ntfs3/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.178",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.60",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.178",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.119",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.60",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.7",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Additional check in ntfs_file_release"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:49:35.744Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/542532afe249588ae88d8409d4bf861c315f8862"
        },
        {
          "url": "https://git.kernel.org/stable/c/d1ac7e2620302e3e49573df39bd4e868e8b4962a"
        },
        {
          "url": "https://git.kernel.org/stable/c/550ef40fa6366d5d11b122e5f36b1f9aa20c087e"
        },
        {
          "url": "https://git.kernel.org/stable/c/82685eb6ca1db2bd11190451085bcb86ed03aa24"
        },
        {
          "url": "https://git.kernel.org/stable/c/031d6f608290c847ba6378322d0986d08d1a645a"
        }
      ],
      "title": "fs/ntfs3: Additional check in ntfs_file_release",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50242",
    "datePublished": "2024-11-09T10:14:51.936Z",
    "dateReserved": "2024-10-21T19:36:19.977Z",
    "dateUpdated": "2025-11-03T22:27:21.431Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56601 (GCVE-0-2024-56601)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:51 – Updated: 2025-11-03 20:50

Title

net: inet: do not leave a dangling sk pointer in inet_create()

Summary

In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inet_create() sock_init_data() attaches the allocated sk object to the provided sock object. If inet_create() fails later, the sk object is freed, but the sock object retains the dangling pointer, which may create use-after-free later. Clear the sk pointer in the sock object on error.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f8a3f255f7509a209…
	https://git.kernel.org/stable/c/2bc34d8c8898ae9fd…
	https://git.kernel.org/stable/c/3e8258070b0f2aba6…
	https://git.kernel.org/stable/c/b4513cfd3a10c03c6…
	https://git.kernel.org/stable/c/25447c6aaa7235f15…
	https://git.kernel.org/stable/c/691d6d816f93b2a10…
	https://git.kernel.org/stable/c/9365fa510c6f82e3a…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f8a3f255f7509a209292871715cda03779640c8d (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 2bc34d8c8898ae9fddf4612501aabb22d76c2b2c (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3e8258070b0f2aba66b3ef18883de229674fb288 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b4513cfd3a10c03c660d5d3d26c2e322efbfdd9b (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 25447c6aaa7235f155292b0c58a067347e8ae891 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 691d6d816f93b2a1008c14178399061466e674ef (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 9365fa510c6f82e3aa550a09d0c5c6b44dbc78ff (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56601",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T15:42:25.967090Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T15:45:24.011Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:50:40.940Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/af_inet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f8a3f255f7509a209292871715cda03779640c8d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2bc34d8c8898ae9fddf4612501aabb22d76c2b2c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3e8258070b0f2aba66b3ef18883de229674fb288",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "b4513cfd3a10c03c660d5d3d26c2e322efbfdd9b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "25447c6aaa7235f155292b0c58a067347e8ae891",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "691d6d816f93b2a1008c14178399061466e674ef",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "9365fa510c6f82e3aa550a09d0c5c6b44dbc78ff",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/af_inet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: inet: do not leave a dangling sk pointer in inet_create()\n\nsock_init_data() attaches the allocated sk object to the provided sock\nobject. If inet_create() fails later, the sk object is freed, but the\nsock object retains the dangling pointer, which may create use-after-free\nlater.\n\nClear the sk pointer in the sock object on error."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:13:42.168Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f8a3f255f7509a209292871715cda03779640c8d"
        },
        {
          "url": "https://git.kernel.org/stable/c/2bc34d8c8898ae9fddf4612501aabb22d76c2b2c"
        },
        {
          "url": "https://git.kernel.org/stable/c/3e8258070b0f2aba66b3ef18883de229674fb288"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4513cfd3a10c03c660d5d3d26c2e322efbfdd9b"
        },
        {
          "url": "https://git.kernel.org/stable/c/25447c6aaa7235f155292b0c58a067347e8ae891"
        },
        {
          "url": "https://git.kernel.org/stable/c/691d6d816f93b2a1008c14178399061466e674ef"
        },
        {
          "url": "https://git.kernel.org/stable/c/9365fa510c6f82e3aa550a09d0c5c6b44dbc78ff"
        }
      ],
      "title": "net: inet: do not leave a dangling sk pointer in inet_create()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56601",
    "datePublished": "2024-12-27T14:51:07.358Z",
    "dateReserved": "2024-12-27T14:03:06.011Z",
    "dateUpdated": "2025-11-03T20:50:40.940Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56672 (GCVE-0-2024-56672)

Vulnerability from cvelistv5 – Published: 2024-12-27 15:06 – Updated: 2025-11-03 20:52

Title

blk-cgroup: Fix UAF in blkcg_unpin_online()

Summary

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix UAF in blkcg_unpin_online() blkcg_unpin_online() walks up the blkcg hierarchy putting the online pin. To walk up, it uses blkcg_parent(blkcg) but it was calling that after blkcg_destroy_blkgs(blkcg) which could free the blkcg, leading to the following UAF: ================================================================== BUG: KASAN: slab-use-after-free in blkcg_unpin_online+0x15a/0x270 Read of size 8 at addr ffff8881057678c0 by task kworker/9:1/117 CPU: 9 UID: 0 PID: 117 Comm: kworker/9:1 Not tainted 6.13.0-rc1-work-00182-gb8f52214c61a-dirty #48 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS unknown 02/02/2022 Workqueue: cgwb_release cgwb_release_workfn Call Trace: <TASK> dump_stack_lvl+0x27/0x80 print_report+0x151/0x710 kasan_report+0xc0/0x100 blkcg_unpin_online+0x15a/0x270 cgwb_release_workfn+0x194/0x480 process_scheduled_works+0x71b/0xe20 worker_thread+0x82a/0xbd0 kthread+0x242/0x2c0 ret_from_fork+0x33/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> ... Freed by task 1944: kasan_save_track+0x2b/0x70 kasan_save_free_info+0x3c/0x50 __kasan_slab_free+0x33/0x50 kfree+0x10c/0x330 css_free_rwork_fn+0xe6/0xb30 process_scheduled_works+0x71b/0xe20 worker_thread+0x82a/0xbd0 kthread+0x242/0x2c0 ret_from_fork+0x33/0x70 ret_from_fork_asm+0x1a/0x30 Note that the UAF is not easy to trigger as the free path is indirected behind a couple RCU grace periods and a work item execution. I could only trigger it with artifical msleep() injected in blkcg_unpin_online(). Fix it by reading the parent pointer before destroying the blkcg's blkg's.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/83f5a87ee8caa76a9…
	https://git.kernel.org/stable/c/8a07350fe070017a8…
	https://git.kernel.org/stable/c/64afc6fe24c9896c0…
	https://git.kernel.org/stable/c/5baa28569c924d9a9…
	https://git.kernel.org/stable/c/29d1e06560f0f6179…
	https://git.kernel.org/stable/c/86e6ca55b83c575ab…

Impacted products

Vendor

Product

Version

Linux

Affected: 4308a434e5e08c78676aa66bc626ef78cbef0883 , < 83f5a87ee8caa76a917f59912a74d6811f773c67 (git)
Affected: 4308a434e5e08c78676aa66bc626ef78cbef0883 , < 8a07350fe070017a887433f4d6909433955be5f1 (git)
Affected: 4308a434e5e08c78676aa66bc626ef78cbef0883 , < 64afc6fe24c9896c0153e5a199bcea241ecb0d5c (git)
Affected: 4308a434e5e08c78676aa66bc626ef78cbef0883 , < 5baa28569c924d9a90d036c2aaab79f791fedaf8 (git)
Affected: 4308a434e5e08c78676aa66bc626ef78cbef0883 , < 29d1e06560f0f6179062ac638b4064deb637d1ad (git)
Affected: 4308a434e5e08c78676aa66bc626ef78cbef0883 , < 86e6ca55b83c575ab0f2e105cf08f98e58d3d7af (git)

Linux

Affected: 5.7
Unaffected: 0 , < 5.7 (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.121 , ≤ 6.1.* (semver)
Unaffected: 6.6.67 , ≤ 6.6.* (semver)
Unaffected: 6.12.6 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56672",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-10T17:12:31.915249Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-10T17:21:07.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:52:20.150Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "block/blk-cgroup.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "83f5a87ee8caa76a917f59912a74d6811f773c67",
              "status": "affected",
              "version": "4308a434e5e08c78676aa66bc626ef78cbef0883",
              "versionType": "git"
            },
            {
              "lessThan": "8a07350fe070017a887433f4d6909433955be5f1",
              "status": "affected",
              "version": "4308a434e5e08c78676aa66bc626ef78cbef0883",
              "versionType": "git"
            },
            {
              "lessThan": "64afc6fe24c9896c0153e5a199bcea241ecb0d5c",
              "status": "affected",
              "version": "4308a434e5e08c78676aa66bc626ef78cbef0883",
              "versionType": "git"
            },
            {
              "lessThan": "5baa28569c924d9a90d036c2aaab79f791fedaf8",
              "status": "affected",
              "version": "4308a434e5e08c78676aa66bc626ef78cbef0883",
              "versionType": "git"
            },
            {
              "lessThan": "29d1e06560f0f6179062ac638b4064deb637d1ad",
              "status": "affected",
              "version": "4308a434e5e08c78676aa66bc626ef78cbef0883",
              "versionType": "git"
            },
            {
              "lessThan": "86e6ca55b83c575ab0f2e105cf08f98e58d3d7af",
              "status": "affected",
              "version": "4308a434e5e08c78676aa66bc626ef78cbef0883",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "block/blk-cgroup.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.7"
            },
            {
              "lessThan": "5.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.121",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.67",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.121",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.67",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.6",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Fix UAF in blkcg_unpin_online()\n\nblkcg_unpin_online() walks up the blkcg hierarchy putting the online pin. To\nwalk up, it uses blkcg_parent(blkcg) but it was calling that after\nblkcg_destroy_blkgs(blkcg) which could free the blkcg, leading to the\nfollowing UAF:\n\n  ==================================================================\n  BUG: KASAN: slab-use-after-free in blkcg_unpin_online+0x15a/0x270\n  Read of size 8 at addr ffff8881057678c0 by task kworker/9:1/117\n\n  CPU: 9 UID: 0 PID: 117 Comm: kworker/9:1 Not tainted 6.13.0-rc1-work-00182-gb8f52214c61a-dirty #48\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS unknown 02/02/2022\n  Workqueue: cgwb_release cgwb_release_workfn\n  Call Trace:\n   \u003cTASK\u003e\n   dump_stack_lvl+0x27/0x80\n   print_report+0x151/0x710\n   kasan_report+0xc0/0x100\n   blkcg_unpin_online+0x15a/0x270\n   cgwb_release_workfn+0x194/0x480\n   process_scheduled_works+0x71b/0xe20\n   worker_thread+0x82a/0xbd0\n   kthread+0x242/0x2c0\n   ret_from_fork+0x33/0x70\n   ret_from_fork_asm+0x1a/0x30\n   \u003c/TASK\u003e\n  ...\n  Freed by task 1944:\n   kasan_save_track+0x2b/0x70\n   kasan_save_free_info+0x3c/0x50\n   __kasan_slab_free+0x33/0x50\n   kfree+0x10c/0x330\n   css_free_rwork_fn+0xe6/0xb30\n   process_scheduled_works+0x71b/0xe20\n   worker_thread+0x82a/0xbd0\n   kthread+0x242/0x2c0\n   ret_from_fork+0x33/0x70\n   ret_from_fork_asm+0x1a/0x30\n\nNote that the UAF is not easy to trigger as the free path is indirected\nbehind a couple RCU grace periods and a work item execution. I could only\ntrigger it with artifical msleep() injected in blkcg_unpin_online().\n\nFix it by reading the parent pointer before destroying the blkcg\u0027s blkg\u0027s."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:01:48.688Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/83f5a87ee8caa76a917f59912a74d6811f773c67"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a07350fe070017a887433f4d6909433955be5f1"
        },
        {
          "url": "https://git.kernel.org/stable/c/64afc6fe24c9896c0153e5a199bcea241ecb0d5c"
        },
        {
          "url": "https://git.kernel.org/stable/c/5baa28569c924d9a90d036c2aaab79f791fedaf8"
        },
        {
          "url": "https://git.kernel.org/stable/c/29d1e06560f0f6179062ac638b4064deb637d1ad"
        },
        {
          "url": "https://git.kernel.org/stable/c/86e6ca55b83c575ab0f2e105cf08f98e58d3d7af"
        }
      ],
      "title": "blk-cgroup: Fix UAF in blkcg_unpin_online()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56672",
    "datePublished": "2024-12-27T15:06:33.358Z",
    "dateReserved": "2024-12-27T15:00:39.845Z",
    "dateUpdated": "2025-11-03T20:52:20.150Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26921 (GCVE-0-2024-26921)

Vulnerability from cvelistv5 – Published: 2024-04-18 09:47 – Updated: 2025-11-03 20:36

Title

inet: inet_defrag: prevent sk release while still in use

Summary

In the Linux kernel, the following vulnerability has been resolved: inet: inet_defrag: prevent sk release while still in use ip_local_out() and other functions can pass skb->sk as function argument. If the skb is a fragment and reassembly happens before such function call returns, the sk must not be released. This affects skb fragments reassembled via netfilter or similar modules, e.g. openvswitch or ct_act.c, when run as part of tx pipeline. Eric Dumazet made an initial analysis of this bug. Quoting Eric: Calling ip_defrag() in output path is also implying skb_orphan(), which is buggy because output path relies on sk not disappearing. A relevant old patch about the issue was : 8282f27449bf ("inet: frag: Always orphan skbs inside ip_defrag()") [..] net/ipv4/ip_output.c depends on skb->sk being set, and probably to an inet socket, not an arbitrary one. If we orphan the packet in ipvlan, then downstream things like FQ packet scheduler will not work properly. We need to change ip_defrag() to only use skb_orphan() when really needed, ie whenever frag_list is going to be used. Eric suggested to stash sk in fragment queue and made an initial patch. However there is a problem with this: If skb is refragmented again right after, ip_do_fragment() will copy head->sk to the new fragments, and sets up destructor to sock_wfree. IOW, we have no choice but to fix up sk_wmem accouting to reflect the fully reassembled skb, else wmem will underflow. This change moves the orphan down into the core, to last possible moment. As ip_defrag_offset is aliased with sk_buff->sk member, we must move the offset into the FRAG_CB, else skb->sk gets clobbered. This allows to delay the orphaning long enough to learn if the skb has to be queued or if the skb is completing the reasm queue. In the former case, things work as before, skb is orphaned. This is safe because skb gets queued/stolen and won't continue past reasm engine. In the latter case, we will steal the skb->sk reference, reattach it to the head skb, and fix up wmem accouting when inet_frag inflates truesize.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1b6de5e6575b56502…
	https://git.kernel.org/stable/c/9705f447bf9a6cd08…
	https://git.kernel.org/stable/c/4318608dc28ef1841…
	https://git.kernel.org/stable/c/7d0567842b78390dd…
	https://git.kernel.org/stable/c/f4877225313d47465…
	https://git.kernel.org/stable/c/e09cbe017311508c2…
	https://git.kernel.org/stable/c/18685451fc4e546fc…

Impacted products

Vendor

Product

Version

Linux

Affected: 7026b1ddb6b8d4e6ee33dc2bd06c0ca8746fa7ab , < 1b6de5e6575b56502665c65cf93b0ae6aa0f51ab (git)
Affected: 7026b1ddb6b8d4e6ee33dc2bd06c0ca8746fa7ab , < 9705f447bf9a6cd088300ad2c407b5e1c6591091 (git)
Affected: 7026b1ddb6b8d4e6ee33dc2bd06c0ca8746fa7ab , < 4318608dc28ef184158b4045896740716bea23f0 (git)
Affected: 7026b1ddb6b8d4e6ee33dc2bd06c0ca8746fa7ab , < 7d0567842b78390dd9b60f00f1d8f838d540e325 (git)
Affected: 7026b1ddb6b8d4e6ee33dc2bd06c0ca8746fa7ab , < f4877225313d474659ee53150ccc3d553a978727 (git)
Affected: 7026b1ddb6b8d4e6ee33dc2bd06c0ca8746fa7ab , < e09cbe017311508c21e0739e97198a8388b98981 (git)
Affected: 7026b1ddb6b8d4e6ee33dc2bd06c0ca8746fa7ab , < 18685451fc4e546fc0e718580d32df3c0e5c8272 (git)

Linux

Affected: 4.1
Unaffected: 0 , < 4.1 (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26921",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-18T19:03:24.189248Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T15:27:10.496Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:36:57.981Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7d0567842b78390dd9b60f00f1d8f838d540e325"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f4877225313d474659ee53150ccc3d553a978727"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e09cbe017311508c21e0739e97198a8388b98981"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/18685451fc4e546fc0e718580d32df3c0e5c8272"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/linux/skbuff.h",
            "net/ipv4/inet_fragment.c",
            "net/ipv4/ip_fragment.c",
            "net/ipv6/netfilter/nf_conntrack_reasm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1b6de5e6575b56502665c65cf93b0ae6aa0f51ab",
              "status": "affected",
              "version": "7026b1ddb6b8d4e6ee33dc2bd06c0ca8746fa7ab",
              "versionType": "git"
            },
            {
              "lessThan": "9705f447bf9a6cd088300ad2c407b5e1c6591091",
              "status": "affected",
              "version": "7026b1ddb6b8d4e6ee33dc2bd06c0ca8746fa7ab",
              "versionType": "git"
            },
            {
              "lessThan": "4318608dc28ef184158b4045896740716bea23f0",
              "status": "affected",
              "version": "7026b1ddb6b8d4e6ee33dc2bd06c0ca8746fa7ab",
              "versionType": "git"
            },
            {
              "lessThan": "7d0567842b78390dd9b60f00f1d8f838d540e325",
              "status": "affected",
              "version": "7026b1ddb6b8d4e6ee33dc2bd06c0ca8746fa7ab",
              "versionType": "git"
            },
            {
              "lessThan": "f4877225313d474659ee53150ccc3d553a978727",
              "status": "affected",
              "version": "7026b1ddb6b8d4e6ee33dc2bd06c0ca8746fa7ab",
              "versionType": "git"
            },
            {
              "lessThan": "e09cbe017311508c21e0739e97198a8388b98981",
              "status": "affected",
              "version": "7026b1ddb6b8d4e6ee33dc2bd06c0ca8746fa7ab",
              "versionType": "git"
            },
            {
              "lessThan": "18685451fc4e546fc0e718580d32df3c0e5c8272",
              "status": "affected",
              "version": "7026b1ddb6b8d4e6ee33dc2bd06c0ca8746fa7ab",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/linux/skbuff.h",
            "net/ipv4/inet_fragment.c",
            "net/ipv4/ip_fragment.c",
            "net/ipv6/netfilter/nf_conntrack_reasm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninet: inet_defrag: prevent sk release while still in use\n\nip_local_out() and other functions can pass skb-\u003esk as function argument.\n\nIf the skb is a fragment and reassembly happens before such function call\nreturns, the sk must not be released.\n\nThis affects skb fragments reassembled via netfilter or similar\nmodules, e.g. openvswitch or ct_act.c, when run as part of tx pipeline.\n\nEric Dumazet made an initial analysis of this bug.  Quoting Eric:\n  Calling ip_defrag() in output path is also implying skb_orphan(),\n  which is buggy because output path relies on sk not disappearing.\n\n  A relevant old patch about the issue was :\n  8282f27449bf (\"inet: frag: Always orphan skbs inside ip_defrag()\")\n\n  [..]\n\n  net/ipv4/ip_output.c depends on skb-\u003esk being set, and probably to an\n  inet socket, not an arbitrary one.\n\n  If we orphan the packet in ipvlan, then downstream things like FQ\n  packet scheduler will not work properly.\n\n  We need to change ip_defrag() to only use skb_orphan() when really\n  needed, ie whenever frag_list is going to be used.\n\nEric suggested to stash sk in fragment queue and made an initial patch.\nHowever there is a problem with this:\n\nIf skb is refragmented again right after, ip_do_fragment() will copy\nhead-\u003esk to the new fragments, and sets up destructor to sock_wfree.\nIOW, we have no choice but to fix up sk_wmem accouting to reflect the\nfully reassembled skb, else wmem will underflow.\n\nThis change moves the orphan down into the core, to last possible moment.\nAs ip_defrag_offset is aliased with sk_buff-\u003esk member, we must move the\noffset into the FRAG_CB, else skb-\u003esk gets clobbered.\n\nThis allows to delay the orphaning long enough to learn if the skb has\nto be queued or if the skb is completing the reasm queue.\n\nIn the former case, things work as before, skb is orphaned.  This is\nsafe because skb gets queued/stolen and won\u0027t continue past reasm engine.\n\nIn the latter case, we will steal the skb-\u003esk reference, reattach it to\nthe head skb, and fix up wmem accouting when inet_frag inflates truesize."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:59:45.052Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1b6de5e6575b56502665c65cf93b0ae6aa0f51ab"
        },
        {
          "url": "https://git.kernel.org/stable/c/9705f447bf9a6cd088300ad2c407b5e1c6591091"
        },
        {
          "url": "https://git.kernel.org/stable/c/4318608dc28ef184158b4045896740716bea23f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/7d0567842b78390dd9b60f00f1d8f838d540e325"
        },
        {
          "url": "https://git.kernel.org/stable/c/f4877225313d474659ee53150ccc3d553a978727"
        },
        {
          "url": "https://git.kernel.org/stable/c/e09cbe017311508c21e0739e97198a8388b98981"
        },
        {
          "url": "https://git.kernel.org/stable/c/18685451fc4e546fc0e718580d32df3c0e5c8272"
        }
      ],
      "title": "inet: inet_defrag: prevent sk release while still in use",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26921",
    "datePublished": "2024-04-18T09:47:58.632Z",
    "dateReserved": "2024-02-19T14:20:24.194Z",
    "dateUpdated": "2025-11-03T20:36:57.981Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53685 (GCVE-0-2024-53685)

Vulnerability from cvelistv5 – Published: 2025-01-11 12:35 – Updated: 2025-11-03 20:48

Title

ceph: give up on paths longer than PATH_MAX

Summary

In the Linux kernel, the following vulnerability has been resolved: ceph: give up on paths longer than PATH_MAX If the full path to be built by ceph_mdsc_build_path() happens to be longer than PATH_MAX, then this function will enter an endless (retry) loop, effectively blocking the whole task. Most of the machine becomes unusable, making this a very simple and effective DoS vulnerability. I cannot imagine why this retry was ever implemented, but it seems rather useless and harmful to me. Let's remove it and fail with ENAMETOOLONG instead.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0f2b2d9e881c90402…
	https://git.kernel.org/stable/c/d42ad3f161a5a487f…
	https://git.kernel.org/stable/c/e4b168c64da06954b…
	https://git.kernel.org/stable/c/c47ed91156daf3286…
	https://git.kernel.org/stable/c/99a37ab76a315c830…
	https://git.kernel.org/stable/c/550f7ca98ee028a60…

Impacted products

Vendor

Product

Version

Linux

Affected: 9030aaf9bf0a1eee47a154c316c789e959638b0f , < 0f2b2d9e881c90402dbe28f9ba831775b7992e1f (git)
Affected: 9030aaf9bf0a1eee47a154c316c789e959638b0f , < d42ad3f161a5a487f81915c406f46943c7187a0a (git)
Affected: 9030aaf9bf0a1eee47a154c316c789e959638b0f , < e4b168c64da06954be5d520f6c16469b1cadc069 (git)
Affected: 9030aaf9bf0a1eee47a154c316c789e959638b0f , < c47ed91156daf328601d02b58d52d9804da54108 (git)
Affected: 9030aaf9bf0a1eee47a154c316c789e959638b0f , < 99a37ab76a315c8307eb5b0dc095d8ad9d8efeaa (git)
Affected: 9030aaf9bf0a1eee47a154c316c789e959638b0f , < 550f7ca98ee028a606aa75705a7e77b1bd11720f (git)

Linux

Affected: 2.6.34
Unaffected: 0 , < 2.6.34 (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.125 , ≤ 6.1.* (semver)
Unaffected: 6.6.70 , ≤ 6.6.* (semver)
Unaffected: 6.12.7 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:48:20.745Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ceph/mds_client.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0f2b2d9e881c90402dbe28f9ba831775b7992e1f",
              "status": "affected",
              "version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
              "versionType": "git"
            },
            {
              "lessThan": "d42ad3f161a5a487f81915c406f46943c7187a0a",
              "status": "affected",
              "version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
              "versionType": "git"
            },
            {
              "lessThan": "e4b168c64da06954be5d520f6c16469b1cadc069",
              "status": "affected",
              "version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
              "versionType": "git"
            },
            {
              "lessThan": "c47ed91156daf328601d02b58d52d9804da54108",
              "status": "affected",
              "version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
              "versionType": "git"
            },
            {
              "lessThan": "99a37ab76a315c8307eb5b0dc095d8ad9d8efeaa",
              "status": "affected",
              "version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
              "versionType": "git"
            },
            {
              "lessThan": "550f7ca98ee028a606aa75705a7e77b1bd11720f",
              "status": "affected",
              "version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ceph/mds_client.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.34"
            },
            {
              "lessThan": "2.6.34",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.125",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.70",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.125",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.70",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.7",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: give up on paths longer than PATH_MAX\n\nIf the full path to be built by ceph_mdsc_build_path() happens to be\nlonger than PATH_MAX, then this function will enter an endless (retry)\nloop, effectively blocking the whole task.  Most of the machine\nbecomes unusable, making this a very simple and effective DoS\nvulnerability.\n\nI cannot imagine why this retry was ever implemented, but it seems\nrather useless and harmful to me.  Let\u0027s remove it and fail with\nENAMETOOLONG instead."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:56:54.870Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0f2b2d9e881c90402dbe28f9ba831775b7992e1f"
        },
        {
          "url": "https://git.kernel.org/stable/c/d42ad3f161a5a487f81915c406f46943c7187a0a"
        },
        {
          "url": "https://git.kernel.org/stable/c/e4b168c64da06954be5d520f6c16469b1cadc069"
        },
        {
          "url": "https://git.kernel.org/stable/c/c47ed91156daf328601d02b58d52d9804da54108"
        },
        {
          "url": "https://git.kernel.org/stable/c/99a37ab76a315c8307eb5b0dc095d8ad9d8efeaa"
        },
        {
          "url": "https://git.kernel.org/stable/c/550f7ca98ee028a606aa75705a7e77b1bd11720f"
        }
      ],
      "title": "ceph: give up on paths longer than PATH_MAX",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53685",
    "datePublished": "2025-01-11T12:35:40.252Z",
    "dateReserved": "2025-01-11T12:34:02.558Z",
    "dateUpdated": "2025-11-03T20:48:20.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56600 (GCVE-0-2024-56600)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:51 – Updated: 2025-11-03 20:50

Title

net: inet6: do not leave a dangling sk pointer in inet6_create()

Summary

In the Linux kernel, the following vulnerability has been resolved: net: inet6: do not leave a dangling sk pointer in inet6_create() sock_init_data() attaches the allocated sk pointer to the provided sock object. If inet6_create() fails later, the sk object is released, but the sock object retains the dangling sk pointer, which may cause use-after-free later. Clear the sock sk pointer on error.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f2709d1271cfdf55c…
	https://git.kernel.org/stable/c/35360255ca30776de…
	https://git.kernel.org/stable/c/276a473c956fb55a6…
	https://git.kernel.org/stable/c/79e16a0d339532ea8…
	https://git.kernel.org/stable/c/706b07b7b37f88642…
	https://git.kernel.org/stable/c/f44fceb71d72d29fb…
	https://git.kernel.org/stable/c/9df99c395d0f55fb4…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f2709d1271cfdf55c670ab5c5982139ab627ddc7 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 35360255ca30776dee34d9fa764cffa24d0a5f65 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 276a473c956fb55a6f3affa9ff232e10fffa7b43 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 79e16a0d339532ea832d85798eb036fc4f9e0cea (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 706b07b7b37f886423846cb38919132090bc40da (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f44fceb71d72d29fb00e0ac84cdf9c081b03cd06 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 9df99c395d0f55fb444ef39f4d6f194ca437d884 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56600",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T15:42:30.859070Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T15:45:24.168Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:50:38.144Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/af_inet6.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f2709d1271cfdf55c670ab5c5982139ab627ddc7",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "35360255ca30776dee34d9fa764cffa24d0a5f65",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "276a473c956fb55a6f3affa9ff232e10fffa7b43",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "79e16a0d339532ea832d85798eb036fc4f9e0cea",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "706b07b7b37f886423846cb38919132090bc40da",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f44fceb71d72d29fb00e0ac84cdf9c081b03cd06",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "9df99c395d0f55fb444ef39f4d6f194ca437d884",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/af_inet6.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: inet6: do not leave a dangling sk pointer in inet6_create()\n\nsock_init_data() attaches the allocated sk pointer to the provided sock\nobject. If inet6_create() fails later, the sk object is released, but the\nsock object retains the dangling sk pointer, which may cause use-after-free\nlater.\n\nClear the sock sk pointer on error."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:13:41.087Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f2709d1271cfdf55c670ab5c5982139ab627ddc7"
        },
        {
          "url": "https://git.kernel.org/stable/c/35360255ca30776dee34d9fa764cffa24d0a5f65"
        },
        {
          "url": "https://git.kernel.org/stable/c/276a473c956fb55a6f3affa9ff232e10fffa7b43"
        },
        {
          "url": "https://git.kernel.org/stable/c/79e16a0d339532ea832d85798eb036fc4f9e0cea"
        },
        {
          "url": "https://git.kernel.org/stable/c/706b07b7b37f886423846cb38919132090bc40da"
        },
        {
          "url": "https://git.kernel.org/stable/c/f44fceb71d72d29fb00e0ac84cdf9c081b03cd06"
        },
        {
          "url": "https://git.kernel.org/stable/c/9df99c395d0f55fb444ef39f4d6f194ca437d884"
        }
      ],
      "title": "net: inet6: do not leave a dangling sk pointer in inet6_create()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56600",
    "datePublished": "2024-12-27T14:51:06.610Z",
    "dateReserved": "2024-12-27T14:03:06.011Z",
    "dateUpdated": "2025-11-03T20:50:38.144Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-57884 (GCVE-0-2024-57884)

Vulnerability from cvelistv5 – Published: 2025-01-15 13:05 – Updated: 2025-11-03 20:54

Title

mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()

Summary

In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() The task sometimes continues looping in throttle_direct_reclaim() because allow_direct_reclaim(pgdat) keeps returning false. #0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac #1 [ffff80002cb6f900] __schedule at ffff800008abbd1c #2 [ffff80002cb6f990] schedule at ffff800008abc50c #3 [ffff80002cb6f9b0] throttle_direct_reclaim at ffff800008273550 #4 [ffff80002cb6fa20] try_to_free_pages at ffff800008277b68 #5 [ffff80002cb6fae0] __alloc_pages_nodemask at ffff8000082c4660 #6 [ffff80002cb6fc50] alloc_pages_vma at ffff8000082e4a98 #7 [ffff80002cb6fca0] do_anonymous_page at ffff80000829f5a8 #8 [ffff80002cb6fce0] __handle_mm_fault at ffff8000082a5974 #9 [ffff80002cb6fd90] handle_mm_fault at ffff8000082a5bd4 At this point, the pgdat contains the following two zones: NODE: 4 ZONE: 0 ADDR: ffff00817fffe540 NAME: "DMA32" SIZE: 20480 MIN/LOW/HIGH: 11/28/45 VM_STAT: NR_FREE_PAGES: 359 NR_ZONE_INACTIVE_ANON: 18813 NR_ZONE_ACTIVE_ANON: 0 NR_ZONE_INACTIVE_FILE: 50 NR_ZONE_ACTIVE_FILE: 0 NR_ZONE_UNEVICTABLE: 0 NR_ZONE_WRITE_PENDING: 0 NR_MLOCK: 0 NR_BOUNCE: 0 NR_ZSPAGES: 0 NR_FREE_CMA_PAGES: 0 NODE: 4 ZONE: 1 ADDR: ffff00817fffec00 NAME: "Normal" SIZE: 8454144 PRESENT: 98304 MIN/LOW/HIGH: 68/166/264 VM_STAT: NR_FREE_PAGES: 146 NR_ZONE_INACTIVE_ANON: 94668 NR_ZONE_ACTIVE_ANON: 3 NR_ZONE_INACTIVE_FILE: 735 NR_ZONE_ACTIVE_FILE: 78 NR_ZONE_UNEVICTABLE: 0 NR_ZONE_WRITE_PENDING: 0 NR_MLOCK: 0 NR_BOUNCE: 0 NR_ZSPAGES: 0 NR_FREE_CMA_PAGES: 0 In allow_direct_reclaim(), while processing ZONE_DMA32, the sum of inactive/active file-backed pages calculated in zone_reclaimable_pages() based on the result of zone_page_state_snapshot() is zero. Additionally, since this system lacks swap, the calculation of inactive/ active anonymous pages is skipped. crash> p nr_swap_pages nr_swap_pages = $1937 = { counter = 0 } As a result, ZONE_DMA32 is deemed unreclaimable and skipped, moving on to the processing of the next zone, ZONE_NORMAL, despite ZONE_DMA32 having free pages significantly exceeding the high watermark. The problem is that the pgdat->kswapd_failures hasn't been incremented. crash> px ((struct pglist_data *) 0xffff00817fffe540)->kswapd_failures $1935 = 0x0 This is because the node deemed balanced. The node balancing logic in balance_pgdat() evaluates all zones collectively. If one or more zones (e.g., ZONE_DMA32) have enough free pages to meet their watermarks, the entire node is deemed balanced. This causes balance_pgdat() to exit early before incrementing the kswapd_failures, as it considers the overall memory state acceptable, even though some zones (like ZONE_NORMAL) remain under significant pressure. The patch ensures that zone_reclaimable_pages() includes free pages (NR_FREE_PAGES) in its calculation when no other reclaimable pages are available (e.g., file-backed or anonymous pages). This change prevents zones like ZONE_DMA32, which have sufficient free pages, from being mistakenly deemed unreclaimable. By doing so, the patch ensures proper node balancing, avoids masking pressure on other zones like ZONE_NORMAL, and prevents infinite loops in throttle_direct_reclaim() caused by allow_direct_reclaim(pgdat) repeatedly returning false. The kernel hangs due to a task stuck in throttle_direct_reclaim(), caused by a node being incorrectly deemed balanced despite pressure in certain zones, such as ZONE_NORMAL. This issue arises from zone_reclaimable_pages ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/66cd37660ec34ec44…
	https://git.kernel.org/stable/c/d675fefbaec3815b3…
	https://git.kernel.org/stable/c/63eac98d6f0898229…
	https://git.kernel.org/stable/c/bfb70119212980319…
	https://git.kernel.org/stable/c/1ff2302e8aeac7f2e…
	https://git.kernel.org/stable/c/58d0d02dbc67438fc…
	https://git.kernel.org/stable/c/6aaced5abd32e2a57…

Impacted products

Vendor

Product

Version

Linux

Affected: 5a1c84b404a7176b8b36e2a0041b6f0adb3151a3 , < 66cd37660ec34ec444fe42f2277330ae4a36bb19 (git)
Affected: 5a1c84b404a7176b8b36e2a0041b6f0adb3151a3 , < d675fefbaec3815b3ae0af1bebd97f27df3a05c8 (git)
Affected: 5a1c84b404a7176b8b36e2a0041b6f0adb3151a3 , < 63eac98d6f0898229f515cb62fe4e4db2430e99c (git)
Affected: 5a1c84b404a7176b8b36e2a0041b6f0adb3151a3 , < bfb701192129803191c9cd6cdd1f82cd07f8de2c (git)
Affected: 5a1c84b404a7176b8b36e2a0041b6f0adb3151a3 , < 1ff2302e8aeac7f2eedb551d7a89617283b5c6b2 (git)
Affected: 5a1c84b404a7176b8b36e2a0041b6f0adb3151a3 , < 58d0d02dbc67438fc80223fdd7bbc49cf0733284 (git)
Affected: 5a1c84b404a7176b8b36e2a0041b6f0adb3151a3 , < 6aaced5abd32e2a57cd94fd64f824514d0361da8 (git)

Linux

Affected: 4.8
Unaffected: 0 , < 4.8 (semver)
Unaffected: 5.4.289 , ≤ 5.4.* (semver)
Unaffected: 5.10.233 , ≤ 5.10.* (semver)
Unaffected: 5.15.176 , ≤ 5.15.* (semver)
Unaffected: 6.1.124 , ≤ 6.1.* (semver)
Unaffected: 6.6.70 , ≤ 6.6.* (semver)
Unaffected: 6.12.9 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:54:54.121Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/vmscan.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "66cd37660ec34ec444fe42f2277330ae4a36bb19",
              "status": "affected",
              "version": "5a1c84b404a7176b8b36e2a0041b6f0adb3151a3",
              "versionType": "git"
            },
            {
              "lessThan": "d675fefbaec3815b3ae0af1bebd97f27df3a05c8",
              "status": "affected",
              "version": "5a1c84b404a7176b8b36e2a0041b6f0adb3151a3",
              "versionType": "git"
            },
            {
              "lessThan": "63eac98d6f0898229f515cb62fe4e4db2430e99c",
              "status": "affected",
              "version": "5a1c84b404a7176b8b36e2a0041b6f0adb3151a3",
              "versionType": "git"
            },
            {
              "lessThan": "bfb701192129803191c9cd6cdd1f82cd07f8de2c",
              "status": "affected",
              "version": "5a1c84b404a7176b8b36e2a0041b6f0adb3151a3",
              "versionType": "git"
            },
            {
              "lessThan": "1ff2302e8aeac7f2eedb551d7a89617283b5c6b2",
              "status": "affected",
              "version": "5a1c84b404a7176b8b36e2a0041b6f0adb3151a3",
              "versionType": "git"
            },
            {
              "lessThan": "58d0d02dbc67438fc80223fdd7bbc49cf0733284",
              "status": "affected",
              "version": "5a1c84b404a7176b8b36e2a0041b6f0adb3151a3",
              "versionType": "git"
            },
            {
              "lessThan": "6aaced5abd32e2a57cd94fd64f824514d0361da8",
              "status": "affected",
              "version": "5a1c84b404a7176b8b36e2a0041b6f0adb3151a3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "mm/vmscan.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.8"
            },
            {
              "lessThan": "4.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.289",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.233",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.124",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.70",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.289",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.233",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.176",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.124",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.70",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.9",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()\n\nThe task sometimes continues looping in throttle_direct_reclaim() because\nallow_direct_reclaim(pgdat) keeps returning false.  \n\n #0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac\n #1 [ffff80002cb6f900] __schedule at ffff800008abbd1c\n #2 [ffff80002cb6f990] schedule at ffff800008abc50c\n #3 [ffff80002cb6f9b0] throttle_direct_reclaim at ffff800008273550\n #4 [ffff80002cb6fa20] try_to_free_pages at ffff800008277b68\n #5 [ffff80002cb6fae0] __alloc_pages_nodemask at ffff8000082c4660\n #6 [ffff80002cb6fc50] alloc_pages_vma at ffff8000082e4a98\n #7 [ffff80002cb6fca0] do_anonymous_page at ffff80000829f5a8\n #8 [ffff80002cb6fce0] __handle_mm_fault at ffff8000082a5974\n #9 [ffff80002cb6fd90] handle_mm_fault at ffff8000082a5bd4\n\nAt this point, the pgdat contains the following two zones:\n\n        NODE: 4  ZONE: 0  ADDR: ffff00817fffe540  NAME: \"DMA32\"\n          SIZE: 20480  MIN/LOW/HIGH: 11/28/45\n          VM_STAT:\n                NR_FREE_PAGES: 359\n        NR_ZONE_INACTIVE_ANON: 18813\n          NR_ZONE_ACTIVE_ANON: 0\n        NR_ZONE_INACTIVE_FILE: 50\n          NR_ZONE_ACTIVE_FILE: 0\n          NR_ZONE_UNEVICTABLE: 0\n        NR_ZONE_WRITE_PENDING: 0\n                     NR_MLOCK: 0\n                    NR_BOUNCE: 0\n                   NR_ZSPAGES: 0\n            NR_FREE_CMA_PAGES: 0\n\n        NODE: 4  ZONE: 1  ADDR: ffff00817fffec00  NAME: \"Normal\"\n          SIZE: 8454144  PRESENT: 98304  MIN/LOW/HIGH: 68/166/264\n          VM_STAT:\n                NR_FREE_PAGES: 146\n        NR_ZONE_INACTIVE_ANON: 94668\n          NR_ZONE_ACTIVE_ANON: 3\n        NR_ZONE_INACTIVE_FILE: 735\n          NR_ZONE_ACTIVE_FILE: 78\n          NR_ZONE_UNEVICTABLE: 0\n        NR_ZONE_WRITE_PENDING: 0\n                     NR_MLOCK: 0\n                    NR_BOUNCE: 0\n                   NR_ZSPAGES: 0\n            NR_FREE_CMA_PAGES: 0\n\nIn allow_direct_reclaim(), while processing ZONE_DMA32, the sum of\ninactive/active file-backed pages calculated in zone_reclaimable_pages()\nbased on the result of zone_page_state_snapshot() is zero.  \n\nAdditionally, since this system lacks swap, the calculation of inactive/\nactive anonymous pages is skipped.\n\n        crash\u003e p nr_swap_pages\n        nr_swap_pages = $1937 = {\n          counter = 0\n        }\n\nAs a result, ZONE_DMA32 is deemed unreclaimable and skipped, moving on to\nthe processing of the next zone, ZONE_NORMAL, despite ZONE_DMA32 having\nfree pages significantly exceeding the high watermark.\n\nThe problem is that the pgdat-\u003ekswapd_failures hasn\u0027t been incremented.\n\n        crash\u003e px ((struct pglist_data *) 0xffff00817fffe540)-\u003ekswapd_failures\n        $1935 = 0x0\n\nThis is because the node deemed balanced.  The node balancing logic in\nbalance_pgdat() evaluates all zones collectively.  If one or more zones\n(e.g., ZONE_DMA32) have enough free pages to meet their watermarks, the\nentire node is deemed balanced.  This causes balance_pgdat() to exit early\nbefore incrementing the kswapd_failures, as it considers the overall\nmemory state acceptable, even though some zones (like ZONE_NORMAL) remain\nunder significant pressure.\n\n\nThe patch ensures that zone_reclaimable_pages() includes free pages\n(NR_FREE_PAGES) in its calculation when no other reclaimable pages are\navailable (e.g., file-backed or anonymous pages).  This change prevents\nzones like ZONE_DMA32, which have sufficient free pages, from being\nmistakenly deemed unreclaimable.  By doing so, the patch ensures proper\nnode balancing, avoids masking pressure on other zones like ZONE_NORMAL,\nand prevents infinite loops in throttle_direct_reclaim() caused by\nallow_direct_reclaim(pgdat) repeatedly returning false.\n\n\nThe kernel hangs due to a task stuck in throttle_direct_reclaim(), caused\nby a node being incorrectly deemed balanced despite pressure in certain\nzones, such as ZONE_NORMAL.  This issue arises from\nzone_reclaimable_pages\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:05:50.618Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/66cd37660ec34ec444fe42f2277330ae4a36bb19"
        },
        {
          "url": "https://git.kernel.org/stable/c/d675fefbaec3815b3ae0af1bebd97f27df3a05c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/63eac98d6f0898229f515cb62fe4e4db2430e99c"
        },
        {
          "url": "https://git.kernel.org/stable/c/bfb701192129803191c9cd6cdd1f82cd07f8de2c"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ff2302e8aeac7f2eedb551d7a89617283b5c6b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/58d0d02dbc67438fc80223fdd7bbc49cf0733284"
        },
        {
          "url": "https://git.kernel.org/stable/c/6aaced5abd32e2a57cd94fd64f824514d0361da8"
        }
      ],
      "title": "mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57884",
    "datePublished": "2025-01-15T13:05:37.152Z",
    "dateReserved": "2025-01-11T14:45:42.024Z",
    "dateUpdated": "2025-11-03T20:54:54.121Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-57874 (GCVE-0-2024-57874)

Vulnerability from cvelistv5 – Published: 2025-01-11 14:47 – Updated: 2025-11-03 20:54

Title

arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL

Summary

In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL Currently tagged_addr_ctrl_set() doesn't initialize the temporary 'ctrl' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently tagged_addr_ctrl_set() will consume an arbitrary value, potentially leaking up to 64 bits of memory from the kernel stack. The read is limited to a specific slot on the stack, and the issue does not provide a write mechanism. As set_tagged_addr_ctrl() only accepts values where bits [63:4] zero and rejects other values, a partial SETREGSET attempt will randomly succeed or fail depending on the value of the uninitialized value, and the exposure is significantly limited. Fix this by initializing the temporary value before copying the regset from userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG, NT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing value of the tagged address ctrl will be retained. The NT_ARM_TAGGED_ADDR_CTRL regset is only visible in the user_aarch64_view used by a native AArch64 task to manipulate another native AArch64 task. As get_tagged_addr_ctrl() only returns an error value when called for a compat task, tagged_addr_ctrl_get() and tagged_addr_ctrl_set() should never observe an error value from get_tagged_addr_ctrl(). Add a WARN_ON_ONCE() to both to indicate that such an error would be unexpected, and error handlnig is not missing in either case.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

CWE

CWE-908 - Use of Uninitialized Resource

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1152dd13845efde55…
	https://git.kernel.org/stable/c/1c176f5155ee6161f…
	https://git.kernel.org/stable/c/1370cf3eb5495d70e…
	https://git.kernel.org/stable/c/96035c0093db25897…
	https://git.kernel.org/stable/c/abd614bbfcee73247…
	https://git.kernel.org/stable/c/ca62d90085f4af36d…

Impacted products

Vendor

Product

Version

Linux

Affected: 2200aa7154cb7ef76bac93e98326883ba64bfa2e , < 1152dd13845efde5554f80c7e1233bae1d26bd3e (git)
Affected: 2200aa7154cb7ef76bac93e98326883ba64bfa2e , < 1c176f5155ee6161fee6f416b64aa50394d3f220 (git)
Affected: 2200aa7154cb7ef76bac93e98326883ba64bfa2e , < 1370cf3eb5495d70e00547598583a4cd45b40b99 (git)
Affected: 2200aa7154cb7ef76bac93e98326883ba64bfa2e , < 96035c0093db258975b8887676afe59a64c34a72 (git)
Affected: 2200aa7154cb7ef76bac93e98326883ba64bfa2e , < abd614bbfcee73247495bd9472da8f85ac83546e (git)
Affected: 2200aa7154cb7ef76bac93e98326883ba64bfa2e , < ca62d90085f4af36de745883faab9f8a7cbb45d3 (git)

Linux

Affected: 5.10
Unaffected: 0 , < 5.10 (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-57874",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:54:58.776587Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-908",
                "description": "CWE-908 Use of Uninitialized Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:19.943Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:54:48.472Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/arm64/kernel/ptrace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1152dd13845efde5554f80c7e1233bae1d26bd3e",
              "status": "affected",
              "version": "2200aa7154cb7ef76bac93e98326883ba64bfa2e",
              "versionType": "git"
            },
            {
              "lessThan": "1c176f5155ee6161fee6f416b64aa50394d3f220",
              "status": "affected",
              "version": "2200aa7154cb7ef76bac93e98326883ba64bfa2e",
              "versionType": "git"
            },
            {
              "lessThan": "1370cf3eb5495d70e00547598583a4cd45b40b99",
              "status": "affected",
              "version": "2200aa7154cb7ef76bac93e98326883ba64bfa2e",
              "versionType": "git"
            },
            {
              "lessThan": "96035c0093db258975b8887676afe59a64c34a72",
              "status": "affected",
              "version": "2200aa7154cb7ef76bac93e98326883ba64bfa2e",
              "versionType": "git"
            },
            {
              "lessThan": "abd614bbfcee73247495bd9472da8f85ac83546e",
              "status": "affected",
              "version": "2200aa7154cb7ef76bac93e98326883ba64bfa2e",
              "versionType": "git"
            },
            {
              "lessThan": "ca62d90085f4af36de745883faab9f8a7cbb45d3",
              "status": "affected",
              "version": "2200aa7154cb7ef76bac93e98326883ba64bfa2e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/arm64/kernel/ptrace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL\n\nCurrently tagged_addr_ctrl_set() doesn\u0027t initialize the temporary \u0027ctrl\u0027\nvariable, and a SETREGSET call with a length of zero will leave this\nuninitialized. Consequently tagged_addr_ctrl_set() will consume an\narbitrary value, potentially leaking up to 64 bits of memory from the\nkernel stack. The read is limited to a specific slot on the stack, and\nthe issue does not provide a write mechanism.\n\nAs set_tagged_addr_ctrl() only accepts values where bits [63:4] zero and\nrejects other values, a partial SETREGSET attempt will randomly succeed\nor fail depending on the value of the uninitialized value, and the\nexposure is significantly limited.\n\nFix this by initializing the temporary value before copying the regset\nfrom userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG,\nNT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing\nvalue of the tagged address ctrl will be retained.\n\nThe NT_ARM_TAGGED_ADDR_CTRL regset is only visible in the\nuser_aarch64_view used by a native AArch64 task to manipulate another\nnative AArch64 task. As get_tagged_addr_ctrl() only returns an error\nvalue when called for a compat task, tagged_addr_ctrl_get() and\ntagged_addr_ctrl_set() should never observe an error value from\nget_tagged_addr_ctrl(). Add a WARN_ON_ONCE() to both to indicate that\nsuch an error would be unexpected, and error handlnig is not missing in\neither case."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:05:35.803Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1152dd13845efde5554f80c7e1233bae1d26bd3e"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c176f5155ee6161fee6f416b64aa50394d3f220"
        },
        {
          "url": "https://git.kernel.org/stable/c/1370cf3eb5495d70e00547598583a4cd45b40b99"
        },
        {
          "url": "https://git.kernel.org/stable/c/96035c0093db258975b8887676afe59a64c34a72"
        },
        {
          "url": "https://git.kernel.org/stable/c/abd614bbfcee73247495bd9472da8f85ac83546e"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca62d90085f4af36de745883faab9f8a7cbb45d3"
        }
      ],
      "title": "arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57874",
    "datePublished": "2025-01-11T14:47:10.665Z",
    "dateReserved": "2025-01-11T14:45:42.022Z",
    "dateUpdated": "2025-11-03T20:54:48.472Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-50275 (GCVE-0-2024-50275)

Vulnerability from cvelistv5 – Published: 2024-11-19 01:30 – Updated: 2025-11-03 20:44

Title

arm64/sve: Discard stale CPU state when handling SVE traps

Summary

In the Linux kernel, the following vulnerability has been resolved: arm64/sve: Discard stale CPU state when handling SVE traps The logic for handling SVE traps manipulates saved FPSIMD/SVE state incorrectly, and a race with preemption can result in a task having TIF_SVE set and TIF_FOREIGN_FPSTATE clear even though the live CPU state is stale (e.g. with SVE traps enabled). This has been observed to result in warnings from do_sve_acc() where SVE traps are not expected while TIF_SVE is set: | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* SVE access shouldn't have trapped */ Warnings of this form have been reported intermittently, e.g. https://lore.kernel.org/linux-arm-kernel/CA+G9fYtEGe_DhY2Ms7+L7NKsLYUomGsgqpdBj+QwDLeSg=JhGg@mail.gmail.com/ https://lore.kernel.org/linux-arm-kernel/000000000000511e9a060ce5a45c@google.com/ The race can occur when the SVE trap handler is preempted before and after manipulating the saved FPSIMD/SVE state, starting and ending on the same CPU, e.g. | void do_sve_acc(unsigned long esr, struct pt_regs *regs) | { | // Trap on CPU 0 with TIF_SVE clear, SVE traps enabled | // task->fpsimd_cpu is 0. | // per_cpu_ptr(&fpsimd_last_state, 0) is task. | | ... | | // Preempted; migrated from CPU 0 to CPU 1. | // TIF_FOREIGN_FPSTATE is set. | | get_cpu_fpsimd_context(); | | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* SVE access shouldn't have trapped */ | | sve_init_regs() { | if (!test_thread_flag(TIF_FOREIGN_FPSTATE)) { | ... | } else { | fpsimd_to_sve(current); | current->thread.fp_type = FP_STATE_SVE; | } | } | | put_cpu_fpsimd_context(); | | // Preempted; migrated from CPU 1 to CPU 0. | // task->fpsimd_cpu is still 0 | // If per_cpu_ptr(&fpsimd_last_state, 0) is still task then: | // - Stale HW state is reused (with SVE traps enabled) | // - TIF_FOREIGN_FPSTATE is cleared | // - A return to userspace skips HW state restore | } Fix the case where the state is not live and TIF_FOREIGN_FPSTATE is set by calling fpsimd_flush_task_state() to detach from the saved CPU state. This ensures that a subsequent context switch will not reuse the stale CPU state, and will instead set TIF_FOREIGN_FPSTATE, forcing the new state to be reloaded from memory prior to a return to userspace.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/51d3d80a6dc314982…
	https://git.kernel.org/stable/c/de529504b3274d57c…
	https://git.kernel.org/stable/c/51d11ea0250d6ee46…
	https://git.kernel.org/stable/c/fa9ce027b3ce37a2b…
	https://git.kernel.org/stable/c/751ecf6afd6568adc…

Impacted products

Vendor

Product

Version

Linux

Affected: cccb78ce89c45a4414db712be4986edfb92434bd , < 51d3d80a6dc314982a9a0aeb0961085922a1aa15 (git)
Affected: cccb78ce89c45a4414db712be4986edfb92434bd , < de529504b3274d57caf8f66800b714b0d3ee235a (git)
Affected: cccb78ce89c45a4414db712be4986edfb92434bd , < 51d11ea0250d6ee461987403bbfd4b2abb5613a7 (git)
Affected: cccb78ce89c45a4414db712be4986edfb92434bd , < fa9ce027b3ce37a2bb173bf2553b5caa438fd8c9 (git)
Affected: cccb78ce89c45a4414db712be4986edfb92434bd , < 751ecf6afd6568adc98f2a6052315552c0483d18 (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.61 , ≤ 6.6.* (semver)
Unaffected: 6.11.8 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:44:51.635Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/arm64/kernel/fpsimd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "51d3d80a6dc314982a9a0aeb0961085922a1aa15",
              "status": "affected",
              "version": "cccb78ce89c45a4414db712be4986edfb92434bd",
              "versionType": "git"
            },
            {
              "lessThan": "de529504b3274d57caf8f66800b714b0d3ee235a",
              "status": "affected",
              "version": "cccb78ce89c45a4414db712be4986edfb92434bd",
              "versionType": "git"
            },
            {
              "lessThan": "51d11ea0250d6ee461987403bbfd4b2abb5613a7",
              "status": "affected",
              "version": "cccb78ce89c45a4414db712be4986edfb92434bd",
              "versionType": "git"
            },
            {
              "lessThan": "fa9ce027b3ce37a2bb173bf2553b5caa438fd8c9",
              "status": "affected",
              "version": "cccb78ce89c45a4414db712be4986edfb92434bd",
              "versionType": "git"
            },
            {
              "lessThan": "751ecf6afd6568adc98f2a6052315552c0483d18",
              "status": "affected",
              "version": "cccb78ce89c45a4414db712be4986edfb92434bd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/arm64/kernel/fpsimd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.61",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.61",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.8",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/sve: Discard stale CPU state when handling SVE traps\n\nThe logic for handling SVE traps manipulates saved FPSIMD/SVE state\nincorrectly, and a race with preemption can result in a task having\nTIF_SVE set and TIF_FOREIGN_FPSTATE clear even though the live CPU state\nis stale (e.g. with SVE traps enabled). This has been observed to result\nin warnings from do_sve_acc() where SVE traps are not expected while\nTIF_SVE is set:\n\n|         if (test_and_set_thread_flag(TIF_SVE))\n|                 WARN_ON(1); /* SVE access shouldn\u0027t have trapped */\n\nWarnings of this form have been reported intermittently, e.g.\n\n  https://lore.kernel.org/linux-arm-kernel/CA+G9fYtEGe_DhY2Ms7+L7NKsLYUomGsgqpdBj+QwDLeSg=JhGg@mail.gmail.com/\n  https://lore.kernel.org/linux-arm-kernel/000000000000511e9a060ce5a45c@google.com/\n\nThe race can occur when the SVE trap handler is preempted before and\nafter manipulating the saved FPSIMD/SVE state, starting and ending on\nthe same CPU, e.g.\n\n| void do_sve_acc(unsigned long esr, struct pt_regs *regs)\n| {\n|         // Trap on CPU 0 with TIF_SVE clear, SVE traps enabled\n|         // task-\u003efpsimd_cpu is 0.\n|         // per_cpu_ptr(\u0026fpsimd_last_state, 0) is task.\n|\n|         ...\n|\n|         // Preempted; migrated from CPU 0 to CPU 1.\n|         // TIF_FOREIGN_FPSTATE is set.\n|\n|         get_cpu_fpsimd_context();\n|\n|         if (test_and_set_thread_flag(TIF_SVE))\n|                 WARN_ON(1); /* SVE access shouldn\u0027t have trapped */\n|\n|         sve_init_regs() {\n|                 if (!test_thread_flag(TIF_FOREIGN_FPSTATE)) {\n|                         ...\n|                 } else {\n|                         fpsimd_to_sve(current);\n|                         current-\u003ethread.fp_type = FP_STATE_SVE;\n|                 }\n|         }\n|\n|         put_cpu_fpsimd_context();\n|\n|         // Preempted; migrated from CPU 1 to CPU 0.\n|         // task-\u003efpsimd_cpu is still 0\n|         // If per_cpu_ptr(\u0026fpsimd_last_state, 0) is still task then:\n|         // - Stale HW state is reused (with SVE traps enabled)\n|         // - TIF_FOREIGN_FPSTATE is cleared\n|         // - A return to userspace skips HW state restore\n| }\n\nFix the case where the state is not live and TIF_FOREIGN_FPSTATE is set\nby calling fpsimd_flush_task_state() to detach from the saved CPU\nstate. This ensures that a subsequent context switch will not reuse the\nstale CPU state, and will instead set TIF_FOREIGN_FPSTATE, forcing the\nnew state to be reloaded from memory prior to a return to userspace."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:50:31.183Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/51d3d80a6dc314982a9a0aeb0961085922a1aa15"
        },
        {
          "url": "https://git.kernel.org/stable/c/de529504b3274d57caf8f66800b714b0d3ee235a"
        },
        {
          "url": "https://git.kernel.org/stable/c/51d11ea0250d6ee461987403bbfd4b2abb5613a7"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa9ce027b3ce37a2bb173bf2553b5caa438fd8c9"
        },
        {
          "url": "https://git.kernel.org/stable/c/751ecf6afd6568adc98f2a6052315552c0483d18"
        }
      ],
      "title": "arm64/sve: Discard stale CPU state when handling SVE traps",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50275",
    "datePublished": "2024-11-19T01:30:15.293Z",
    "dateReserved": "2024-10-21T19:36:19.983Z",
    "dateUpdated": "2025-11-03T20:44:51.635Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56688 (GCVE-0-2024-56688)

Vulnerability from cvelistv5 – Published: 2024-12-28 09:46 – Updated: 2025-11-03 20:52

Title

sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport

Summary

In the Linux kernel, the following vulnerability has been resolved: sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport Since transport->sock has been set to NULL during reset transport, XPRT_SOCK_UPD_TIMEOUT also needs to be cleared. Otherwise, the xs_tcp_set_socket_timeouts() may be triggered in xs_tcp_send_request() to dereference the transport->sock that has been set to NULL.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/cc91d59d34ff6a6fe…
	https://git.kernel.org/stable/c/86a1f9fa24804cd7f…
	https://git.kernel.org/stable/c/fe6cbf0b2ac3cf4e2…
	https://git.kernel.org/stable/c/87a95ee34a48dfad1…
	https://git.kernel.org/stable/c/3811172e8c98ceebd…
	https://git.kernel.org/stable/c/638a8fa5a7e641f94…
	https://git.kernel.org/stable/c/66d11ca91bf5100ae…
	https://git.kernel.org/stable/c/4db9ad82a6c823094…

Impacted products

Vendor

Product

Version

Linux

Affected: 7196dbb02ea05835b9ee56910ee82cb55422c7f1 , < cc91d59d34ff6a6fee1c0b48612081a451e05e9a (git)
Affected: 7196dbb02ea05835b9ee56910ee82cb55422c7f1 , < 86a1f9fa24804cd7f9d7dd3f24af84fc7f8ec02e (git)
Affected: 7196dbb02ea05835b9ee56910ee82cb55422c7f1 , < fe6cbf0b2ac3cf4e21824a44eaa336564ed5e960 (git)
Affected: 7196dbb02ea05835b9ee56910ee82cb55422c7f1 , < 87a95ee34a48dfad198a2002e4966e1d63d53f2b (git)
Affected: 7196dbb02ea05835b9ee56910ee82cb55422c7f1 , < 3811172e8c98ceebd12fe526ca6cb37a1263c964 (git)
Affected: 7196dbb02ea05835b9ee56910ee82cb55422c7f1 , < 638a8fa5a7e641f9401346c57e236f02379a0c40 (git)
Affected: 7196dbb02ea05835b9ee56910ee82cb55422c7f1 , < 66d11ca91bf5100ae2e6b5efad97e58d8448843a (git)
Affected: 7196dbb02ea05835b9ee56910ee82cb55422c7f1 , < 4db9ad82a6c823094da27de4825af693a3475d51 (git)

Linux

Affected: 4.11
Unaffected: 0 , < 4.11 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56688",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:59:15.259954Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:08.414Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:52:34.192Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sunrpc/xprtsock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cc91d59d34ff6a6fee1c0b48612081a451e05e9a",
              "status": "affected",
              "version": "7196dbb02ea05835b9ee56910ee82cb55422c7f1",
              "versionType": "git"
            },
            {
              "lessThan": "86a1f9fa24804cd7f9d7dd3f24af84fc7f8ec02e",
              "status": "affected",
              "version": "7196dbb02ea05835b9ee56910ee82cb55422c7f1",
              "versionType": "git"
            },
            {
              "lessThan": "fe6cbf0b2ac3cf4e21824a44eaa336564ed5e960",
              "status": "affected",
              "version": "7196dbb02ea05835b9ee56910ee82cb55422c7f1",
              "versionType": "git"
            },
            {
              "lessThan": "87a95ee34a48dfad198a2002e4966e1d63d53f2b",
              "status": "affected",
              "version": "7196dbb02ea05835b9ee56910ee82cb55422c7f1",
              "versionType": "git"
            },
            {
              "lessThan": "3811172e8c98ceebd12fe526ca6cb37a1263c964",
              "status": "affected",
              "version": "7196dbb02ea05835b9ee56910ee82cb55422c7f1",
              "versionType": "git"
            },
            {
              "lessThan": "638a8fa5a7e641f9401346c57e236f02379a0c40",
              "status": "affected",
              "version": "7196dbb02ea05835b9ee56910ee82cb55422c7f1",
              "versionType": "git"
            },
            {
              "lessThan": "66d11ca91bf5100ae2e6b5efad97e58d8448843a",
              "status": "affected",
              "version": "7196dbb02ea05835b9ee56910ee82cb55422c7f1",
              "versionType": "git"
            },
            {
              "lessThan": "4db9ad82a6c823094da27de4825af693a3475d51",
              "status": "affected",
              "version": "7196dbb02ea05835b9ee56910ee82cb55422c7f1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sunrpc/xprtsock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport\n\nSince transport-\u003esock has been set to NULL during reset transport,\nXPRT_SOCK_UPD_TIMEOUT also needs to be cleared. Otherwise, the\nxs_tcp_set_socket_timeouts() may be triggered in xs_tcp_send_request()\nto dereference the transport-\u003esock that has been set to NULL."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:02:22.739Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cc91d59d34ff6a6fee1c0b48612081a451e05e9a"
        },
        {
          "url": "https://git.kernel.org/stable/c/86a1f9fa24804cd7f9d7dd3f24af84fc7f8ec02e"
        },
        {
          "url": "https://git.kernel.org/stable/c/fe6cbf0b2ac3cf4e21824a44eaa336564ed5e960"
        },
        {
          "url": "https://git.kernel.org/stable/c/87a95ee34a48dfad198a2002e4966e1d63d53f2b"
        },
        {
          "url": "https://git.kernel.org/stable/c/3811172e8c98ceebd12fe526ca6cb37a1263c964"
        },
        {
          "url": "https://git.kernel.org/stable/c/638a8fa5a7e641f9401346c57e236f02379a0c40"
        },
        {
          "url": "https://git.kernel.org/stable/c/66d11ca91bf5100ae2e6b5efad97e58d8448843a"
        },
        {
          "url": "https://git.kernel.org/stable/c/4db9ad82a6c823094da27de4825af693a3475d51"
        }
      ],
      "title": "sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56688",
    "datePublished": "2024-12-28T09:46:14.905Z",
    "dateReserved": "2024-12-27T15:00:39.847Z",
    "dateUpdated": "2025-11-03T20:52:34.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56780 (GCVE-0-2024-56780)

Vulnerability from cvelistv5 – Published: 2025-01-08 17:49 – Updated: 2025-11-03 20:54

Title

quota: flush quota_release_work upon quota writeback

Summary

In the Linux kernel, the following vulnerability has been resolved: quota: flush quota_release_work upon quota writeback One of the paths quota writeback is called from is: freeze_super() sync_filesystem() ext4_sync_fs() dquot_writeback_dquots() Since we currently don't always flush the quota_release_work queue in this path, we can end up with the following race: 1. dquot are added to releasing_dquots list during regular operations. 2. FS Freeze starts, however, this does not flush the quota_release_work queue. 3. Freeze completes. 4. Kernel eventually tries to flush the workqueue while FS is frozen which hits a WARN_ON since transaction gets started during frozen state: ext4_journal_check_start+0x28/0x110 [ext4] (unreliable) __ext4_journal_start_sb+0x64/0x1c0 [ext4] ext4_release_dquot+0x90/0x1d0 [ext4] quota_release_workfn+0x43c/0x4d0 Which is the following line: WARN_ON(sb->s_writers.frozen == SB_FREEZE_COMPLETE); Which ultimately results in generic/390 failing due to dmesg noise. This was detected on powerpc machine 15 cores. To avoid this, make sure to flush the workqueue during dquot_writeback_dquots() so we dont have any pending workitems after freeze.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a5abba5e0e586e258…
	https://git.kernel.org/stable/c/6f3821acd7c314314…
	https://git.kernel.org/stable/c/ab6cfcf8ed2c7496f…
	https://git.kernel.org/stable/c/3e6ff207cd5bd924a…
	https://git.kernel.org/stable/c/bcacb52a985f1b6d2…
	https://git.kernel.org/stable/c/8ea87e34792258825…
	https://git.kernel.org/stable/c/ac6f420291b3fee11…

Impacted products

Vendor

Product

Version

Linux

Affected: d40c192e119892799dd4ddf94f5cea6fa93775ef , < a5abba5e0e586e258ded3e798fe5f69c66fec198 (git)
Affected: 86d89987f0998c98f57d641e308b40452a994045 , < 6f3821acd7c3143145999248087de5fb4b48cf26 (git)
Affected: 89602de9a2d7080b7a4029d5c1bf8f78d295ff5f , < ab6cfcf8ed2c7496f55d020b65b1d8cd55d9a2cb (git)
Affected: 3027e200dd58d5b437f16634dbbd355b29ffe0a6 , < 3e6ff207cd5bd924ad94cd1a7c633bcdac0ba1cb (git)
Affected: dabc8b20756601b9e1cc85a81d47d3f98ed4d13a , < bcacb52a985f1b6d280f698a470b873dfe52728a (git)
Affected: dabc8b20756601b9e1cc85a81d47d3f98ed4d13a , < 8ea87e34792258825d290f4dc5216276e91cb224 (git)
Affected: dabc8b20756601b9e1cc85a81d47d3f98ed4d13a , < ac6f420291b3fee1113f21d612fa88b628afab5b (git)
Affected: f3e9a2bbdeb8987508dd6bb2b701dea911d4daec (git)
Affected: 903fc5d8cb48b0d2de7095ef40e39fd32bb27bd0 (git)
Affected: 31bed65eecbc5ce57592cfe31947eaa64e3d678e (git)

Linux

Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.12.4 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56780",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:56:25.354258Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:23.949Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:54:19.790Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/quota/dquot.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a5abba5e0e586e258ded3e798fe5f69c66fec198",
              "status": "affected",
              "version": "d40c192e119892799dd4ddf94f5cea6fa93775ef",
              "versionType": "git"
            },
            {
              "lessThan": "6f3821acd7c3143145999248087de5fb4b48cf26",
              "status": "affected",
              "version": "86d89987f0998c98f57d641e308b40452a994045",
              "versionType": "git"
            },
            {
              "lessThan": "ab6cfcf8ed2c7496f55d020b65b1d8cd55d9a2cb",
              "status": "affected",
              "version": "89602de9a2d7080b7a4029d5c1bf8f78d295ff5f",
              "versionType": "git"
            },
            {
              "lessThan": "3e6ff207cd5bd924ad94cd1a7c633bcdac0ba1cb",
              "status": "affected",
              "version": "3027e200dd58d5b437f16634dbbd355b29ffe0a6",
              "versionType": "git"
            },
            {
              "lessThan": "bcacb52a985f1b6d280f698a470b873dfe52728a",
              "status": "affected",
              "version": "dabc8b20756601b9e1cc85a81d47d3f98ed4d13a",
              "versionType": "git"
            },
            {
              "lessThan": "8ea87e34792258825d290f4dc5216276e91cb224",
              "status": "affected",
              "version": "dabc8b20756601b9e1cc85a81d47d3f98ed4d13a",
              "versionType": "git"
            },
            {
              "lessThan": "ac6f420291b3fee1113f21d612fa88b628afab5b",
              "status": "affected",
              "version": "dabc8b20756601b9e1cc85a81d47d3f98ed4d13a",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "f3e9a2bbdeb8987508dd6bb2b701dea911d4daec",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "903fc5d8cb48b0d2de7095ef40e39fd32bb27bd0",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "31bed65eecbc5ce57592cfe31947eaa64e3d678e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/quota/dquot.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "5.4.257",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "5.10.195",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.15.132",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "6.1.53",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.4",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.295",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.5.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nquota: flush quota_release_work upon quota writeback\n\nOne of the paths quota writeback is called from is:\n\nfreeze_super()\n  sync_filesystem()\n    ext4_sync_fs()\n      dquot_writeback_dquots()\n\nSince we currently don\u0027t always flush the quota_release_work queue in\nthis path, we can end up with the following race:\n\n 1. dquot are added to releasing_dquots list during regular operations.\n 2. FS Freeze starts, however, this does not flush the quota_release_work queue.\n 3. Freeze completes.\n 4. Kernel eventually tries to flush the workqueue while FS is frozen which\n    hits a WARN_ON since transaction gets started during frozen state:\n\n  ext4_journal_check_start+0x28/0x110 [ext4] (unreliable)\n  __ext4_journal_start_sb+0x64/0x1c0 [ext4]\n  ext4_release_dquot+0x90/0x1d0 [ext4]\n  quota_release_workfn+0x43c/0x4d0\n\nWhich is the following line:\n\n  WARN_ON(sb-\u003es_writers.frozen == SB_FREEZE_COMPLETE);\n\nWhich ultimately results in generic/390 failing due to dmesg\nnoise. This was detected on powerpc machine 15 cores.\n\nTo avoid this, make sure to flush the workqueue during\ndquot_writeback_dquots() so we dont have any pending workitems after\nfreeze."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T13:01:23.140Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a5abba5e0e586e258ded3e798fe5f69c66fec198"
        },
        {
          "url": "https://git.kernel.org/stable/c/6f3821acd7c3143145999248087de5fb4b48cf26"
        },
        {
          "url": "https://git.kernel.org/stable/c/ab6cfcf8ed2c7496f55d020b65b1d8cd55d9a2cb"
        },
        {
          "url": "https://git.kernel.org/stable/c/3e6ff207cd5bd924ad94cd1a7c633bcdac0ba1cb"
        },
        {
          "url": "https://git.kernel.org/stable/c/bcacb52a985f1b6d280f698a470b873dfe52728a"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ea87e34792258825d290f4dc5216276e91cb224"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac6f420291b3fee1113f21d612fa88b628afab5b"
        }
      ],
      "title": "quota: flush quota_release_work upon quota writeback",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56780",
    "datePublished": "2025-01-08T17:49:17.889Z",
    "dateReserved": "2024-12-29T11:26:39.768Z",
    "dateUpdated": "2025-11-03T20:54:19.790Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-57901 (GCVE-0-2024-57901)

Vulnerability from cvelistv5 – Published: 2025-01-15 13:05 – Updated: 2025-11-03 20:55

Title

af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK

Summary

In the Linux kernel, the following vulnerability has been resolved: af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK Blamed commit forgot MSG_PEEK case, allowing a crash [1] as found by syzbot. Rework vlan_get_protocol_dgram() to not touch skb at all, so that it can be used from many cpus on the same skb. Add a const qualifier to skb argument. [1] skbuff: skb_under_panic: text:ffffffff8a8ccd05 len:29 put:14 head:ffff88807fc8e400 data:ffff88807fc8e3f4 tail:0x11 end:0x140 dev:<NULL> ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:206 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 5892 Comm: syz-executor883 Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:skb_panic net/core/skbuff.c:206 [inline] RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216 Code: 0b 8d 48 c7 c6 86 d5 25 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 5a 69 79 f7 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 RSP: 0018:ffffc900038d7638 EFLAGS: 00010282 RAX: 0000000000000087 RBX: dffffc0000000000 RCX: 609ffd18ea660600 RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 RBP: ffff88802483c8d0 R08: ffffffff817f0a8c R09: 1ffff9200071ae60 R10: dffffc0000000000 R11: fffff5200071ae61 R12: 0000000000000140 R13: ffff88807fc8e400 R14: ffff88807fc8e3f4 R15: 0000000000000011 FS: 00007fbac5e006c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fbac5e00d58 CR3: 000000001238e000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_push+0xe5/0x100 net/core/skbuff.c:2636 vlan_get_protocol_dgram+0x165/0x290 net/packet/af_packet.c:585 packet_recvmsg+0x948/0x1ef0 net/packet/af_packet.c:3552 sock_recvmsg_nosec net/socket.c:1033 [inline] sock_recvmsg+0x22f/0x280 net/socket.c:1055 ____sys_recvmsg+0x1c6/0x480 net/socket.c:2803 ___sys_recvmsg net/socket.c:2845 [inline] do_recvmmsg+0x426/0xab0 net/socket.c:2940 __sys_recvmmsg net/socket.c:3014 [inline] __do_sys_recvmmsg net/socket.c:3037 [inline] __se_sys_recvmmsg net/socket.c:3030 [inline] __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3030 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/560cbdd26b510626f…
	https://git.kernel.org/stable/c/0d3fa6c3c9ca7aa25…
	https://git.kernel.org/stable/c/de4f8d477c67ec1d7…
	https://git.kernel.org/stable/c/5d336714db324bef8…
	https://git.kernel.org/stable/c/a693b87692b4d7c50…
	https://git.kernel.org/stable/c/cd8488fdc7116f6da…
	https://git.kernel.org/stable/c/f91a5b8089389eb40…

Impacted products

Vendor

Product

Version

Linux

Affected: c77064e76c768fb101ea5ff92dc771142fc9d8fd , < 560cbdd26b510626f3f4f27d34c44dfd3dd3499d (git)
Affected: 83e2dfadcb6258fe3111c8a8ec9cf34465e55e64 , < 0d3fa6c3c9ca7aa255696150f5b759ac4a4974e1 (git)
Affected: d0a1f9aa70f0d8a05b6320e8a3f3b83adab8dac3 , < de4f8d477c67ec1d7c28f3486c3e47d147d90a01 (git)
Affected: 5839f59ff1dd4e35b9e767927931a039484839e1 , < 5d336714db324bef84490c75dcc48b387ef0346e (git)
Affected: 5a041d25b67042cbe06a0fb292ee22fd1147e65c , < a693b87692b4d7c50f4fc08a996678d60534a9da (git)
Affected: 79eecf631c14e7f4057186570ac20e2cfac3802e , < cd8488fdc7116f6da277515647b167859d4f72b1 (git)
Affected: 79eecf631c14e7f4057186570ac20e2cfac3802e , < f91a5b8089389eb408501af2762f168c3aaa7b79 (git)
Affected: 3dfd84aa72fa7329ed4a257c8f40e0c9aff4dc8f (git)
Affected: 66f23a7b5174b5d3e7111fd2d0d5a4f3faaa12e5 (git)

Linux

Affected: 6.11
Unaffected: 0 , < 6.11 (semver)
Unaffected: 5.4.289 , ≤ 5.4.* (semver)
Unaffected: 5.10.233 , ≤ 5.10.* (semver)
Unaffected: 5.15.176 , ≤ 5.15.* (semver)
Unaffected: 6.1.124 , ≤ 6.1.* (semver)
Unaffected: 6.6.70 , ≤ 6.6.* (semver)
Unaffected: 6.12.9 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-57901",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:54:36.657172Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:19.115Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:55:19.106Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/linux/if_vlan.h",
            "net/packet/af_packet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "560cbdd26b510626f3f4f27d34c44dfd3dd3499d",
              "status": "affected",
              "version": "c77064e76c768fb101ea5ff92dc771142fc9d8fd",
              "versionType": "git"
            },
            {
              "lessThan": "0d3fa6c3c9ca7aa255696150f5b759ac4a4974e1",
              "status": "affected",
              "version": "83e2dfadcb6258fe3111c8a8ec9cf34465e55e64",
              "versionType": "git"
            },
            {
              "lessThan": "de4f8d477c67ec1d7c28f3486c3e47d147d90a01",
              "status": "affected",
              "version": "d0a1f9aa70f0d8a05b6320e8a3f3b83adab8dac3",
              "versionType": "git"
            },
            {
              "lessThan": "5d336714db324bef84490c75dcc48b387ef0346e",
              "status": "affected",
              "version": "5839f59ff1dd4e35b9e767927931a039484839e1",
              "versionType": "git"
            },
            {
              "lessThan": "a693b87692b4d7c50f4fc08a996678d60534a9da",
              "status": "affected",
              "version": "5a041d25b67042cbe06a0fb292ee22fd1147e65c",
              "versionType": "git"
            },
            {
              "lessThan": "cd8488fdc7116f6da277515647b167859d4f72b1",
              "status": "affected",
              "version": "79eecf631c14e7f4057186570ac20e2cfac3802e",
              "versionType": "git"
            },
            {
              "lessThan": "f91a5b8089389eb408501af2762f168c3aaa7b79",
              "status": "affected",
              "version": "79eecf631c14e7f4057186570ac20e2cfac3802e",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "3dfd84aa72fa7329ed4a257c8f40e0c9aff4dc8f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "66f23a7b5174b5d3e7111fd2d0d5a4f3faaa12e5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/linux/if_vlan.h",
            "net/packet/af_packet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.11"
            },
            {
              "lessThan": "6.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.289",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.233",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.124",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.70",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.289",
                  "versionStartIncluding": "5.4.282",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.233",
                  "versionStartIncluding": "5.10.224",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.176",
                  "versionStartIncluding": "5.15.165",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.124",
                  "versionStartIncluding": "6.1.103",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.70",
                  "versionStartIncluding": "6.6.44",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.9",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.320",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.10.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK\n\nBlamed commit forgot MSG_PEEK case, allowing a crash [1] as found\nby syzbot.\n\nRework vlan_get_protocol_dgram() to not touch skb at all,\nso that it can be used from many cpus on the same skb.\n\nAdd a const qualifier to skb argument.\n\n[1]\nskbuff: skb_under_panic: text:ffffffff8a8ccd05 len:29 put:14 head:ffff88807fc8e400 data:ffff88807fc8e3f4 tail:0x11 end:0x140 dev:\u003cNULL\u003e\n------------[ cut here ]------------\n kernel BUG at net/core/skbuff.c:206 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 5892 Comm: syz-executor883 Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:skb_panic net/core/skbuff.c:206 [inline]\n RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216\nCode: 0b 8d 48 c7 c6 86 d5 25 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 5a 69 79 f7 48 83 c4 20 90 \u003c0f\u003e 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3\nRSP: 0018:ffffc900038d7638 EFLAGS: 00010282\nRAX: 0000000000000087 RBX: dffffc0000000000 RCX: 609ffd18ea660600\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88802483c8d0 R08: ffffffff817f0a8c R09: 1ffff9200071ae60\nR10: dffffc0000000000 R11: fffff5200071ae61 R12: 0000000000000140\nR13: ffff88807fc8e400 R14: ffff88807fc8e3f4 R15: 0000000000000011\nFS:  00007fbac5e006c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fbac5e00d58 CR3: 000000001238e000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n  skb_push+0xe5/0x100 net/core/skbuff.c:2636\n  vlan_get_protocol_dgram+0x165/0x290 net/packet/af_packet.c:585\n  packet_recvmsg+0x948/0x1ef0 net/packet/af_packet.c:3552\n  sock_recvmsg_nosec net/socket.c:1033 [inline]\n  sock_recvmsg+0x22f/0x280 net/socket.c:1055\n  ____sys_recvmsg+0x1c6/0x480 net/socket.c:2803\n  ___sys_recvmsg net/socket.c:2845 [inline]\n  do_recvmmsg+0x426/0xab0 net/socket.c:2940\n  __sys_recvmmsg net/socket.c:3014 [inline]\n  __do_sys_recvmmsg net/socket.c:3037 [inline]\n  __se_sys_recvmmsg net/socket.c:3030 [inline]\n  __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3030\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T13:01:29.648Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/560cbdd26b510626f3f4f27d34c44dfd3dd3499d"
        },
        {
          "url": "https://git.kernel.org/stable/c/0d3fa6c3c9ca7aa255696150f5b759ac4a4974e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/de4f8d477c67ec1d7c28f3486c3e47d147d90a01"
        },
        {
          "url": "https://git.kernel.org/stable/c/5d336714db324bef84490c75dcc48b387ef0346e"
        },
        {
          "url": "https://git.kernel.org/stable/c/a693b87692b4d7c50f4fc08a996678d60534a9da"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd8488fdc7116f6da277515647b167859d4f72b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/f91a5b8089389eb408501af2762f168c3aaa7b79"
        }
      ],
      "title": "af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57901",
    "datePublished": "2025-01-15T13:05:57.527Z",
    "dateReserved": "2025-01-11T14:45:42.030Z",
    "dateUpdated": "2025-11-03T20:55:19.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56723 (GCVE-0-2024-56723)

Vulnerability from cvelistv5 – Published: 2024-12-29 11:30 – Updated: 2025-11-03 20:53

Title

mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices

Summary

In the Linux kernel, the following vulnerability has been resolved: mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has (inherited) flaws. This was unveiled when platform_get_irq() had started WARN() on IRQ 0 that is supposed to be a Linux IRQ number (also known as vIRQ). Rework the driver to respect IRQ domain when creating each MFD device separately, as the domain is not the same for all of them.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/6ea17c03edc7ed0aa…
	https://git.kernel.org/stable/c/61d590d7076b50b6e…
	https://git.kernel.org/stable/c/bb6642d4b3136359b…
	https://git.kernel.org/stable/c/7ba45b8bc62e64da5…
	https://git.kernel.org/stable/c/d4cc78bd6a25accb7…
	https://git.kernel.org/stable/c/897713c9d24f6ec39…
	https://git.kernel.org/stable/c/b3d45c19bcffb9a9a…
	https://git.kernel.org/stable/c/0350d783ab888cb1c…

Impacted products

Vendor

Product

Version

Linux

Affected: 57129044f5044dcd73c22d91491906104bd331fd , < 6ea17c03edc7ed0aabb1431eb26e2f94849af68a (git)
Affected: 57129044f5044dcd73c22d91491906104bd331fd , < 61d590d7076b50b6ebdea1f3b83bb041c01fc482 (git)
Affected: 57129044f5044dcd73c22d91491906104bd331fd , < bb6642d4b3136359b5b620049f76515876e6127e (git)
Affected: 57129044f5044dcd73c22d91491906104bd331fd , < 7ba45b8bc62e64da524d45532107ae93eb33c93c (git)
Affected: 57129044f5044dcd73c22d91491906104bd331fd , < d4cc78bd6a25accb7ae2ac9fc445d1e1deda4a62 (git)
Affected: 57129044f5044dcd73c22d91491906104bd331fd , < 897713c9d24f6ec394585abfcf259a6e5cad22c8 (git)
Affected: 57129044f5044dcd73c22d91491906104bd331fd , < b3d45c19bcffb9a9a821df759f60be39d88c19f4 (git)
Affected: 57129044f5044dcd73c22d91491906104bd331fd , < 0350d783ab888cb1cb48ced36cc28b372723f1a4 (git)

Linux

Affected: 4.13
Unaffected: 0 , < 4.13 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56723",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:58:10.024129Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:05.655Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:53:16.571Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/mfd/intel_soc_pmic_bxtwc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6ea17c03edc7ed0aabb1431eb26e2f94849af68a",
              "status": "affected",
              "version": "57129044f5044dcd73c22d91491906104bd331fd",
              "versionType": "git"
            },
            {
              "lessThan": "61d590d7076b50b6ebdea1f3b83bb041c01fc482",
              "status": "affected",
              "version": "57129044f5044dcd73c22d91491906104bd331fd",
              "versionType": "git"
            },
            {
              "lessThan": "bb6642d4b3136359b5b620049f76515876e6127e",
              "status": "affected",
              "version": "57129044f5044dcd73c22d91491906104bd331fd",
              "versionType": "git"
            },
            {
              "lessThan": "7ba45b8bc62e64da524d45532107ae93eb33c93c",
              "status": "affected",
              "version": "57129044f5044dcd73c22d91491906104bd331fd",
              "versionType": "git"
            },
            {
              "lessThan": "d4cc78bd6a25accb7ae2ac9fc445d1e1deda4a62",
              "status": "affected",
              "version": "57129044f5044dcd73c22d91491906104bd331fd",
              "versionType": "git"
            },
            {
              "lessThan": "897713c9d24f6ec394585abfcf259a6e5cad22c8",
              "status": "affected",
              "version": "57129044f5044dcd73c22d91491906104bd331fd",
              "versionType": "git"
            },
            {
              "lessThan": "b3d45c19bcffb9a9a821df759f60be39d88c19f4",
              "status": "affected",
              "version": "57129044f5044dcd73c22d91491906104bd331fd",
              "versionType": "git"
            },
            {
              "lessThan": "0350d783ab888cb1cb48ced36cc28b372723f1a4",
              "status": "affected",
              "version": "57129044f5044dcd73c22d91491906104bd331fd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/mfd/intel_soc_pmic_bxtwc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.13"
            },
            {
              "lessThan": "4.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices\n\nWhile design wise the idea of converting the driver to use\nthe hierarchy of the IRQ chips is correct, the implementation\nhas (inherited) flaws. This was unveiled when platform_get_irq()\nhad started WARN() on IRQ 0 that is supposed to be a Linux\nIRQ number (also known as vIRQ).\n\nRework the driver to respect IRQ domain when creating each MFD\ndevice separately, as the domain is not the same for all of them."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:03:23.251Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6ea17c03edc7ed0aabb1431eb26e2f94849af68a"
        },
        {
          "url": "https://git.kernel.org/stable/c/61d590d7076b50b6ebdea1f3b83bb041c01fc482"
        },
        {
          "url": "https://git.kernel.org/stable/c/bb6642d4b3136359b5b620049f76515876e6127e"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ba45b8bc62e64da524d45532107ae93eb33c93c"
        },
        {
          "url": "https://git.kernel.org/stable/c/d4cc78bd6a25accb7ae2ac9fc445d1e1deda4a62"
        },
        {
          "url": "https://git.kernel.org/stable/c/897713c9d24f6ec394585abfcf259a6e5cad22c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/b3d45c19bcffb9a9a821df759f60be39d88c19f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/0350d783ab888cb1cb48ced36cc28b372723f1a4"
        }
      ],
      "title": "mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56723",
    "datePublished": "2024-12-29T11:30:00.812Z",
    "dateReserved": "2024-12-27T15:00:39.858Z",
    "dateUpdated": "2025-11-03T20:53:16.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21680 (GCVE-0-2025-21680)

Vulnerability from cvelistv5 – Published: 2025-01-31 11:25 – Updated: 2025-11-03 20:58

Title

pktgen: Avoid out-of-bounds access in get_imix_entries

Summary

In the Linux kernel, the following vulnerability has been resolved: pktgen: Avoid out-of-bounds access in get_imix_entries Passing a sufficient amount of imix entries leads to invalid access to the pkt_dev->imix_entries array because of the incorrect boundary check. UBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24 index 20 is out of range for type 'imix_pkt [20]' CPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Call Trace: <TASK> dump_stack_lvl lib/dump_stack.c:117 __ubsan_handle_out_of_bounds lib/ubsan.c:429 get_imix_entries net/core/pktgen.c:874 pktgen_if_write net/core/pktgen.c:1063 pde_write fs/proc/inode.c:334 proc_reg_write fs/proc/inode.c:346 vfs_write fs/read_write.c:593 ksys_write fs/read_write.c:644 do_syscall_64 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130 Found by Linux Verification Center (linuxtesting.org) with SVACE. [ fp: allow to fill the array completely; minor changelog cleanup ]

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-129 - Improper Validation of Array Index

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3450092cc2d1c311c…
	https://git.kernel.org/stable/c/e5d24a7074dcd0c7e…
	https://git.kernel.org/stable/c/7cde21f52042aa2e2…
	https://git.kernel.org/stable/c/1a9b65c672ca9dc4b…
	https://git.kernel.org/stable/c/76201b5979768500b…

Impacted products

Vendor

Product

Version

Linux

Affected: 52a62f8603f97e720882c8f5aff2767ac6a11d5f , < 3450092cc2d1c311c5ea92a2486daa2a33520ea5 (git)
Affected: 52a62f8603f97e720882c8f5aff2767ac6a11d5f , < e5d24a7074dcd0c7e76b7e7e4efbbe7418d62486 (git)
Affected: 52a62f8603f97e720882c8f5aff2767ac6a11d5f , < 7cde21f52042aa2e29a654458166b873d2ae66b3 (git)
Affected: 52a62f8603f97e720882c8f5aff2767ac6a11d5f , < 1a9b65c672ca9dc4ba52ca2fd54329db9580ce29 (git)
Affected: 52a62f8603f97e720882c8f5aff2767ac6a11d5f , < 76201b5979768500bca362871db66d77cb4c225e (git)

Linux

Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.127 , ≤ 6.1.* (semver)
Unaffected: 6.6.74 , ≤ 6.6.* (semver)
Unaffected: 6.12.11 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-21680",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:51:54.428740Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-129",
                "description": "CWE-129 Improper Validation of Array Index",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:11.468Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:58:57.266Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/pktgen.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3450092cc2d1c311c5ea92a2486daa2a33520ea5",
              "status": "affected",
              "version": "52a62f8603f97e720882c8f5aff2767ac6a11d5f",
              "versionType": "git"
            },
            {
              "lessThan": "e5d24a7074dcd0c7e76b7e7e4efbbe7418d62486",
              "status": "affected",
              "version": "52a62f8603f97e720882c8f5aff2767ac6a11d5f",
              "versionType": "git"
            },
            {
              "lessThan": "7cde21f52042aa2e29a654458166b873d2ae66b3",
              "status": "affected",
              "version": "52a62f8603f97e720882c8f5aff2767ac6a11d5f",
              "versionType": "git"
            },
            {
              "lessThan": "1a9b65c672ca9dc4ba52ca2fd54329db9580ce29",
              "status": "affected",
              "version": "52a62f8603f97e720882c8f5aff2767ac6a11d5f",
              "versionType": "git"
            },
            {
              "lessThan": "76201b5979768500bca362871db66d77cb4c225e",
              "status": "affected",
              "version": "52a62f8603f97e720882c8f5aff2767ac6a11d5f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/pktgen.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.127",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.74",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.127",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.74",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.11",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: Avoid out-of-bounds access in get_imix_entries\n\nPassing a sufficient amount of imix entries leads to invalid access to the\npkt_dev-\u003eimix_entries array because of the incorrect boundary check.\n\nUBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24\nindex 20 is out of range for type \u0027imix_pkt [20]\u0027\nCPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl lib/dump_stack.c:117\n__ubsan_handle_out_of_bounds lib/ubsan.c:429\nget_imix_entries net/core/pktgen.c:874\npktgen_if_write net/core/pktgen.c:1063\npde_write fs/proc/inode.c:334\nproc_reg_write fs/proc/inode.c:346\nvfs_write fs/read_write.c:593\nksys_write fs/read_write.c:644\ndo_syscall_64 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[ fp: allow to fill the array completely; minor changelog cleanup ]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:18:55.584Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3450092cc2d1c311c5ea92a2486daa2a33520ea5"
        },
        {
          "url": "https://git.kernel.org/stable/c/e5d24a7074dcd0c7e76b7e7e4efbbe7418d62486"
        },
        {
          "url": "https://git.kernel.org/stable/c/7cde21f52042aa2e29a654458166b873d2ae66b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/1a9b65c672ca9dc4ba52ca2fd54329db9580ce29"
        },
        {
          "url": "https://git.kernel.org/stable/c/76201b5979768500bca362871db66d77cb4c225e"
        }
      ],
      "title": "pktgen: Avoid out-of-bounds access in get_imix_entries",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21680",
    "datePublished": "2025-01-31T11:25:40.831Z",
    "dateReserved": "2024-12-29T08:45:45.738Z",
    "dateUpdated": "2025-11-03T20:58:57.266Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-47707 (GCVE-0-2024-47707)

Vulnerability from cvelistv5 – Published: 2024-10-21 11:53 – Updated: 2025-11-03 22:21

Title

ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()

Summary

In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() Blamed commit accidentally removed a check for rt->rt6i_idev being NULL, as spotted by syzbot: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 UID: 0 PID: 10998 Comm: syz-executor Not tainted 6.11.0-rc6-syzkaller-00208-g625403177711 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 RIP: 0010:rt6_uncached_list_flush_dev net/ipv6/route.c:177 [inline] RIP: 0010:rt6_disable_ip+0x33e/0x7e0 net/ipv6/route.c:4914 Code: 41 80 3c 04 00 74 0a e8 90 d0 9b f7 48 8b 7c 24 08 48 8b 07 48 89 44 24 10 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 f7 e8 64 d0 9b f7 48 8b 44 24 18 49 39 06 RSP: 0018:ffffc900047374e0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 1ffff1100fdf8f33 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88807efc78c0 RBP: ffffc900047375d0 R08: 0000000000000003 R09: fffff520008e6e8c R10: dffffc0000000000 R11: fffff520008e6e8c R12: 1ffff1100fdf8f18 R13: ffff88807efc7998 R14: 0000000000000000 R15: ffff88807efc7930 FS: 0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020002a80 CR3: 0000000022f62000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> addrconf_ifdown+0x15d/0x1bd0 net/ipv6/addrconf.c:3856 addrconf_notify+0x3cb/0x1020 notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93 call_netdevice_notifiers_extack net/core/dev.c:2032 [inline] call_netdevice_notifiers net/core/dev.c:2046 [inline] unregister_netdevice_many_notify+0xd81/0x1c40 net/core/dev.c:11352 unregister_netdevice_many net/core/dev.c:11414 [inline] unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11289 unregister_netdevice include/linux/netdevice.h:3129 [inline] __tun_detach+0x6b9/0x1600 drivers/net/tun.c:685 tun_detach drivers/net/tun.c:701 [inline] tun_chr_close+0x108/0x1b0 drivers/net/tun.c:3510 __fput+0x24a/0x8a0 fs/file_table.c:422 task_work_run+0x24f/0x310 kernel/task_work.c:228 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0xa2f/0x27f0 kernel/exit.c:882 do_group_exit+0x207/0x2c0 kernel/exit.c:1031 __do_sys_exit_group kernel/exit.c:1042 [inline] __se_sys_exit_group kernel/exit.c:1040 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1040 x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f1acc77def9 Code: Unable to access opcode bytes at 0x7f1acc77decf. RSP: 002b:00007ffeb26fa738 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1acc77def9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 RBP: 00007f1acc7dd508 R08: 00007ffeb26f84d7 R09: 0000000000000003 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 0000000000000003 R14: 00000000ffffffff R15: 00007ffeb26fa8e0 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:rt6_uncached_list_flush_dev net/ipv6/route.c:177 [inline] RIP: 0010:rt6_disable_ip+0x33e/0x7e0 net/ipv6/route.c:4914 Code: 41 80 3c 04 00 74 0a e8 90 d0 9b f7 48 8b 7c 24 08 48 8b 07 48 89 44 24 10 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 f7 e8 64 d0 9b f7 48 8b 44 24 18 49 39 06 RSP: 0018:ffffc900047374e0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 1ffff1100fdf8f33 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88807efc78c0 R ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a61a174280dad99f2…
	https://git.kernel.org/stable/c/8a8b83016f0680577…
	https://git.kernel.org/stable/c/e43dd28405e6b9935…
	https://git.kernel.org/stable/c/f2bd9635543ca4153…
	https://git.kernel.org/stable/c/0ceb2f2b5c813f932…
	https://git.kernel.org/stable/c/9a0ddc73be37d19df…
	https://git.kernel.org/stable/c/08409e401622e2896…
	https://git.kernel.org/stable/c/04ccecfa959d3b9ae…

Impacted products

Vendor

Product

Version

Linux

Affected: e332bc67cf5e5e5b71a1aec9750d0791aac65183 , < a61a174280dad99f25a7dee920310885daf2552b (git)
Affected: e332bc67cf5e5e5b71a1aec9750d0791aac65183 , < 8a8b83016f06805775db099c8377024b6fa5b975 (git)
Affected: e332bc67cf5e5e5b71a1aec9750d0791aac65183 , < e43dd28405e6b9935279996725ee11e6306547a5 (git)
Affected: e332bc67cf5e5e5b71a1aec9750d0791aac65183 , < f2bd9635543ca41533b870f420872819f8331823 (git)
Affected: e332bc67cf5e5e5b71a1aec9750d0791aac65183 , < 0ceb2f2b5c813f932d6e60d3feec5e7e713da783 (git)
Affected: e332bc67cf5e5e5b71a1aec9750d0791aac65183 , < 9a0ddc73be37d19dff1ba08290af34e707d18e50 (git)
Affected: e332bc67cf5e5e5b71a1aec9750d0791aac65183 , < 08409e401622e2896b4313be9f781bde8a2a6a53 (git)
Affected: e332bc67cf5e5e5b71a1aec9750d0791aac65183 , < 04ccecfa959d3b9ae7348780d8e379c6486176ac (git)
Affected: 58d772c203ee57c45620730198bc2d9ded7a1464 (git)

Linux

Affected: 4.3
Unaffected: 0 , < 4.3 (semver)
Unaffected: 5.4.290 , ≤ 5.4.* (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.113 , ≤ 6.1.* (semver)
Unaffected: 6.6.54 , ≤ 6.6.* (semver)
Unaffected: 6.10.13 , ≤ 6.10.* (semver)
Unaffected: 6.11.2 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47707",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T13:03:46.574363Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T13:04:19.553Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:21:11.822Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/route.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a61a174280dad99f25a7dee920310885daf2552b",
              "status": "affected",
              "version": "e332bc67cf5e5e5b71a1aec9750d0791aac65183",
              "versionType": "git"
            },
            {
              "lessThan": "8a8b83016f06805775db099c8377024b6fa5b975",
              "status": "affected",
              "version": "e332bc67cf5e5e5b71a1aec9750d0791aac65183",
              "versionType": "git"
            },
            {
              "lessThan": "e43dd28405e6b9935279996725ee11e6306547a5",
              "status": "affected",
              "version": "e332bc67cf5e5e5b71a1aec9750d0791aac65183",
              "versionType": "git"
            },
            {
              "lessThan": "f2bd9635543ca41533b870f420872819f8331823",
              "status": "affected",
              "version": "e332bc67cf5e5e5b71a1aec9750d0791aac65183",
              "versionType": "git"
            },
            {
              "lessThan": "0ceb2f2b5c813f932d6e60d3feec5e7e713da783",
              "status": "affected",
              "version": "e332bc67cf5e5e5b71a1aec9750d0791aac65183",
              "versionType": "git"
            },
            {
              "lessThan": "9a0ddc73be37d19dff1ba08290af34e707d18e50",
              "status": "affected",
              "version": "e332bc67cf5e5e5b71a1aec9750d0791aac65183",
              "versionType": "git"
            },
            {
              "lessThan": "08409e401622e2896b4313be9f781bde8a2a6a53",
              "status": "affected",
              "version": "e332bc67cf5e5e5b71a1aec9750d0791aac65183",
              "versionType": "git"
            },
            {
              "lessThan": "04ccecfa959d3b9ae7348780d8e379c6486176ac",
              "status": "affected",
              "version": "e332bc67cf5e5e5b71a1aec9750d0791aac65183",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "58d772c203ee57c45620730198bc2d9ded7a1464",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/route.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.3"
            },
            {
              "lessThan": "4.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.290",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.290",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.54",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.13",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.2",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.2.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()\n\nBlamed commit accidentally removed a check for rt-\u003ert6i_idev being NULL,\nas spotted by syzbot:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 1 UID: 0 PID: 10998 Comm: syz-executor Not tainted 6.11.0-rc6-syzkaller-00208-g625403177711 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\n RIP: 0010:rt6_uncached_list_flush_dev net/ipv6/route.c:177 [inline]\n RIP: 0010:rt6_disable_ip+0x33e/0x7e0 net/ipv6/route.c:4914\nCode: 41 80 3c 04 00 74 0a e8 90 d0 9b f7 48 8b 7c 24 08 48 8b 07 48 89 44 24 10 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df \u003c80\u003e 3c 08 00 74 08 4c 89 f7 e8 64 d0 9b f7 48 8b 44 24 18 49 39 06\nRSP: 0018:ffffc900047374e0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 1ffff1100fdf8f33 RCX: dffffc0000000000\nRDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88807efc78c0\nRBP: ffffc900047375d0 R08: 0000000000000003 R09: fffff520008e6e8c\nR10: dffffc0000000000 R11: fffff520008e6e8c R12: 1ffff1100fdf8f18\nR13: ffff88807efc7998 R14: 0000000000000000 R15: ffff88807efc7930\nFS:  0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020002a80 CR3: 0000000022f62000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n  addrconf_ifdown+0x15d/0x1bd0 net/ipv6/addrconf.c:3856\n addrconf_notify+0x3cb/0x1020\n  notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n  call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]\n  call_netdevice_notifiers net/core/dev.c:2046 [inline]\n  unregister_netdevice_many_notify+0xd81/0x1c40 net/core/dev.c:11352\n  unregister_netdevice_many net/core/dev.c:11414 [inline]\n  unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11289\n  unregister_netdevice include/linux/netdevice.h:3129 [inline]\n  __tun_detach+0x6b9/0x1600 drivers/net/tun.c:685\n  tun_detach drivers/net/tun.c:701 [inline]\n  tun_chr_close+0x108/0x1b0 drivers/net/tun.c:3510\n  __fput+0x24a/0x8a0 fs/file_table.c:422\n  task_work_run+0x24f/0x310 kernel/task_work.c:228\n  exit_task_work include/linux/task_work.h:40 [inline]\n  do_exit+0xa2f/0x27f0 kernel/exit.c:882\n  do_group_exit+0x207/0x2c0 kernel/exit.c:1031\n  __do_sys_exit_group kernel/exit.c:1042 [inline]\n  __se_sys_exit_group kernel/exit.c:1040 [inline]\n  __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1040\n  x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f1acc77def9\nCode: Unable to access opcode bytes at 0x7f1acc77decf.\nRSP: 002b:00007ffeb26fa738 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1acc77def9\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043\nRBP: 00007f1acc7dd508 R08: 00007ffeb26f84d7 R09: 0000000000000003\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001\nR13: 0000000000000003 R14: 00000000ffffffff R15: 00007ffeb26fa8e0\n \u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---\n RIP: 0010:rt6_uncached_list_flush_dev net/ipv6/route.c:177 [inline]\n RIP: 0010:rt6_disable_ip+0x33e/0x7e0 net/ipv6/route.c:4914\nCode: 41 80 3c 04 00 74 0a e8 90 d0 9b f7 48 8b 7c 24 08 48 8b 07 48 89 44 24 10 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df \u003c80\u003e 3c 08 00 74 08 4c 89 f7 e8 64 d0 9b f7 48 8b 44 24 18 49 39 06\nRSP: 0018:ffffc900047374e0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 1ffff1100fdf8f33 RCX: dffffc0000000000\nRDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88807efc78c0\nR\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:58:58.435Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a61a174280dad99f25a7dee920310885daf2552b"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a8b83016f06805775db099c8377024b6fa5b975"
        },
        {
          "url": "https://git.kernel.org/stable/c/e43dd28405e6b9935279996725ee11e6306547a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/f2bd9635543ca41533b870f420872819f8331823"
        },
        {
          "url": "https://git.kernel.org/stable/c/0ceb2f2b5c813f932d6e60d3feec5e7e713da783"
        },
        {
          "url": "https://git.kernel.org/stable/c/9a0ddc73be37d19dff1ba08290af34e707d18e50"
        },
        {
          "url": "https://git.kernel.org/stable/c/08409e401622e2896b4313be9f781bde8a2a6a53"
        },
        {
          "url": "https://git.kernel.org/stable/c/04ccecfa959d3b9ae7348780d8e379c6486176ac"
        }
      ],
      "title": "ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-47707",
    "datePublished": "2024-10-21T11:53:41.417Z",
    "dateReserved": "2024-09-30T16:00:12.946Z",
    "dateUpdated": "2025-11-03T22:21:11.822Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56575 (GCVE-0-2024-56575)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:23 – Updated: 2025-11-03 20:49

Title

media: imx-jpeg: Ensure power suppliers be suspended before detach them

Summary

In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Ensure power suppliers be suspended before detach them The power suppliers are always requested to suspend asynchronously, dev_pm_domain_detach() requires the caller to ensure proper synchronization of this function with power management callbacks. otherwise the detach may led to kernel panic, like below: [ 1457.107934] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000040 [ 1457.116777] Mem abort info: [ 1457.119589] ESR = 0x0000000096000004 [ 1457.123358] EC = 0x25: DABT (current EL), IL = 32 bits [ 1457.128692] SET = 0, FnV = 0 [ 1457.131764] EA = 0, S1PTW = 0 [ 1457.134920] FSC = 0x04: level 0 translation fault [ 1457.139812] Data abort info: [ 1457.142707] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 1457.148196] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 1457.153256] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 1457.158563] user pgtable: 4k pages, 48-bit VAs, pgdp=00000001138b6000 [ 1457.165000] [0000000000000040] pgd=0000000000000000, p4d=0000000000000000 [ 1457.171792] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 1457.178045] Modules linked in: v4l2_jpeg wave6_vpu_ctrl(-) [last unloaded: mxc_jpeg_encdec] [ 1457.186383] CPU: 0 PID: 51938 Comm: kworker/0:3 Not tainted 6.6.36-gd23d64eea511 #66 [ 1457.194112] Hardware name: NXP i.MX95 19X19 board (DT) [ 1457.199236] Workqueue: pm pm_runtime_work [ 1457.203247] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 1457.210188] pc : genpd_runtime_suspend+0x20/0x290 [ 1457.214886] lr : __rpm_callback+0x48/0x1d8 [ 1457.218968] sp : ffff80008250bc50 [ 1457.222270] x29: ffff80008250bc50 x28: 0000000000000000 x27: 0000000000000000 [ 1457.229394] x26: 0000000000000000 x25: 0000000000000008 x24: 00000000000f4240 [ 1457.236518] x23: 0000000000000000 x22: ffff00008590f0e4 x21: 0000000000000008 [ 1457.243642] x20: ffff80008099c434 x19: ffff00008590f000 x18: ffffffffffffffff [ 1457.250766] x17: 5300326563697665 x16: 645f676e696c6f6f x15: 63343a6d726f6674 [ 1457.257890] x14: 0000000000000004 x13: 00000000000003a4 x12: 0000000000000002 [ 1457.265014] x11: 0000000000000000 x10: 0000000000000a60 x9 : ffff80008250bbb0 [ 1457.272138] x8 : ffff000092937200 x7 : ffff0003fdf6af80 x6 : 0000000000000000 [ 1457.279262] x5 : 00000000410fd050 x4 : 0000000000200000 x3 : 0000000000000000 [ 1457.286386] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff00008590f000 [ 1457.293510] Call trace: [ 1457.295946] genpd_runtime_suspend+0x20/0x290 [ 1457.300296] __rpm_callback+0x48/0x1d8 [ 1457.304038] rpm_callback+0x6c/0x78 [ 1457.307515] rpm_suspend+0x10c/0x570 [ 1457.311077] pm_runtime_work+0xc4/0xc8 [ 1457.314813] process_one_work+0x138/0x248 [ 1457.318816] worker_thread+0x320/0x438 [ 1457.322552] kthread+0x110/0x114 [ 1457.325767] ret_from_fork+0x10/0x20

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f3c4e088ec01cae45…
	https://git.kernel.org/stable/c/12914fd765ba4f9d6…
	https://git.kernel.org/stable/c/b7a830bbc25da0f64…
	https://git.kernel.org/stable/c/2f86d104539fab918…
	https://git.kernel.org/stable/c/fd0af4cd35da0eb55…

Impacted products

Vendor

Product

Version

Linux

Affected: 2db16c6ed72ce644d5639b3ed15e5817442db4ba , < f3c4e088ec01cae45931a18ddf7cae0f4d72e1c5 (git)
Affected: 2db16c6ed72ce644d5639b3ed15e5817442db4ba , < 12914fd765ba4f9d6a9a50439e8dd2e9f91423f2 (git)
Affected: 2db16c6ed72ce644d5639b3ed15e5817442db4ba , < b7a830bbc25da0f641e3ef2bac3b1766b2777a8b (git)
Affected: 2db16c6ed72ce644d5639b3ed15e5817442db4ba , < 2f86d104539fab9181ea7b5721f40e7b92a8bf67 (git)
Affected: 2db16c6ed72ce644d5639b3ed15e5817442db4ba , < fd0af4cd35da0eb550ef682b71cda70a4e36f6b9 (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.12.4 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56575",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:01:59.850409Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:15.128Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:49:49.546Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f3c4e088ec01cae45931a18ddf7cae0f4d72e1c5",
              "status": "affected",
              "version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
              "versionType": "git"
            },
            {
              "lessThan": "12914fd765ba4f9d6a9a50439e8dd2e9f91423f2",
              "status": "affected",
              "version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
              "versionType": "git"
            },
            {
              "lessThan": "b7a830bbc25da0f641e3ef2bac3b1766b2777a8b",
              "status": "affected",
              "version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
              "versionType": "git"
            },
            {
              "lessThan": "2f86d104539fab9181ea7b5721f40e7b92a8bf67",
              "status": "affected",
              "version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
              "versionType": "git"
            },
            {
              "lessThan": "fd0af4cd35da0eb550ef682b71cda70a4e36f6b9",
              "status": "affected",
              "version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.4",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Ensure power suppliers be suspended before detach them\n\nThe power suppliers are always requested to suspend asynchronously,\ndev_pm_domain_detach() requires the caller to ensure proper\nsynchronization of this function with power management callbacks.\notherwise the detach may led to kernel panic, like below:\n\n[ 1457.107934] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000040\n[ 1457.116777] Mem abort info:\n[ 1457.119589]   ESR = 0x0000000096000004\n[ 1457.123358]   EC = 0x25: DABT (current EL), IL = 32 bits\n[ 1457.128692]   SET = 0, FnV = 0\n[ 1457.131764]   EA = 0, S1PTW = 0\n[ 1457.134920]   FSC = 0x04: level 0 translation fault\n[ 1457.139812] Data abort info:\n[ 1457.142707]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 1457.148196]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 1457.153256]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 1457.158563] user pgtable: 4k pages, 48-bit VAs, pgdp=00000001138b6000\n[ 1457.165000] [0000000000000040] pgd=0000000000000000, p4d=0000000000000000\n[ 1457.171792] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 1457.178045] Modules linked in: v4l2_jpeg wave6_vpu_ctrl(-) [last unloaded: mxc_jpeg_encdec]\n[ 1457.186383] CPU: 0 PID: 51938 Comm: kworker/0:3 Not tainted 6.6.36-gd23d64eea511 #66\n[ 1457.194112] Hardware name: NXP i.MX95 19X19 board (DT)\n[ 1457.199236] Workqueue: pm pm_runtime_work\n[ 1457.203247] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 1457.210188] pc : genpd_runtime_suspend+0x20/0x290\n[ 1457.214886] lr : __rpm_callback+0x48/0x1d8\n[ 1457.218968] sp : ffff80008250bc50\n[ 1457.222270] x29: ffff80008250bc50 x28: 0000000000000000 x27: 0000000000000000\n[ 1457.229394] x26: 0000000000000000 x25: 0000000000000008 x24: 00000000000f4240\n[ 1457.236518] x23: 0000000000000000 x22: ffff00008590f0e4 x21: 0000000000000008\n[ 1457.243642] x20: ffff80008099c434 x19: ffff00008590f000 x18: ffffffffffffffff\n[ 1457.250766] x17: 5300326563697665 x16: 645f676e696c6f6f x15: 63343a6d726f6674\n[ 1457.257890] x14: 0000000000000004 x13: 00000000000003a4 x12: 0000000000000002\n[ 1457.265014] x11: 0000000000000000 x10: 0000000000000a60 x9 : ffff80008250bbb0\n[ 1457.272138] x8 : ffff000092937200 x7 : ffff0003fdf6af80 x6 : 0000000000000000\n[ 1457.279262] x5 : 00000000410fd050 x4 : 0000000000200000 x3 : 0000000000000000\n[ 1457.286386] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff00008590f000\n[ 1457.293510] Call trace:\n[ 1457.295946]  genpd_runtime_suspend+0x20/0x290\n[ 1457.300296]  __rpm_callback+0x48/0x1d8\n[ 1457.304038]  rpm_callback+0x6c/0x78\n[ 1457.307515]  rpm_suspend+0x10c/0x570\n[ 1457.311077]  pm_runtime_work+0xc4/0xc8\n[ 1457.314813]  process_one_work+0x138/0x248\n[ 1457.318816]  worker_thread+0x320/0x438\n[ 1457.322552]  kthread+0x110/0x114\n[ 1457.325767]  ret_from_fork+0x10/0x20"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:58:43.374Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f3c4e088ec01cae45931a18ddf7cae0f4d72e1c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/12914fd765ba4f9d6a9a50439e8dd2e9f91423f2"
        },
        {
          "url": "https://git.kernel.org/stable/c/b7a830bbc25da0f641e3ef2bac3b1766b2777a8b"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f86d104539fab9181ea7b5721f40e7b92a8bf67"
        },
        {
          "url": "https://git.kernel.org/stable/c/fd0af4cd35da0eb550ef682b71cda70a4e36f6b9"
        }
      ],
      "title": "media: imx-jpeg: Ensure power suppliers be suspended before detach them",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56575",
    "datePublished": "2024-12-27T14:23:17.925Z",
    "dateReserved": "2024-12-27T14:03:05.998Z",
    "dateUpdated": "2025-11-03T20:49:49.546Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-57912 (GCVE-0-2024-57912)

Vulnerability from cvelistv5 – Published: 2025-01-19 11:52 – Updated: 2025-11-03 20:55

Title

iio: pressure: zpa2326: fix information leak in triggered buffer

Summary

In the Linux kernel, the following vulnerability has been resolved: iio: pressure: zpa2326: fix information leak in triggered buffer The 'sample' local struct is used to push data to user space from a triggered buffer, but it has a hole between the temperature and the timestamp (u32 pressure, u16 temperature, GAP, u64 timestamp). This hole is never initialized. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-908 - Use of Uninitialized Resource

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9629ff1a86823269b…
	https://git.kernel.org/stable/c/d25f1fc2736702714…
	https://git.kernel.org/stable/c/64a989aa7475b8e76…
	https://git.kernel.org/stable/c/b7849f62e61242e0e…
	https://git.kernel.org/stable/c/fefb88a4da961a0b9…
	https://git.kernel.org/stable/c/979a0db76ceda8fe1…
	https://git.kernel.org/stable/c/6007d10c5262f6f71…

Impacted products

Vendor

Product

Version

Linux

Affected: 03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1 , < 9629ff1a86823269b12fb1ba9ca4efa945906287 (git)
Affected: 03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1 , < d25f1fc273670271412a52a1efbdaf5dcf274ed8 (git)
Affected: 03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1 , < 64a989aa7475b8e76e69b9ec86819ea293e53bab (git)
Affected: 03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1 , < b7849f62e61242e0e02c776e1109eb81e59c567c (git)
Affected: 03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1 , < fefb88a4da961a0b9c2473cbdcfce1a942fcfa9a (git)
Affected: 03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1 , < 979a0db76ceda8fe1f2f85a116bfe97620ebbadf (git)
Affected: 03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1 , < 6007d10c5262f6f71479627c1216899ea7f09073 (git)

Linux

Affected: 4.9
Unaffected: 0 , < 4.9 (semver)
Unaffected: 5.4.290 , ≤ 5.4.* (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.125 , ≤ 6.1.* (semver)
Unaffected: 6.6.72 , ≤ 6.6.* (semver)
Unaffected: 6.12.10 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-57912",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:53:23.510909Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-908",
                "description": "CWE-908 Use of Uninitialized Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:15.627Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:55:45.380Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/iio/pressure/zpa2326.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9629ff1a86823269b12fb1ba9ca4efa945906287",
              "status": "affected",
              "version": "03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1",
              "versionType": "git"
            },
            {
              "lessThan": "d25f1fc273670271412a52a1efbdaf5dcf274ed8",
              "status": "affected",
              "version": "03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1",
              "versionType": "git"
            },
            {
              "lessThan": "64a989aa7475b8e76e69b9ec86819ea293e53bab",
              "status": "affected",
              "version": "03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1",
              "versionType": "git"
            },
            {
              "lessThan": "b7849f62e61242e0e02c776e1109eb81e59c567c",
              "status": "affected",
              "version": "03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1",
              "versionType": "git"
            },
            {
              "lessThan": "fefb88a4da961a0b9c2473cbdcfce1a942fcfa9a",
              "status": "affected",
              "version": "03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1",
              "versionType": "git"
            },
            {
              "lessThan": "979a0db76ceda8fe1f2f85a116bfe97620ebbadf",
              "status": "affected",
              "version": "03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1",
              "versionType": "git"
            },
            {
              "lessThan": "6007d10c5262f6f71479627c1216899ea7f09073",
              "status": "affected",
              "version": "03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/iio/pressure/zpa2326.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.9"
            },
            {
              "lessThan": "4.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.290",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.125",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.72",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.290",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.125",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.72",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.10",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: pressure: zpa2326: fix information leak in triggered buffer\n\nThe \u0027sample\u0027 local struct is used to push data to user space from a\ntriggered buffer, but it has a hole between the temperature and the\ntimestamp (u32 pressure, u16 temperature, GAP, u64 timestamp).\nThis hole is never initialized.\n\nInitialize the struct to zero before using it to avoid pushing\nuninitialized information to userspace."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:06:30.441Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9629ff1a86823269b12fb1ba9ca4efa945906287"
        },
        {
          "url": "https://git.kernel.org/stable/c/d25f1fc273670271412a52a1efbdaf5dcf274ed8"
        },
        {
          "url": "https://git.kernel.org/stable/c/64a989aa7475b8e76e69b9ec86819ea293e53bab"
        },
        {
          "url": "https://git.kernel.org/stable/c/b7849f62e61242e0e02c776e1109eb81e59c567c"
        },
        {
          "url": "https://git.kernel.org/stable/c/fefb88a4da961a0b9c2473cbdcfce1a942fcfa9a"
        },
        {
          "url": "https://git.kernel.org/stable/c/979a0db76ceda8fe1f2f85a116bfe97620ebbadf"
        },
        {
          "url": "https://git.kernel.org/stable/c/6007d10c5262f6f71479627c1216899ea7f09073"
        }
      ],
      "title": "iio: pressure: zpa2326: fix information leak in triggered buffer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57912",
    "datePublished": "2025-01-19T11:52:34.490Z",
    "dateReserved": "2025-01-19T11:50:08.373Z",
    "dateUpdated": "2025-11-03T20:55:45.380Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53125 (GCVE-0-2024-53125)

Vulnerability from cvelistv5 – Published: 2024-12-04 14:11 – Updated: 2025-11-03 20:46

Title

bpf: sync_linked_regs() must preserve subreg_def

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf: sync_linked_regs() must preserve subreg_def Range propagation must not affect subreg_def marks, otherwise the following example is rewritten by verifier incorrectly when BPF_F_TEST_RND_HI32 flag is set: 0: call bpf_ktime_get_ns call bpf_ktime_get_ns 1: r0 &= 0x7fffffff after verifier r0 &= 0x7fffffff 2: w1 = w0 rewrites w1 = w0 3: if w0 < 10 goto +0 --------------> r11 = 0x2f5674a6 (r) 4: r1 >>= 32 r11 <<= 32 (r) 5: r0 = r1 r1 |= r11 (r) 6: exit; if w0 < 0xa goto pc+0 r1 >>= 32 r0 = r1 exit (or zero extension of w1 at (2) is missing for architectures that require zero extension for upper register half). The following happens w/o this patch: - r0 is marked as not a subreg at (0); - w1 is marked as subreg at (2); - w1 subreg_def is overridden at (3) by copy_register_state(); - w1 is read at (5) but mark_insn_zext() does not mark (2) for zero extension, because w1 subreg_def is not set; - because of BPF_F_TEST_RND_HI32 flag verifier inserts random value for hi32 bits of (2) (marked (r)); - this random value is read at (5).

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/dadf82c1b2608727b…
	https://git.kernel.org/stable/c/b57ac2d92c1f56574…
	https://git.kernel.org/stable/c/60fd3538d2a8fd44c…
	https://git.kernel.org/stable/c/bfe9446ea1d95f6cb…
	https://git.kernel.org/stable/c/e2ef0f317a52e678f…
	https://git.kernel.org/stable/c/e9bd9c498cb0f5843…

Impacted products

Vendor

Product

Version

Linux

Affected: 75748837b7e56919679e02163f45d5818c644d03 , < dadf82c1b2608727bcc306843b540cd7414055a7 (git)
Affected: 75748837b7e56919679e02163f45d5818c644d03 , < b57ac2d92c1f565743f6890a5b9cf317ed856b09 (git)
Affected: 75748837b7e56919679e02163f45d5818c644d03 , < 60fd3538d2a8fd44c41d25088c0ece3e1fd30659 (git)
Affected: 75748837b7e56919679e02163f45d5818c644d03 , < bfe9446ea1d95f6cb7848da19dfd58d2eec6fd84 (git)
Affected: 75748837b7e56919679e02163f45d5818c644d03 , < e2ef0f317a52e678fe8fa84b94d6a15b466d6ff0 (git)
Affected: 75748837b7e56919679e02163f45d5818c644d03 , < e9bd9c498cb0f5843996dbe5cbce7a1836a83c70 (git)

Linux

Affected: 5.10
Unaffected: 0 , < 5.10 (semver)
Unaffected: 5.10.232 , ≤ 5.10.* (semver)
Unaffected: 5.15.175 , ≤ 5.15.* (semver)
Unaffected: 6.1.121 , ≤ 6.1.* (semver)
Unaffected: 6.6.67 , ≤ 6.6.* (semver)
Unaffected: 6.11.6 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:46:07.020Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/verifier.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "dadf82c1b2608727bcc306843b540cd7414055a7",
              "status": "affected",
              "version": "75748837b7e56919679e02163f45d5818c644d03",
              "versionType": "git"
            },
            {
              "lessThan": "b57ac2d92c1f565743f6890a5b9cf317ed856b09",
              "status": "affected",
              "version": "75748837b7e56919679e02163f45d5818c644d03",
              "versionType": "git"
            },
            {
              "lessThan": "60fd3538d2a8fd44c41d25088c0ece3e1fd30659",
              "status": "affected",
              "version": "75748837b7e56919679e02163f45d5818c644d03",
              "versionType": "git"
            },
            {
              "lessThan": "bfe9446ea1d95f6cb7848da19dfd58d2eec6fd84",
              "status": "affected",
              "version": "75748837b7e56919679e02163f45d5818c644d03",
              "versionType": "git"
            },
            {
              "lessThan": "e2ef0f317a52e678fe8fa84b94d6a15b466d6ff0",
              "status": "affected",
              "version": "75748837b7e56919679e02163f45d5818c644d03",
              "versionType": "git"
            },
            {
              "lessThan": "e9bd9c498cb0f5843996dbe5cbce7a1836a83c70",
              "status": "affected",
              "version": "75748837b7e56919679e02163f45d5818c644d03",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/verifier.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.232",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.175",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.121",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.67",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.232",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.175",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.121",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.67",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.6",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: sync_linked_regs() must preserve subreg_def\n\nRange propagation must not affect subreg_def marks, otherwise the\nfollowing example is rewritten by verifier incorrectly when\nBPF_F_TEST_RND_HI32 flag is set:\n\n  0: call bpf_ktime_get_ns                   call bpf_ktime_get_ns\n  1: r0 \u0026= 0x7fffffff       after verifier   r0 \u0026= 0x7fffffff\n  2: w1 = w0                rewrites         w1 = w0\n  3: if w0 \u003c 10 goto +0     --------------\u003e  r11 = 0x2f5674a6     (r)\n  4: r1 \u003e\u003e= 32                               r11 \u003c\u003c= 32           (r)\n  5: r0 = r1                                 r1 |= r11            (r)\n  6: exit;                                   if w0 \u003c 0xa goto pc+0\n                                             r1 \u003e\u003e= 32\n                                             r0 = r1\n                                             exit\n\n(or zero extension of w1 at (2) is missing for architectures that\n require zero extension for upper register half).\n\nThe following happens w/o this patch:\n- r0 is marked as not a subreg at (0);\n- w1 is marked as subreg at (2);\n- w1 subreg_def is overridden at (3) by copy_register_state();\n- w1 is read at (5) but mark_insn_zext() does not mark (2)\n  for zero extension, because w1 subreg_def is not set;\n- because of BPF_F_TEST_RND_HI32 flag verifier inserts random\n  value for hi32 bits of (2) (marked (r));\n- this random value is read at (5)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:53:39.357Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/dadf82c1b2608727bcc306843b540cd7414055a7"
        },
        {
          "url": "https://git.kernel.org/stable/c/b57ac2d92c1f565743f6890a5b9cf317ed856b09"
        },
        {
          "url": "https://git.kernel.org/stable/c/60fd3538d2a8fd44c41d25088c0ece3e1fd30659"
        },
        {
          "url": "https://git.kernel.org/stable/c/bfe9446ea1d95f6cb7848da19dfd58d2eec6fd84"
        },
        {
          "url": "https://git.kernel.org/stable/c/e2ef0f317a52e678fe8fa84b94d6a15b466d6ff0"
        },
        {
          "url": "https://git.kernel.org/stable/c/e9bd9c498cb0f5843996dbe5cbce7a1836a83c70"
        }
      ],
      "title": "bpf: sync_linked_regs() must preserve subreg_def",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53125",
    "datePublished": "2024-12-04T14:11:09.326Z",
    "dateReserved": "2024-11-19T17:17:24.995Z",
    "dateUpdated": "2025-11-03T20:46:07.020Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53148 (GCVE-0-2024-53148)

Vulnerability from cvelistv5 – Published: 2024-12-24 11:28 – Updated: 2025-11-03 20:46

Title

comedi: Flush partial mappings in error case

Summary

In the Linux kernel, the following vulnerability has been resolved: comedi: Flush partial mappings in error case If some remap_pfn_range() calls succeeded before one failed, we still have buffer pages mapped into the userspace page tables when we drop the buffer reference with comedi_buf_map_put(bm). The userspace mappings are only cleaned up later in the mmap error path. Fix it by explicitly flushing all mappings in our VMA on the error path. See commit 79a61cc3fc04 ("mm: avoid leaving partial pfn mappings around in error case").

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/57f048c2d205b85e3…
	https://git.kernel.org/stable/c/b9322408d83accc8b…
	https://git.kernel.org/stable/c/8797b7712de704dc2…
	https://git.kernel.org/stable/c/16c507df509113c03…
	https://git.kernel.org/stable/c/9b07fb464eb69a752…
	https://git.kernel.org/stable/c/c6963a06ce5c61d32…
	https://git.kernel.org/stable/c/297f14fbb81895f4c…
	https://git.kernel.org/stable/c/ce8f9fb651fac95dd…

Impacted products

Vendor

Product

Version

Linux

Affected: ed9eccbe8970f6eedc1b978c157caf1251a896d4 , < 57f048c2d205b85e34282a9b0b0ae177e84c2f44 (git)
Affected: ed9eccbe8970f6eedc1b978c157caf1251a896d4 , < b9322408d83accc8b96322bc7356593206288c56 (git)
Affected: ed9eccbe8970f6eedc1b978c157caf1251a896d4 , < 8797b7712de704dc231f9e821d8eb3b9aeb3a032 (git)
Affected: ed9eccbe8970f6eedc1b978c157caf1251a896d4 , < 16c507df509113c037cdc0ba642b9ab3389bd26c (git)
Affected: ed9eccbe8970f6eedc1b978c157caf1251a896d4 , < 9b07fb464eb69a752406e78e62ab3a60bfa7b00d (git)
Affected: ed9eccbe8970f6eedc1b978c157caf1251a896d4 , < c6963a06ce5c61d3238751ada04ee1569663a828 (git)
Affected: ed9eccbe8970f6eedc1b978c157caf1251a896d4 , < 297f14fbb81895f4ccdb0ad25d196786d6461e00 (git)
Affected: ed9eccbe8970f6eedc1b978c157caf1251a896d4 , < ce8f9fb651fac95dd41f69afe54d935420b945bd (git)

Linux

Affected: 2.6.29
Unaffected: 0 , < 2.6.29 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:46:32.627Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/comedi/comedi_fops.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "57f048c2d205b85e34282a9b0b0ae177e84c2f44",
              "status": "affected",
              "version": "ed9eccbe8970f6eedc1b978c157caf1251a896d4",
              "versionType": "git"
            },
            {
              "lessThan": "b9322408d83accc8b96322bc7356593206288c56",
              "status": "affected",
              "version": "ed9eccbe8970f6eedc1b978c157caf1251a896d4",
              "versionType": "git"
            },
            {
              "lessThan": "8797b7712de704dc231f9e821d8eb3b9aeb3a032",
              "status": "affected",
              "version": "ed9eccbe8970f6eedc1b978c157caf1251a896d4",
              "versionType": "git"
            },
            {
              "lessThan": "16c507df509113c037cdc0ba642b9ab3389bd26c",
              "status": "affected",
              "version": "ed9eccbe8970f6eedc1b978c157caf1251a896d4",
              "versionType": "git"
            },
            {
              "lessThan": "9b07fb464eb69a752406e78e62ab3a60bfa7b00d",
              "status": "affected",
              "version": "ed9eccbe8970f6eedc1b978c157caf1251a896d4",
              "versionType": "git"
            },
            {
              "lessThan": "c6963a06ce5c61d3238751ada04ee1569663a828",
              "status": "affected",
              "version": "ed9eccbe8970f6eedc1b978c157caf1251a896d4",
              "versionType": "git"
            },
            {
              "lessThan": "297f14fbb81895f4ccdb0ad25d196786d6461e00",
              "status": "affected",
              "version": "ed9eccbe8970f6eedc1b978c157caf1251a896d4",
              "versionType": "git"
            },
            {
              "lessThan": "ce8f9fb651fac95dd41f69afe54d935420b945bd",
              "status": "affected",
              "version": "ed9eccbe8970f6eedc1b978c157caf1251a896d4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/comedi/comedi_fops.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.29"
            },
            {
              "lessThan": "2.6.29",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Flush partial mappings in error case\n\nIf some remap_pfn_range() calls succeeded before one failed, we still have\nbuffer pages mapped into the userspace page tables when we drop the buffer\nreference with comedi_buf_map_put(bm). The userspace mappings are only\ncleaned up later in the mmap error path.\n\nFix it by explicitly flushing all mappings in our VMA on the error path.\n\nSee commit 79a61cc3fc04 (\"mm: avoid leaving partial pfn mappings around in\nerror case\")."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:54:15.609Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/57f048c2d205b85e34282a9b0b0ae177e84c2f44"
        },
        {
          "url": "https://git.kernel.org/stable/c/b9322408d83accc8b96322bc7356593206288c56"
        },
        {
          "url": "https://git.kernel.org/stable/c/8797b7712de704dc231f9e821d8eb3b9aeb3a032"
        },
        {
          "url": "https://git.kernel.org/stable/c/16c507df509113c037cdc0ba642b9ab3389bd26c"
        },
        {
          "url": "https://git.kernel.org/stable/c/9b07fb464eb69a752406e78e62ab3a60bfa7b00d"
        },
        {
          "url": "https://git.kernel.org/stable/c/c6963a06ce5c61d3238751ada04ee1569663a828"
        },
        {
          "url": "https://git.kernel.org/stable/c/297f14fbb81895f4ccdb0ad25d196786d6461e00"
        },
        {
          "url": "https://git.kernel.org/stable/c/ce8f9fb651fac95dd41f69afe54d935420b945bd"
        }
      ],
      "title": "comedi: Flush partial mappings in error case",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53148",
    "datePublished": "2024-12-24T11:28:48.619Z",
    "dateReserved": "2024-11-19T17:17:24.998Z",
    "dateUpdated": "2025-11-03T20:46:32.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47320 (GCVE-0-2021-47320)

Vulnerability from cvelistv5 – Published: 2024-05-21 14:35 – Updated: 2025-05-04 07:08

Title

nfs: fix acl memory leak of posix_acl_create()

Summary

In the Linux kernel, the following vulnerability has been resolved: nfs: fix acl memory leak of posix_acl_create() When looking into another nfs xfstests report, I found acl and default_acl in nfs3_proc_create() and nfs3_proc_mknod() error paths are possibly leaked. Fix them in advance.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/2e3960f276b4574a9…
	https://git.kernel.org/stable/c/cef9d9acb7c80ed6b…
	https://git.kernel.org/stable/c/8a2b308a54c5ec224…
	https://git.kernel.org/stable/c/0704f617040c397ae…
	https://git.kernel.org/stable/c/d0b32dc1409f7e65e…
	https://git.kernel.org/stable/c/4b515308ab875c7e8…
	https://git.kernel.org/stable/c/c8fc86e9df6a6a03f…
	https://git.kernel.org/stable/c/687cf32865b2d6960…
	https://git.kernel.org/stable/c/1fcb6fcd74a222d9e…

Impacted products

Vendor

Product

Version

Linux

Affected: 013cdf1088d7235da9477a2375654921d9b9ba9f , < 2e3960f276b4574a9bb0dfa31a7497302f6363b2 (git)
Affected: 013cdf1088d7235da9477a2375654921d9b9ba9f , < cef9d9acb7c80ed6bace894b6334557fd493863b (git)
Affected: 013cdf1088d7235da9477a2375654921d9b9ba9f , < 8a2b308a54c5ec224fedc753617f99b29ffcd883 (git)
Affected: 013cdf1088d7235da9477a2375654921d9b9ba9f , < 0704f617040c397ae73c1f88f3956787ec5d6529 (git)
Affected: 013cdf1088d7235da9477a2375654921d9b9ba9f , < d0b32dc1409f7e65e4fcc34e236462268e69a357 (git)
Affected: 013cdf1088d7235da9477a2375654921d9b9ba9f , < 4b515308ab875c7e8ada8e606fe0c64762da5ed4 (git)
Affected: 013cdf1088d7235da9477a2375654921d9b9ba9f , < c8fc86e9df6a6a03f5a8e15a3b7a5c75fd05aa38 (git)
Affected: 013cdf1088d7235da9477a2375654921d9b9ba9f , < 687cf32865b2d6960214bce523f2afac58dd3cd2 (git)
Affected: 013cdf1088d7235da9477a2375654921d9b9ba9f , < 1fcb6fcd74a222d9ead54d405842fc763bb86262 (git)

Linux

Affected: 3.14
Unaffected: 0 , < 3.14 (semver)
Unaffected: 4.4.276 , ≤ 4.4.* (semver)
Unaffected: 4.9.276 , ≤ 4.9.* (semver)
Unaffected: 4.14.240 , ≤ 4.14.* (semver)
Unaffected: 4.19.198 , ≤ 4.19.* (semver)
Unaffected: 5.4.134 , ≤ 5.4.* (semver)
Unaffected: 5.10.52 , ≤ 5.10.* (semver)
Unaffected: 5.12.19 , ≤ 5.12.* (semver)
Unaffected: 5.13.4 , ≤ 5.13.* (semver)
Unaffected: 5.14 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47320",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-23T18:03:03.158182Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:13:50.818Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:32:08.358Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2e3960f276b4574a9bb0dfa31a7497302f6363b2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cef9d9acb7c80ed6bace894b6334557fd493863b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8a2b308a54c5ec224fedc753617f99b29ffcd883"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0704f617040c397ae73c1f88f3956787ec5d6529"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d0b32dc1409f7e65e4fcc34e236462268e69a357"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4b515308ab875c7e8ada8e606fe0c64762da5ed4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c8fc86e9df6a6a03f5a8e15a3b7a5c75fd05aa38"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/687cf32865b2d6960214bce523f2afac58dd3cd2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1fcb6fcd74a222d9ead54d405842fc763bb86262"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfs/nfs3proc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2e3960f276b4574a9bb0dfa31a7497302f6363b2",
              "status": "affected",
              "version": "013cdf1088d7235da9477a2375654921d9b9ba9f",
              "versionType": "git"
            },
            {
              "lessThan": "cef9d9acb7c80ed6bace894b6334557fd493863b",
              "status": "affected",
              "version": "013cdf1088d7235da9477a2375654921d9b9ba9f",
              "versionType": "git"
            },
            {
              "lessThan": "8a2b308a54c5ec224fedc753617f99b29ffcd883",
              "status": "affected",
              "version": "013cdf1088d7235da9477a2375654921d9b9ba9f",
              "versionType": "git"
            },
            {
              "lessThan": "0704f617040c397ae73c1f88f3956787ec5d6529",
              "status": "affected",
              "version": "013cdf1088d7235da9477a2375654921d9b9ba9f",
              "versionType": "git"
            },
            {
              "lessThan": "d0b32dc1409f7e65e4fcc34e236462268e69a357",
              "status": "affected",
              "version": "013cdf1088d7235da9477a2375654921d9b9ba9f",
              "versionType": "git"
            },
            {
              "lessThan": "4b515308ab875c7e8ada8e606fe0c64762da5ed4",
              "status": "affected",
              "version": "013cdf1088d7235da9477a2375654921d9b9ba9f",
              "versionType": "git"
            },
            {
              "lessThan": "c8fc86e9df6a6a03f5a8e15a3b7a5c75fd05aa38",
              "status": "affected",
              "version": "013cdf1088d7235da9477a2375654921d9b9ba9f",
              "versionType": "git"
            },
            {
              "lessThan": "687cf32865b2d6960214bce523f2afac58dd3cd2",
              "status": "affected",
              "version": "013cdf1088d7235da9477a2375654921d9b9ba9f",
              "versionType": "git"
            },
            {
              "lessThan": "1fcb6fcd74a222d9ead54d405842fc763bb86262",
              "status": "affected",
              "version": "013cdf1088d7235da9477a2375654921d9b9ba9f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfs/nfs3proc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.14"
            },
            {
              "lessThan": "3.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.*",
              "status": "unaffected",
              "version": "4.4.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.240",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.198",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.134",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.52",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.13.*",
              "status": "unaffected",
              "version": "5.13.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.4.276",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.276",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.240",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.198",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.134",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.52",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.19",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13.4",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.14",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: fix acl memory leak of posix_acl_create()\n\nWhen looking into another nfs xfstests report, I found acl and\ndefault_acl in nfs3_proc_create() and nfs3_proc_mknod() error\npaths are possibly leaked. Fix them in advance."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:08:37.097Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2e3960f276b4574a9bb0dfa31a7497302f6363b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/cef9d9acb7c80ed6bace894b6334557fd493863b"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a2b308a54c5ec224fedc753617f99b29ffcd883"
        },
        {
          "url": "https://git.kernel.org/stable/c/0704f617040c397ae73c1f88f3956787ec5d6529"
        },
        {
          "url": "https://git.kernel.org/stable/c/d0b32dc1409f7e65e4fcc34e236462268e69a357"
        },
        {
          "url": "https://git.kernel.org/stable/c/4b515308ab875c7e8ada8e606fe0c64762da5ed4"
        },
        {
          "url": "https://git.kernel.org/stable/c/c8fc86e9df6a6a03f5a8e15a3b7a5c75fd05aa38"
        },
        {
          "url": "https://git.kernel.org/stable/c/687cf32865b2d6960214bce523f2afac58dd3cd2"
        },
        {
          "url": "https://git.kernel.org/stable/c/1fcb6fcd74a222d9ead54d405842fc763bb86262"
        }
      ],
      "title": "nfs: fix acl memory leak of posix_acl_create()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47320",
    "datePublished": "2024-05-21T14:35:35.205Z",
    "dateReserved": "2024-05-21T14:28:16.974Z",
    "dateUpdated": "2025-05-04T07:08:37.097Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-56631 (GCVE-0-2024-56631)

Vulnerability from cvelistv5 – Published: 2024-12-27 15:02 – Updated: 2025-11-03 20:51

Title

scsi: sg: Fix slab-use-after-free read in sg_release()

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sg_release() Fix a use-after-free bug in sg_release(), detected by syzbot with KASAN: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5838 __mutex_unlock_slowpath+0xe2/0x750 kernel/locking/mutex.c:912 sg_release+0x1f4/0x2e0 drivers/scsi/sg.c:407 In sg_release(), the function kref_put(&sfp->f_ref, sg_remove_sfp) is called before releasing the open_rel_lock mutex. The kref_put() call may decrement the reference count of sfp to zero, triggering its cleanup through sg_remove_sfp(). This cleanup includes scheduling deferred work via sg_remove_sfp_usercontext(), which ultimately frees sfp. After kref_put(), sg_release() continues to unlock open_rel_lock and may reference sfp or sdp. If sfp has already been freed, this results in a slab-use-after-free error. Move the kref_put(&sfp->f_ref, sg_remove_sfp) call after unlocking the open_rel_lock mutex. This ensures: - No references to sfp or sdp occur after the reference count is decremented. - Cleanup functions such as sg_remove_sfp() and sg_remove_sfp_usercontext() can safely execute without impacting the mutex handling in sg_release(). The fix has been tested and validated by syzbot. This patch closes the bug reported at the following syzkaller link and ensures proper sequencing of resource cleanup and mutex operations, eliminating the risk of use-after-free errors in sg_release().

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e19acb1926c4a1f30…
	https://git.kernel.org/stable/c/285ce1f89f8d414e7…
	https://git.kernel.org/stable/c/198b89dd5a595ee3f…
	https://git.kernel.org/stable/c/275b8347e21ab8193…
	https://git.kernel.org/stable/c/59b30afa578637169…
	https://git.kernel.org/stable/c/1f5e2f1ca5875728f…
	https://git.kernel.org/stable/c/f10593ad9bc36921f…

Impacted products

Vendor

Product

Version

Linux

Affected: cc833acbee9db5ca8c6162b015b4c93863c6f821 , < e19acb1926c4a1f30ee1ec84d8afba2d975bd534 (git)
Affected: cc833acbee9db5ca8c6162b015b4c93863c6f821 , < 285ce1f89f8d414e7eecab5ef5118cd512596318 (git)
Affected: cc833acbee9db5ca8c6162b015b4c93863c6f821 , < 198b89dd5a595ee3f96e5ce5c448b0484cd0e53c (git)
Affected: cc833acbee9db5ca8c6162b015b4c93863c6f821 , < 275b8347e21ab8193e93223a8394a806e4ba8918 (git)
Affected: cc833acbee9db5ca8c6162b015b4c93863c6f821 , < 59b30afa578637169e2819536bb66459fdddc39d (git)
Affected: cc833acbee9db5ca8c6162b015b4c93863c6f821 , < 1f5e2f1ca5875728fcf62bc1a054707444ab4960 (git)
Affected: cc833acbee9db5ca8c6162b015b4c93863c6f821 , < f10593ad9bc36921f623361c9e3dd96bd52d85ee (git)
Affected: 3a27c0defb0315760100f8b1adc7c4acbe04c884 (git)

Linux

Affected: 3.17
Unaffected: 0 , < 3.17 (semver)
Unaffected: 5.4.290 , ≤ 5.4.* (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.127 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56631",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T15:41:55.376597Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T15:45:22.241Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:51:27.036Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/sg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e19acb1926c4a1f30ee1ec84d8afba2d975bd534",
              "status": "affected",
              "version": "cc833acbee9db5ca8c6162b015b4c93863c6f821",
              "versionType": "git"
            },
            {
              "lessThan": "285ce1f89f8d414e7eecab5ef5118cd512596318",
              "status": "affected",
              "version": "cc833acbee9db5ca8c6162b015b4c93863c6f821",
              "versionType": "git"
            },
            {
              "lessThan": "198b89dd5a595ee3f96e5ce5c448b0484cd0e53c",
              "status": "affected",
              "version": "cc833acbee9db5ca8c6162b015b4c93863c6f821",
              "versionType": "git"
            },
            {
              "lessThan": "275b8347e21ab8193e93223a8394a806e4ba8918",
              "status": "affected",
              "version": "cc833acbee9db5ca8c6162b015b4c93863c6f821",
              "versionType": "git"
            },
            {
              "lessThan": "59b30afa578637169e2819536bb66459fdddc39d",
              "status": "affected",
              "version": "cc833acbee9db5ca8c6162b015b4c93863c6f821",
              "versionType": "git"
            },
            {
              "lessThan": "1f5e2f1ca5875728fcf62bc1a054707444ab4960",
              "status": "affected",
              "version": "cc833acbee9db5ca8c6162b015b4c93863c6f821",
              "versionType": "git"
            },
            {
              "lessThan": "f10593ad9bc36921f623361c9e3dd96bd52d85ee",
              "status": "affected",
              "version": "cc833acbee9db5ca8c6162b015b4c93863c6f821",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "3a27c0defb0315760100f8b1adc7c4acbe04c884",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/sg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.17"
            },
            {
              "lessThan": "3.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.290",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.127",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.290",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.127",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.16.85",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: sg: Fix slab-use-after-free read in sg_release()\n\nFix a use-after-free bug in sg_release(), detected by syzbot with KASAN:\n\nBUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30\nkernel/locking/lockdep.c:5838\n__mutex_unlock_slowpath+0xe2/0x750 kernel/locking/mutex.c:912\nsg_release+0x1f4/0x2e0 drivers/scsi/sg.c:407\n\nIn sg_release(), the function kref_put(\u0026sfp-\u003ef_ref, sg_remove_sfp) is\ncalled before releasing the open_rel_lock mutex. The kref_put() call may\ndecrement the reference count of sfp to zero, triggering its cleanup\nthrough sg_remove_sfp(). This cleanup includes scheduling deferred work\nvia sg_remove_sfp_usercontext(), which ultimately frees sfp.\n\nAfter kref_put(), sg_release() continues to unlock open_rel_lock and may\nreference sfp or sdp. If sfp has already been freed, this results in a\nslab-use-after-free error.\n\nMove the kref_put(\u0026sfp-\u003ef_ref, sg_remove_sfp) call after unlocking the\nopen_rel_lock mutex. This ensures:\n\n - No references to sfp or sdp occur after the reference count is\n   decremented.\n\n - Cleanup functions such as sg_remove_sfp() and\n   sg_remove_sfp_usercontext() can safely execute without impacting the\n   mutex handling in sg_release().\n\nThe fix has been tested and validated by syzbot. This patch closes the\nbug reported at the following syzkaller link and ensures proper\nsequencing of resource cleanup and mutex operations, eliminating the\nrisk of use-after-free errors in sg_release()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T13:00:55.836Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e19acb1926c4a1f30ee1ec84d8afba2d975bd534"
        },
        {
          "url": "https://git.kernel.org/stable/c/285ce1f89f8d414e7eecab5ef5118cd512596318"
        },
        {
          "url": "https://git.kernel.org/stable/c/198b89dd5a595ee3f96e5ce5c448b0484cd0e53c"
        },
        {
          "url": "https://git.kernel.org/stable/c/275b8347e21ab8193e93223a8394a806e4ba8918"
        },
        {
          "url": "https://git.kernel.org/stable/c/59b30afa578637169e2819536bb66459fdddc39d"
        },
        {
          "url": "https://git.kernel.org/stable/c/1f5e2f1ca5875728fcf62bc1a054707444ab4960"
        },
        {
          "url": "https://git.kernel.org/stable/c/f10593ad9bc36921f623361c9e3dd96bd52d85ee"
        }
      ],
      "title": "scsi: sg: Fix slab-use-after-free read in sg_release()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56631",
    "datePublished": "2024-12-27T15:02:29.428Z",
    "dateReserved": "2024-12-27T15:00:39.838Z",
    "dateUpdated": "2025-11-03T20:51:27.036Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-57946 (GCVE-0-2024-57946)

Vulnerability from cvelistv5 – Published: 2025-01-21 12:22 – Updated: 2025-11-03 20:56

Title

virtio-blk: don't keep queue frozen during system suspend

Summary

In the Linux kernel, the following vulnerability has been resolved: virtio-blk: don't keep queue frozen during system suspend Commit 4ce6e2db00de ("virtio-blk: Ensure no requests in virtqueues before deleting vqs.") replaces queue quiesce with queue freeze in virtio-blk's PM callbacks. And the motivation is to drain inflight IOs before suspending. block layer's queue freeze looks very handy, but it is also easy to cause deadlock, such as, any attempt to call into bio_queue_enter() may run into deadlock if the queue is frozen in current context. There are all kinds of ->suspend() called in suspend context, so keeping queue frozen in the whole suspend context isn't one good idea. And Marek reported lockdep warning[1] caused by virtio-blk's freeze queue in virtblk_freeze(). [1] https://lore.kernel.org/linux-block/ca16370e-d646-4eee-b9cc-87277c89c43c@samsung.com/ Given the motivation is to drain in-flight IOs, it can be done by calling freeze & unfreeze, meantime restore to previous behavior by keeping queue quiesced during suspend.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-667 - Improper Locking

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d738f3215bb4f8891…
	https://git.kernel.org/stable/c/9ca428c6397abaa8c…
	https://git.kernel.org/stable/c/6dea8e3de59928974…
	https://git.kernel.org/stable/c/9e323f856cf496312…
	https://git.kernel.org/stable/c/12c0ddd6c551c1e43…
	https://git.kernel.org/stable/c/92d5139b91147ab37…
	https://git.kernel.org/stable/c/7678abee0867e6b7f…

Impacted products

Vendor

Product

Version

Linux

Affected: b7bfaea8f5ecd290864f5ae4c69859b89832b4dc , < d738f3215bb4f88911ff4579780a44960c8e0ca5 (git)
Affected: 5fe446b245ba61ddc924d7db280bcd987c39357a , < 9ca428c6397abaa8c38f5c69133a2299e1efbbf2 (git)
Affected: 2a52590ac52394540351d8289cc2af0b83cf7d31 , < 6dea8e3de59928974bf157dd0499d3958d744ae4 (git)
Affected: db48acce75d73dfe51c43d56893cce067b73cf08 , < 9e323f856cf4963120e0e3892a84ef8bd764a0e4 (git)
Affected: 8946924ff324853df6b7c525a7467d964dfd11c3 , < 12c0ddd6c551c1e438b087f874b4f1223a75f7ea (git)
Affected: 4ce6e2db00de8103a0687fb0f65fd17124a51aaa , < 92d5139b91147ab372a17daf5dc27a5b9278e516 (git)
Affected: 4ce6e2db00de8103a0687fb0f65fd17124a51aaa , < 7678abee0867e6b7fb89aa40f6e9f575f755fb37 (git)
Affected: 2b5128c714d863cd8d259aa9d87bed2d6aa6a5a8 (git)
Affected: c67ed40b1b4a66e3a13b21bdfbd0151639da5240 (git)

Linux

Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 5.4.289 , ≤ 5.4.* (semver)
Unaffected: 5.10.233 , ≤ 5.10.* (semver)
Unaffected: 5.15.176 , ≤ 5.15.* (semver)
Unaffected: 6.1.123 , ≤ 6.1.* (semver)
Unaffected: 6.6.69 , ≤ 6.6.* (semver)
Unaffected: 6.12.8 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-57946",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:52:30.682704Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-667",
                "description": "CWE-667 Improper Locking",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:13.037Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:56:12.738Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/block/virtio_blk.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d738f3215bb4f88911ff4579780a44960c8e0ca5",
              "status": "affected",
              "version": "b7bfaea8f5ecd290864f5ae4c69859b89832b4dc",
              "versionType": "git"
            },
            {
              "lessThan": "9ca428c6397abaa8c38f5c69133a2299e1efbbf2",
              "status": "affected",
              "version": "5fe446b245ba61ddc924d7db280bcd987c39357a",
              "versionType": "git"
            },
            {
              "lessThan": "6dea8e3de59928974bf157dd0499d3958d744ae4",
              "status": "affected",
              "version": "2a52590ac52394540351d8289cc2af0b83cf7d31",
              "versionType": "git"
            },
            {
              "lessThan": "9e323f856cf4963120e0e3892a84ef8bd764a0e4",
              "status": "affected",
              "version": "db48acce75d73dfe51c43d56893cce067b73cf08",
              "versionType": "git"
            },
            {
              "lessThan": "12c0ddd6c551c1e438b087f874b4f1223a75f7ea",
              "status": "affected",
              "version": "8946924ff324853df6b7c525a7467d964dfd11c3",
              "versionType": "git"
            },
            {
              "lessThan": "92d5139b91147ab372a17daf5dc27a5b9278e516",
              "status": "affected",
              "version": "4ce6e2db00de8103a0687fb0f65fd17124a51aaa",
              "versionType": "git"
            },
            {
              "lessThan": "7678abee0867e6b7fb89aa40f6e9f575f755fb37",
              "status": "affected",
              "version": "4ce6e2db00de8103a0687fb0f65fd17124a51aaa",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "2b5128c714d863cd8d259aa9d87bed2d6aa6a5a8",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "c67ed40b1b4a66e3a13b21bdfbd0151639da5240",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/block/virtio_blk.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.289",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.233",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.123",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.69",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.289",
                  "versionStartIncluding": "5.4.270",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.233",
                  "versionStartIncluding": "5.10.211",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.176",
                  "versionStartIncluding": "5.15.150",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.123",
                  "versionStartIncluding": "6.1.80",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.69",
                  "versionStartIncluding": "6.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.8",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.308",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.7.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-blk: don\u0027t keep queue frozen during system suspend\n\nCommit 4ce6e2db00de (\"virtio-blk: Ensure no requests in virtqueues before\ndeleting vqs.\") replaces queue quiesce with queue freeze in virtio-blk\u0027s\nPM callbacks. And the motivation is to drain inflight IOs before suspending.\n\nblock layer\u0027s queue freeze looks very handy, but it is also easy to cause\ndeadlock, such as, any attempt to call into bio_queue_enter() may run into\ndeadlock if the queue is frozen in current context. There are all kinds\nof -\u003esuspend() called in suspend context, so keeping queue frozen in the\nwhole suspend context isn\u0027t one good idea. And Marek reported lockdep\nwarning[1] caused by virtio-blk\u0027s freeze queue in virtblk_freeze().\n\n[1] https://lore.kernel.org/linux-block/ca16370e-d646-4eee-b9cc-87277c89c43c@samsung.com/\n\nGiven the motivation is to drain in-flight IOs, it can be done by calling\nfreeze \u0026 unfreeze, meantime restore to previous behavior by keeping queue\nquiesced during suspend."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-03T12:59:22.528Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d738f3215bb4f88911ff4579780a44960c8e0ca5"
        },
        {
          "url": "https://git.kernel.org/stable/c/9ca428c6397abaa8c38f5c69133a2299e1efbbf2"
        },
        {
          "url": "https://git.kernel.org/stable/c/6dea8e3de59928974bf157dd0499d3958d744ae4"
        },
        {
          "url": "https://git.kernel.org/stable/c/9e323f856cf4963120e0e3892a84ef8bd764a0e4"
        },
        {
          "url": "https://git.kernel.org/stable/c/12c0ddd6c551c1e438b087f874b4f1223a75f7ea"
        },
        {
          "url": "https://git.kernel.org/stable/c/92d5139b91147ab372a17daf5dc27a5b9278e516"
        },
        {
          "url": "https://git.kernel.org/stable/c/7678abee0867e6b7fb89aa40f6e9f575f755fb37"
        }
      ],
      "title": "virtio-blk: don\u0027t keep queue frozen during system suspend",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57946",
    "datePublished": "2025-01-21T12:22:53.324Z",
    "dateReserved": "2025-01-19T11:50:08.380Z",
    "dateUpdated": "2025-11-03T20:56:12.738Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56603 (GCVE-0-2024-56603)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:51 – Updated: 2026-01-05 10:56

Title

net: af_can: do not leave a dangling sk pointer in can_create()

Summary

In the Linux kernel, the following vulnerability has been resolved: net: af_can: do not leave a dangling sk pointer in can_create() On error can_create() frees the allocated sk object, but sock_init_data() has already attached it to the provided sock object. This will leave a dangling sk pointer in the sock object and may cause use-after-free later.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/884ae8bcee749be43…
	https://git.kernel.org/stable/c/ce39b5576785bb3e6…
	https://git.kernel.org/stable/c/1fe625f12d090d69f…
	https://git.kernel.org/stable/c/5947c9ac08f0771ea…
	https://git.kernel.org/stable/c/db207d19adbac9605…
	https://git.kernel.org/stable/c/8df832e6b945e1ba6…
	https://git.kernel.org/stable/c/811a7ca7320c062e1…

Impacted products

Vendor

Product

Version

Linux

Affected: 0d66548a10cbbe0ef256852d63d30603f0f73f9b , < 884ae8bcee749be43a071d6ed2d89058dbd2425c (git)
Affected: 0d66548a10cbbe0ef256852d63d30603f0f73f9b , < ce39b5576785bb3e66591145aad03d66bc3e778d (git)
Affected: 0d66548a10cbbe0ef256852d63d30603f0f73f9b , < 1fe625f12d090d69f3f084990c7e4c1ff94bfe5f (git)
Affected: 0d66548a10cbbe0ef256852d63d30603f0f73f9b , < 5947c9ac08f0771ea8ed64186b0d52e9029cb6c0 (git)
Affected: 0d66548a10cbbe0ef256852d63d30603f0f73f9b , < db207d19adbac96058685f6257720906ad41d215 (git)
Affected: 0d66548a10cbbe0ef256852d63d30603f0f73f9b , < 8df832e6b945e1ba61467d7f1c9305e314ae92fe (git)
Affected: 0d66548a10cbbe0ef256852d63d30603f0f73f9b , < 811a7ca7320c062e15d0f5b171fe6ad8592d1434 (git)

Linux

Affected: 2.6.25
Unaffected: 0 , < 2.6.25 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56603",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T15:42:16.822268Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T15:45:23.668Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:50:46.640Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/can/af_can.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "884ae8bcee749be43a071d6ed2d89058dbd2425c",
              "status": "affected",
              "version": "0d66548a10cbbe0ef256852d63d30603f0f73f9b",
              "versionType": "git"
            },
            {
              "lessThan": "ce39b5576785bb3e66591145aad03d66bc3e778d",
              "status": "affected",
              "version": "0d66548a10cbbe0ef256852d63d30603f0f73f9b",
              "versionType": "git"
            },
            {
              "lessThan": "1fe625f12d090d69f3f084990c7e4c1ff94bfe5f",
              "status": "affected",
              "version": "0d66548a10cbbe0ef256852d63d30603f0f73f9b",
              "versionType": "git"
            },
            {
              "lessThan": "5947c9ac08f0771ea8ed64186b0d52e9029cb6c0",
              "status": "affected",
              "version": "0d66548a10cbbe0ef256852d63d30603f0f73f9b",
              "versionType": "git"
            },
            {
              "lessThan": "db207d19adbac96058685f6257720906ad41d215",
              "status": "affected",
              "version": "0d66548a10cbbe0ef256852d63d30603f0f73f9b",
              "versionType": "git"
            },
            {
              "lessThan": "8df832e6b945e1ba61467d7f1c9305e314ae92fe",
              "status": "affected",
              "version": "0d66548a10cbbe0ef256852d63d30603f0f73f9b",
              "versionType": "git"
            },
            {
              "lessThan": "811a7ca7320c062e15d0f5b171fe6ad8592d1434",
              "status": "affected",
              "version": "0d66548a10cbbe0ef256852d63d30603f0f73f9b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/can/af_can.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.25"
            },
            {
              "lessThan": "2.6.25",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: af_can: do not leave a dangling sk pointer in can_create()\n\nOn error can_create() frees the allocated sk object, but sock_init_data()\nhas already attached it to the provided sock object. This will leave a\ndangling sk pointer in the sock object and may cause use-after-free later."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:56:05.536Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/884ae8bcee749be43a071d6ed2d89058dbd2425c"
        },
        {
          "url": "https://git.kernel.org/stable/c/ce39b5576785bb3e66591145aad03d66bc3e778d"
        },
        {
          "url": "https://git.kernel.org/stable/c/1fe625f12d090d69f3f084990c7e4c1ff94bfe5f"
        },
        {
          "url": "https://git.kernel.org/stable/c/5947c9ac08f0771ea8ed64186b0d52e9029cb6c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/db207d19adbac96058685f6257720906ad41d215"
        },
        {
          "url": "https://git.kernel.org/stable/c/8df832e6b945e1ba61467d7f1c9305e314ae92fe"
        },
        {
          "url": "https://git.kernel.org/stable/c/811a7ca7320c062e15d0f5b171fe6ad8592d1434"
        }
      ],
      "title": "net: af_can: do not leave a dangling sk pointer in can_create()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56603",
    "datePublished": "2024-12-27T14:51:08.923Z",
    "dateReserved": "2024-12-27T14:03:06.012Z",
    "dateUpdated": "2026-01-05T10:56:05.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21664 (GCVE-0-2025-21664)

Vulnerability from cvelistv5 – Published: 2025-01-21 12:18 – Updated: 2025-11-03 20:58

Title

dm thin: make get_first_thin use rcu-safe list first function

Summary

In the Linux kernel, the following vulnerability has been resolved: dm thin: make get_first_thin use rcu-safe list first function The documentation in rculist.h explains the absence of list_empty_rcu() and cautions programmers against relying on a list_empty() -> list_first() sequence in RCU safe code. This is because each of these functions performs its own READ_ONCE() of the list head. This can lead to a situation where the list_empty() sees a valid list entry, but the subsequent list_first() sees a different view of list head state after a modification. In the case of dm-thin, this author had a production box crash from a GP fault in the process_deferred_bios path. This function saw a valid list head in get_first_thin() but when it subsequently dereferenced that and turned it into a thin_c, it got the inside of the struct pool, since the list was now empty and referring to itself. The kernel on which this occurred printed both a warning about a refcount_t being saturated, and a UBSAN error for an out-of-bounds cpuid access in the queued spinlock, prior to the fault itself. When the resulting kdump was examined, it was possible to see another thread patiently waiting in thin_dtr's synchronize_rcu. The thin_dtr call managed to pull the thin_c out of the active thins list (and have it be the last entry in the active_thins list) at just the wrong moment which lead to this crash. Fortunately, the fix here is straight forward. Switch get_first_thin() function to use list_first_or_null_rcu() which performs just a single READ_ONCE() and returns NULL if the list is already empty. This was run against the devicemapper test suite's thin-provisioning suites for delete and suspend and no regressions were observed.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ec037fe8c0d0f6140…
	https://git.kernel.org/stable/c/cd30a3960433ec2db…
	https://git.kernel.org/stable/c/802666a40c71a2354…
	https://git.kernel.org/stable/c/12771050b6d059eea…
	https://git.kernel.org/stable/c/6b305e98de0d225cc…
	https://git.kernel.org/stable/c/cbd0d5ecfa390ac29…
	https://git.kernel.org/stable/c/80f130bfad1dab93b…

Impacted products

Vendor

Product

Version

Linux

Affected: b10ebd34cccae1b431caf1be54919aede2be7cbe , < ec037fe8c0d0f6140e3d8a49c7b29cb5582160b8 (git)
Affected: b10ebd34cccae1b431caf1be54919aede2be7cbe , < cd30a3960433ec2db94b3689752fa3c5df44d649 (git)
Affected: b10ebd34cccae1b431caf1be54919aede2be7cbe , < 802666a40c71a23542c43a3f87e3a2d0f4e8fe45 (git)
Affected: b10ebd34cccae1b431caf1be54919aede2be7cbe , < 12771050b6d059eea096993bf2001da9da9fddff (git)
Affected: b10ebd34cccae1b431caf1be54919aede2be7cbe , < 6b305e98de0d225ccebfb225730a9f560d28ecb0 (git)
Affected: b10ebd34cccae1b431caf1be54919aede2be7cbe , < cbd0d5ecfa390ac29c5380200147d09c381b2ac6 (git)
Affected: b10ebd34cccae1b431caf1be54919aede2be7cbe , < 80f130bfad1dab93b95683fc39b87235682b8f72 (git)

Linux

Affected: 3.15
Unaffected: 0 , < 3.15 (semver)
Unaffected: 5.4.290 , ≤ 5.4.* (semver)
Unaffected: 5.10.234 , ≤ 5.10.* (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.125 , ≤ 6.1.* (semver)
Unaffected: 6.6.72 , ≤ 6.6.* (semver)
Unaffected: 6.12.10 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:58:40.356Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/dm-thin.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ec037fe8c0d0f6140e3d8a49c7b29cb5582160b8",
              "status": "affected",
              "version": "b10ebd34cccae1b431caf1be54919aede2be7cbe",
              "versionType": "git"
            },
            {
              "lessThan": "cd30a3960433ec2db94b3689752fa3c5df44d649",
              "status": "affected",
              "version": "b10ebd34cccae1b431caf1be54919aede2be7cbe",
              "versionType": "git"
            },
            {
              "lessThan": "802666a40c71a23542c43a3f87e3a2d0f4e8fe45",
              "status": "affected",
              "version": "b10ebd34cccae1b431caf1be54919aede2be7cbe",
              "versionType": "git"
            },
            {
              "lessThan": "12771050b6d059eea096993bf2001da9da9fddff",
              "status": "affected",
              "version": "b10ebd34cccae1b431caf1be54919aede2be7cbe",
              "versionType": "git"
            },
            {
              "lessThan": "6b305e98de0d225ccebfb225730a9f560d28ecb0",
              "status": "affected",
              "version": "b10ebd34cccae1b431caf1be54919aede2be7cbe",
              "versionType": "git"
            },
            {
              "lessThan": "cbd0d5ecfa390ac29c5380200147d09c381b2ac6",
              "status": "affected",
              "version": "b10ebd34cccae1b431caf1be54919aede2be7cbe",
              "versionType": "git"
            },
            {
              "lessThan": "80f130bfad1dab93b95683fc39b87235682b8f72",
              "status": "affected",
              "version": "b10ebd34cccae1b431caf1be54919aede2be7cbe",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/dm-thin.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.15"
            },
            {
              "lessThan": "3.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.290",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.234",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.125",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.72",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.290",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.234",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.125",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.72",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.10",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm thin: make get_first_thin use rcu-safe list first function\n\nThe documentation in rculist.h explains the absence of list_empty_rcu()\nand cautions programmers against relying on a list_empty() -\u003e\nlist_first() sequence in RCU safe code.  This is because each of these\nfunctions performs its own READ_ONCE() of the list head.  This can lead\nto a situation where the list_empty() sees a valid list entry, but the\nsubsequent list_first() sees a different view of list head state after a\nmodification.\n\nIn the case of dm-thin, this author had a production box crash from a GP\nfault in the process_deferred_bios path.  This function saw a valid list\nhead in get_first_thin() but when it subsequently dereferenced that and\nturned it into a thin_c, it got the inside of the struct pool, since the\nlist was now empty and referring to itself.  The kernel on which this\noccurred printed both a warning about a refcount_t being saturated, and\na UBSAN error for an out-of-bounds cpuid access in the queued spinlock,\nprior to the fault itself.  When the resulting kdump was examined, it\nwas possible to see another thread patiently waiting in thin_dtr\u0027s\nsynchronize_rcu.\n\nThe thin_dtr call managed to pull the thin_c out of the active thins\nlist (and have it be the last entry in the active_thins list) at just\nthe wrong moment which lead to this crash.\n\nFortunately, the fix here is straight forward.  Switch get_first_thin()\nfunction to use list_first_or_null_rcu() which performs just a single\nREAD_ONCE() and returns NULL if the list is already empty.\n\nThis was run against the devicemapper test suite\u0027s thin-provisioning\nsuites for delete and suspend and no regressions were observed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:18:30.814Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ec037fe8c0d0f6140e3d8a49c7b29cb5582160b8"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd30a3960433ec2db94b3689752fa3c5df44d649"
        },
        {
          "url": "https://git.kernel.org/stable/c/802666a40c71a23542c43a3f87e3a2d0f4e8fe45"
        },
        {
          "url": "https://git.kernel.org/stable/c/12771050b6d059eea096993bf2001da9da9fddff"
        },
        {
          "url": "https://git.kernel.org/stable/c/6b305e98de0d225ccebfb225730a9f560d28ecb0"
        },
        {
          "url": "https://git.kernel.org/stable/c/cbd0d5ecfa390ac29c5380200147d09c381b2ac6"
        },
        {
          "url": "https://git.kernel.org/stable/c/80f130bfad1dab93b95683fc39b87235682b8f72"
        }
      ],
      "title": "dm thin: make get_first_thin use rcu-safe list first function",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21664",
    "datePublished": "2025-01-21T12:18:19.015Z",
    "dateReserved": "2024-12-29T08:45:45.732Z",
    "dateUpdated": "2025-11-03T20:58:40.356Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56614 (GCVE-0-2024-56614)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:51 – Updated: 2025-11-03 20:50

Title

xsk: fix OOB map writes when deleting elements

Summary

In the Linux kernel, the following vulnerability has been resolved: xsk: fix OOB map writes when deleting elements Jordy says: " In the xsk_map_delete_elem function an unsigned integer (map->max_entries) is compared with a user-controlled signed integer (k). Due to implicit type conversion, a large unsigned value for map->max_entries can bypass the intended bounds check: if (k >= map->max_entries) return -EINVAL; This allows k to hold a negative value (between -2147483648 and -2), which is then used as an array index in m->xsk_map[k], which results in an out-of-bounds access. spin_lock_bh(&m->lock); map_entry = &m->xsk_map[k]; // Out-of-bounds map_entry old_xs = unrcu_pointer(xchg(map_entry, NULL)); // Oob write if (old_xs) xsk_map_sock_delete(old_xs, map_entry); spin_unlock_bh(&m->lock); The xchg operation can then be used to cause an out-of-bounds write. Moreover, the invalid map_entry passed to xsk_map_sock_delete can lead to further memory corruption. " It indeed results in following splat: [76612.897343] BUG: unable to handle page fault for address: ffffc8fc2e461108 [76612.904330] #PF: supervisor write access in kernel mode [76612.909639] #PF: error_code(0x0002) - not-present page [76612.914855] PGD 0 P4D 0 [76612.917431] Oops: Oops: 0002 [#1] PREEMPT SMP [76612.921859] CPU: 11 UID: 0 PID: 10318 Comm: a.out Not tainted 6.12.0-rc1+ #470 [76612.929189] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019 [76612.939781] RIP: 0010:xsk_map_delete_elem+0x2d/0x60 [76612.944738] Code: 00 00 41 54 55 53 48 63 2e 3b 6f 24 73 38 4c 8d a7 f8 00 00 00 48 89 fb 4c 89 e7 e8 2d bf 05 00 48 8d b4 eb 00 01 00 00 31 ff <48> 87 3e 48 85 ff 74 05 e8 16 ff ff ff 4c 89 e7 e8 3e bc 05 00 31 [76612.963774] RSP: 0018:ffffc9002e407df8 EFLAGS: 00010246 [76612.969079] RAX: 0000000000000000 RBX: ffffc9002e461000 RCX: 0000000000000000 [76612.976323] RDX: 0000000000000001 RSI: ffffc8fc2e461108 RDI: 0000000000000000 [76612.983569] RBP: ffffffff80000001 R08: 0000000000000000 R09: 0000000000000007 [76612.990812] R10: ffffc9002e407e18 R11: ffff888108a38858 R12: ffffc9002e4610f8 [76612.998060] R13: ffff888108a38858 R14: 00007ffd1ae0ac78 R15: ffffc9002e4610c0 [76613.005303] FS: 00007f80b6f59740(0000) GS:ffff8897e0ec0000(0000) knlGS:0000000000000000 [76613.013517] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [76613.019349] CR2: ffffc8fc2e461108 CR3: 000000011e3ef001 CR4: 00000000007726f0 [76613.026595] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [76613.033841] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [76613.041086] PKRU: 55555554 [76613.043842] Call Trace: [76613.046331] <TASK> [76613.048468] ? __die+0x20/0x60 [76613.051581] ? page_fault_oops+0x15a/0x450 [76613.055747] ? search_extable+0x22/0x30 [76613.059649] ? search_bpf_extables+0x5f/0x80 [76613.063988] ? exc_page_fault+0xa9/0x140 [76613.067975] ? asm_exc_page_fault+0x22/0x30 [76613.072229] ? xsk_map_delete_elem+0x2d/0x60 [76613.076573] ? xsk_map_delete_elem+0x23/0x60 [76613.080914] __sys_bpf+0x19b7/0x23c0 [76613.084555] __x64_sys_bpf+0x1a/0x20 [76613.088194] do_syscall_64+0x37/0xb0 [76613.091832] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [76613.096962] RIP: 0033:0x7f80b6d1e88d [76613.100592] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 b5 0f 00 f7 d8 64 89 01 48 [76613.119631] RSP: 002b:00007ffd1ae0ac68 EFLAGS: 00000206 ORIG_RAX: 0000000000000141 [76613.131330] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f80b6d1e88d [76613.142632] RDX: 0000000000000098 RSI: 00007ffd1ae0ad20 RDI: 0000000000000003 [76613.153967] RBP: 00007ffd1ae0adc0 R08: 0000000000000000 R09: 0000000000000000 [76613.166030] R10: 00007f80b6f77040 R11: 0000000000000206 R12: 00007ffd1ae0aed8 [76613.177130] R13: 000055ddf42ce1e9 R14: 000055ddf42d0d98 R15: 00 ---truncated---

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4d03f705e9d7aabeb…
	https://git.kernel.org/stable/c/ed08c93d5a9801cc8…
	https://git.kernel.org/stable/c/f8abd03f83d5fe81e…
	https://git.kernel.org/stable/c/d486b5741d987d3e0…
	https://git.kernel.org/stable/c/32cd3db7de97c0c7a…

Impacted products

Vendor

Product

Version

Linux

Affected: fbfc504a24f53f7ebe128ab55cb5dba634f4ece8 , < 4d03f705e9d7aabebc6bfa5810f8aab6d176cbb7 (git)
Affected: fbfc504a24f53f7ebe128ab55cb5dba634f4ece8 , < ed08c93d5a9801cc8f224a046411fd603c538d07 (git)
Affected: fbfc504a24f53f7ebe128ab55cb5dba634f4ece8 , < f8abd03f83d5fe81e76eb93e2c4373eb9f75fd8a (git)
Affected: fbfc504a24f53f7ebe128ab55cb5dba634f4ece8 , < d486b5741d987d3e0e6be4ac22cafdf94e6d1a47 (git)
Affected: fbfc504a24f53f7ebe128ab55cb5dba634f4ece8 , < 32cd3db7de97c0c7a018756ce66244342fd583f0 (git)

Linux

Affected: 4.18
Unaffected: 0 , < 4.18 (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56614",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:01:11.995418Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:13.278Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:50:59.536Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/xdp/xskmap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4d03f705e9d7aabebc6bfa5810f8aab6d176cbb7",
              "status": "affected",
              "version": "fbfc504a24f53f7ebe128ab55cb5dba634f4ece8",
              "versionType": "git"
            },
            {
              "lessThan": "ed08c93d5a9801cc8f224a046411fd603c538d07",
              "status": "affected",
              "version": "fbfc504a24f53f7ebe128ab55cb5dba634f4ece8",
              "versionType": "git"
            },
            {
              "lessThan": "f8abd03f83d5fe81e76eb93e2c4373eb9f75fd8a",
              "status": "affected",
              "version": "fbfc504a24f53f7ebe128ab55cb5dba634f4ece8",
              "versionType": "git"
            },
            {
              "lessThan": "d486b5741d987d3e0e6be4ac22cafdf94e6d1a47",
              "status": "affected",
              "version": "fbfc504a24f53f7ebe128ab55cb5dba634f4ece8",
              "versionType": "git"
            },
            {
              "lessThan": "32cd3db7de97c0c7a018756ce66244342fd583f0",
              "status": "affected",
              "version": "fbfc504a24f53f7ebe128ab55cb5dba634f4ece8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/xdp/xskmap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.18"
            },
            {
              "lessThan": "4.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: fix OOB map writes when deleting elements\n\nJordy says:\n\n\"\nIn the xsk_map_delete_elem function an unsigned integer\n(map-\u003emax_entries) is compared with a user-controlled signed integer\n(k). Due to implicit type conversion, a large unsigned value for\nmap-\u003emax_entries can bypass the intended bounds check:\n\n\tif (k \u003e= map-\u003emax_entries)\n\t\treturn -EINVAL;\n\nThis allows k to hold a negative value (between -2147483648 and -2),\nwhich is then used as an array index in m-\u003exsk_map[k], which results\nin an out-of-bounds access.\n\n\tspin_lock_bh(\u0026m-\u003elock);\n\tmap_entry = \u0026m-\u003exsk_map[k]; // Out-of-bounds map_entry\n\told_xs = unrcu_pointer(xchg(map_entry, NULL));  // Oob write\n\tif (old_xs)\n\t\txsk_map_sock_delete(old_xs, map_entry);\n\tspin_unlock_bh(\u0026m-\u003elock);\n\nThe xchg operation can then be used to cause an out-of-bounds write.\nMoreover, the invalid map_entry passed to xsk_map_sock_delete can lead\nto further memory corruption.\n\"\n\nIt indeed results in following splat:\n\n[76612.897343] BUG: unable to handle page fault for address: ffffc8fc2e461108\n[76612.904330] #PF: supervisor write access in kernel mode\n[76612.909639] #PF: error_code(0x0002) - not-present page\n[76612.914855] PGD 0 P4D 0\n[76612.917431] Oops: Oops: 0002 [#1] PREEMPT SMP\n[76612.921859] CPU: 11 UID: 0 PID: 10318 Comm: a.out Not tainted 6.12.0-rc1+ #470\n[76612.929189] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019\n[76612.939781] RIP: 0010:xsk_map_delete_elem+0x2d/0x60\n[76612.944738] Code: 00 00 41 54 55 53 48 63 2e 3b 6f 24 73 38 4c 8d a7 f8 00 00 00 48 89 fb 4c 89 e7 e8 2d bf 05 00 48 8d b4 eb 00 01 00 00 31 ff \u003c48\u003e 87 3e 48 85 ff 74 05 e8 16 ff ff ff 4c 89 e7 e8 3e bc 05 00 31\n[76612.963774] RSP: 0018:ffffc9002e407df8 EFLAGS: 00010246\n[76612.969079] RAX: 0000000000000000 RBX: ffffc9002e461000 RCX: 0000000000000000\n[76612.976323] RDX: 0000000000000001 RSI: ffffc8fc2e461108 RDI: 0000000000000000\n[76612.983569] RBP: ffffffff80000001 R08: 0000000000000000 R09: 0000000000000007\n[76612.990812] R10: ffffc9002e407e18 R11: ffff888108a38858 R12: ffffc9002e4610f8\n[76612.998060] R13: ffff888108a38858 R14: 00007ffd1ae0ac78 R15: ffffc9002e4610c0\n[76613.005303] FS:  00007f80b6f59740(0000) GS:ffff8897e0ec0000(0000) knlGS:0000000000000000\n[76613.013517] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[76613.019349] CR2: ffffc8fc2e461108 CR3: 000000011e3ef001 CR4: 00000000007726f0\n[76613.026595] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[76613.033841] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[76613.041086] PKRU: 55555554\n[76613.043842] Call Trace:\n[76613.046331]  \u003cTASK\u003e\n[76613.048468]  ? __die+0x20/0x60\n[76613.051581]  ? page_fault_oops+0x15a/0x450\n[76613.055747]  ? search_extable+0x22/0x30\n[76613.059649]  ? search_bpf_extables+0x5f/0x80\n[76613.063988]  ? exc_page_fault+0xa9/0x140\n[76613.067975]  ? asm_exc_page_fault+0x22/0x30\n[76613.072229]  ? xsk_map_delete_elem+0x2d/0x60\n[76613.076573]  ? xsk_map_delete_elem+0x23/0x60\n[76613.080914]  __sys_bpf+0x19b7/0x23c0\n[76613.084555]  __x64_sys_bpf+0x1a/0x20\n[76613.088194]  do_syscall_64+0x37/0xb0\n[76613.091832]  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n[76613.096962] RIP: 0033:0x7f80b6d1e88d\n[76613.100592] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 b5 0f 00 f7 d8 64 89 01 48\n[76613.119631] RSP: 002b:00007ffd1ae0ac68 EFLAGS: 00000206 ORIG_RAX: 0000000000000141\n[76613.131330] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f80b6d1e88d\n[76613.142632] RDX: 0000000000000098 RSI: 00007ffd1ae0ad20 RDI: 0000000000000003\n[76613.153967] RBP: 00007ffd1ae0adc0 R08: 0000000000000000 R09: 0000000000000000\n[76613.166030] R10: 00007f80b6f77040 R11: 0000000000000206 R12: 00007ffd1ae0aed8\n[76613.177130] R13: 000055ddf42ce1e9 R14: 000055ddf42d0d98 R15: 00\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:59:54.375Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4d03f705e9d7aabebc6bfa5810f8aab6d176cbb7"
        },
        {
          "url": "https://git.kernel.org/stable/c/ed08c93d5a9801cc8f224a046411fd603c538d07"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8abd03f83d5fe81e76eb93e2c4373eb9f75fd8a"
        },
        {
          "url": "https://git.kernel.org/stable/c/d486b5741d987d3e0e6be4ac22cafdf94e6d1a47"
        },
        {
          "url": "https://git.kernel.org/stable/c/32cd3db7de97c0c7a018756ce66244342fd583f0"
        }
      ],
      "title": "xsk: fix OOB map writes when deleting elements",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56614",
    "datePublished": "2024-12-27T14:51:19.154Z",
    "dateReserved": "2024-12-27T14:03:06.014Z",
    "dateUpdated": "2025-11-03T20:50:59.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53161 (GCVE-0-2024-53161)

Vulnerability from cvelistv5 – Published: 2024-12-24 11:29 – Updated: 2025-11-03 20:46

Title

EDAC/bluefield: Fix potential integer overflow

Summary

In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fix potential integer overflow The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx left-shifted 16 bits and OR-ed with DIMM index. With mem_ctrl_idx defined as 32-bits wide the left-shift operation truncates the upper 16 bits of information during the calculation of the SMC argument. The mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any potential integer overflow, i.e. loss of data from upper 16 bits.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8cc31cfa36ff37aff…
	https://git.kernel.org/stable/c/e0269ea7a628fdedd…
	https://git.kernel.org/stable/c/4ad7033de109d0fec…
	https://git.kernel.org/stable/c/578ca89b04680145d…
	https://git.kernel.org/stable/c/ac6ebb9edcdb7077e…
	https://git.kernel.org/stable/c/fdb90006184aa84c7…
	https://git.kernel.org/stable/c/000930193fe5eb79c…
	https://git.kernel.org/stable/c/1fe774a93b46bb029…

Impacted products

Vendor

Product

Version

Linux

Affected: 82413e562ea6eadfb6de946dcc6f74af31d64e7f , < 8cc31cfa36ff37aff399b72faa2ded58110112ae (git)
Affected: 82413e562ea6eadfb6de946dcc6f74af31d64e7f , < e0269ea7a628fdeddd65b92fe29c09655dbb80b9 (git)
Affected: 82413e562ea6eadfb6de946dcc6f74af31d64e7f , < 4ad7033de109d0fec99086f352f58a3412e378b8 (git)
Affected: 82413e562ea6eadfb6de946dcc6f74af31d64e7f , < 578ca89b04680145d41011e7cec8806fefbb59e7 (git)
Affected: 82413e562ea6eadfb6de946dcc6f74af31d64e7f , < ac6ebb9edcdb7077e841862c402697c4c48a7c0a (git)
Affected: 82413e562ea6eadfb6de946dcc6f74af31d64e7f , < fdb90006184aa84c7b4e09144ed0936d4e1891a7 (git)
Affected: 82413e562ea6eadfb6de946dcc6f74af31d64e7f , < 000930193fe5eb79ce5563ee2e9ddb0c6e4e1bb5 (git)
Affected: 82413e562ea6eadfb6de946dcc6f74af31d64e7f , < 1fe774a93b46bb029b8f6fa9d1f25affa53f06c6 (git)

Linux

Affected: 5.4
Unaffected: 0 , < 5.4 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-53161",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:09:22.869656Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-190",
                "description": "CWE-190 Integer Overflow or Wraparound",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:17:08.107Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:46:52.800Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/edac/bluefield_edac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8cc31cfa36ff37aff399b72faa2ded58110112ae",
              "status": "affected",
              "version": "82413e562ea6eadfb6de946dcc6f74af31d64e7f",
              "versionType": "git"
            },
            {
              "lessThan": "e0269ea7a628fdeddd65b92fe29c09655dbb80b9",
              "status": "affected",
              "version": "82413e562ea6eadfb6de946dcc6f74af31d64e7f",
              "versionType": "git"
            },
            {
              "lessThan": "4ad7033de109d0fec99086f352f58a3412e378b8",
              "status": "affected",
              "version": "82413e562ea6eadfb6de946dcc6f74af31d64e7f",
              "versionType": "git"
            },
            {
              "lessThan": "578ca89b04680145d41011e7cec8806fefbb59e7",
              "status": "affected",
              "version": "82413e562ea6eadfb6de946dcc6f74af31d64e7f",
              "versionType": "git"
            },
            {
              "lessThan": "ac6ebb9edcdb7077e841862c402697c4c48a7c0a",
              "status": "affected",
              "version": "82413e562ea6eadfb6de946dcc6f74af31d64e7f",
              "versionType": "git"
            },
            {
              "lessThan": "fdb90006184aa84c7b4e09144ed0936d4e1891a7",
              "status": "affected",
              "version": "82413e562ea6eadfb6de946dcc6f74af31d64e7f",
              "versionType": "git"
            },
            {
              "lessThan": "000930193fe5eb79ce5563ee2e9ddb0c6e4e1bb5",
              "status": "affected",
              "version": "82413e562ea6eadfb6de946dcc6f74af31d64e7f",
              "versionType": "git"
            },
            {
              "lessThan": "1fe774a93b46bb029b8f6fa9d1f25affa53f06c6",
              "status": "affected",
              "version": "82413e562ea6eadfb6de946dcc6f74af31d64e7f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/edac/bluefield_edac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nEDAC/bluefield: Fix potential integer overflow\n\nThe 64-bit argument for the \"get DIMM info\" SMC call consists of mem_ctrl_idx\nleft-shifted 16 bits and OR-ed with DIMM index.  With mem_ctrl_idx defined as\n32-bits wide the left-shift operation truncates the upper 16 bits of\ninformation during the calculation of the SMC argument.\n\nThe mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any\npotential integer overflow, i.e. loss of data from upper 16 bits."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:54:34.419Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8cc31cfa36ff37aff399b72faa2ded58110112ae"
        },
        {
          "url": "https://git.kernel.org/stable/c/e0269ea7a628fdeddd65b92fe29c09655dbb80b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/4ad7033de109d0fec99086f352f58a3412e378b8"
        },
        {
          "url": "https://git.kernel.org/stable/c/578ca89b04680145d41011e7cec8806fefbb59e7"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac6ebb9edcdb7077e841862c402697c4c48a7c0a"
        },
        {
          "url": "https://git.kernel.org/stable/c/fdb90006184aa84c7b4e09144ed0936d4e1891a7"
        },
        {
          "url": "https://git.kernel.org/stable/c/000930193fe5eb79ce5563ee2e9ddb0c6e4e1bb5"
        },
        {
          "url": "https://git.kernel.org/stable/c/1fe774a93b46bb029b8f6fa9d1f25affa53f06c6"
        }
      ],
      "title": "EDAC/bluefield: Fix potential integer overflow",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53161",
    "datePublished": "2024-12-24T11:29:01.938Z",
    "dateReserved": "2024-11-19T17:17:25.002Z",
    "dateUpdated": "2025-11-03T20:46:52.800Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-55881 (GCVE-0-2024-55881)

Vulnerability from cvelistv5 – Published: 2025-01-11 12:35 – Updated: 2025-11-03 20:48

Title

KVM: x86: Play nice with protected guests in complete_hypercall_exit()

Summary

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Play nice with protected guests in complete_hypercall_exit() Use is_64_bit_hypercall() instead of is_64_bit_mode() to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g. SEV-ES and SEV-SNP, KVM must assume the hypercall was made in 64-bit mode as the vCPU state needed to detect 64-bit mode is unavailable. Hacking the sev_smoke_test selftest to generate a KVM_HC_MAP_GPA_RANGE hypercall via VMGEXIT trips the WARN: ------------[ cut here ]------------ WARNING: CPU: 273 PID: 326626 at arch/x86/kvm/x86.h:180 complete_hypercall_exit+0x44/0xe0 [kvm] Modules linked in: kvm_amd kvm ... [last unloaded: kvm] CPU: 273 UID: 0 PID: 326626 Comm: sev_smoke_test Not tainted 6.12.0-smp--392e932fa0f3-feat #470 Hardware name: Google Astoria/astoria, BIOS 0.20240617.0-0 06/17/2024 RIP: 0010:complete_hypercall_exit+0x44/0xe0 [kvm] Call Trace: <TASK> kvm_arch_vcpu_ioctl_run+0x2400/0x2720 [kvm] kvm_vcpu_ioctl+0x54f/0x630 [kvm] __se_sys_ioctl+0x6b/0xc0 do_syscall_64+0x83/0x160 entry_SYSCALL_64_after_hwframe+0x76/0x7e </TASK> ---[ end trace 0000000000000000 ]---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0840d360a8909c722…
	https://git.kernel.org/stable/c/7ed4db315094963de…
	https://git.kernel.org/stable/c/3d2634ec0d1dbe8f4…
	https://git.kernel.org/stable/c/22b5c2acd65dbe949…
	https://git.kernel.org/stable/c/9b42d1e8e4fe9dc63…

Impacted products

Vendor

Product

Version

Linux

Affected: 5969e2435cbd7f0ce8c28d717bfc39987ee8d8f1 , < 0840d360a8909c722fb62459f42836afe32ededb (git)
Affected: b5aead0064f33ae5e693a364e3204fe1c0ac9af2 , < 7ed4db315094963de0678a8adfd43c46471b9349 (git)
Affected: b5aead0064f33ae5e693a364e3204fe1c0ac9af2 , < 3d2634ec0d1dbe8f4b511cf5261f327c6a76f4b6 (git)
Affected: b5aead0064f33ae5e693a364e3204fe1c0ac9af2 , < 22b5c2acd65dbe949032f619d4758a35a82fffc3 (git)
Affected: b5aead0064f33ae5e693a364e3204fe1c0ac9af2 , < 9b42d1e8e4fe9dc631162c04caa69b0d1860b0f0 (git)

Linux

Affected: 5.16
Unaffected: 0 , < 5.16 (semver)
Unaffected: 5.15.176 , ≤ 5.15.* (semver)
Unaffected: 6.1.122 , ≤ 6.1.* (semver)
Unaffected: 6.6.68 , ≤ 6.6.* (semver)
Unaffected: 6.12.7 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:48:49.526Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kvm/x86.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0840d360a8909c722fb62459f42836afe32ededb",
              "status": "affected",
              "version": "5969e2435cbd7f0ce8c28d717bfc39987ee8d8f1",
              "versionType": "git"
            },
            {
              "lessThan": "7ed4db315094963de0678a8adfd43c46471b9349",
              "status": "affected",
              "version": "b5aead0064f33ae5e693a364e3204fe1c0ac9af2",
              "versionType": "git"
            },
            {
              "lessThan": "3d2634ec0d1dbe8f4b511cf5261f327c6a76f4b6",
              "status": "affected",
              "version": "b5aead0064f33ae5e693a364e3204fe1c0ac9af2",
              "versionType": "git"
            },
            {
              "lessThan": "22b5c2acd65dbe949032f619d4758a35a82fffc3",
              "status": "affected",
              "version": "b5aead0064f33ae5e693a364e3204fe1c0ac9af2",
              "versionType": "git"
            },
            {
              "lessThan": "9b42d1e8e4fe9dc631162c04caa69b0d1860b0f0",
              "status": "affected",
              "version": "b5aead0064f33ae5e693a364e3204fe1c0ac9af2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kvm/x86.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.16"
            },
            {
              "lessThan": "5.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.122",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.68",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.176",
                  "versionStartIncluding": "5.15.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.122",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.68",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.7",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Play nice with protected guests in complete_hypercall_exit()\n\nUse is_64_bit_hypercall() instead of is_64_bit_mode() to detect a 64-bit\nhypercall when completing said hypercall.  For guests with protected state,\ne.g. SEV-ES and SEV-SNP, KVM must assume the hypercall was made in 64-bit\nmode as the vCPU state needed to detect 64-bit mode is unavailable.\n\nHacking the sev_smoke_test selftest to generate a KVM_HC_MAP_GPA_RANGE\nhypercall via VMGEXIT trips the WARN:\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 273 PID: 326626 at arch/x86/kvm/x86.h:180 complete_hypercall_exit+0x44/0xe0 [kvm]\n  Modules linked in: kvm_amd kvm ... [last unloaded: kvm]\n  CPU: 273 UID: 0 PID: 326626 Comm: sev_smoke_test Not tainted 6.12.0-smp--392e932fa0f3-feat #470\n  Hardware name: Google Astoria/astoria, BIOS 0.20240617.0-0 06/17/2024\n  RIP: 0010:complete_hypercall_exit+0x44/0xe0 [kvm]\n  Call Trace:\n   \u003cTASK\u003e\n   kvm_arch_vcpu_ioctl_run+0x2400/0x2720 [kvm]\n   kvm_vcpu_ioctl+0x54f/0x630 [kvm]\n   __se_sys_ioctl+0x6b/0xc0\n   do_syscall_64+0x83/0x160\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n   \u003c/TASK\u003e\n  ---[ end trace 0000000000000000 ]---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:57:17.376Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0840d360a8909c722fb62459f42836afe32ededb"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ed4db315094963de0678a8adfd43c46471b9349"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d2634ec0d1dbe8f4b511cf5261f327c6a76f4b6"
        },
        {
          "url": "https://git.kernel.org/stable/c/22b5c2acd65dbe949032f619d4758a35a82fffc3"
        },
        {
          "url": "https://git.kernel.org/stable/c/9b42d1e8e4fe9dc631162c04caa69b0d1860b0f0"
        }
      ],
      "title": "KVM: x86: Play nice with protected guests in complete_hypercall_exit()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-55881",
    "datePublished": "2025-01-11T12:35:44.019Z",
    "dateReserved": "2025-01-09T09:51:32.450Z",
    "dateUpdated": "2025-11-03T20:48:49.526Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56648 (GCVE-0-2024-56648)

Vulnerability from cvelistv5 – Published: 2024-12-27 15:02 – Updated: 2025-11-03 20:51

Title

net: hsr: avoid potential out-of-bound access in fill_frame_info()

Summary

In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid potential out-of-bound access in fill_frame_info() syzbot is able to feed a packet with 14 bytes, pretending it is a vlan one. Since fill_frame_info() is relying on skb->mac_len already, extend the check to cover this case. BUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:709 [inline] BUG: KMSAN: uninit-value in hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724 fill_frame_info net/hsr/hsr_forward.c:709 [inline] hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724 hsr_dev_xmit+0x2f0/0x350 net/hsr/hsr_device.c:235 __netdev_start_xmit include/linux/netdevice.h:5002 [inline] netdev_start_xmit include/linux/netdevice.h:5011 [inline] xmit_one net/core/dev.c:3590 [inline] dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3606 __dev_queue_xmit+0x366a/0x57d0 net/core/dev.c:4434 dev_queue_xmit include/linux/netdevice.h:3168 [inline] packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3146 [inline] packet_sendmsg+0x91ae/0xa6f0 net/packet/af_packet.c:3178 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:726 __sys_sendto+0x594/0x750 net/socket.c:2197 __do_sys_sendto net/socket.c:2204 [inline] __se_sys_sendto net/socket.c:2200 [inline] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200 x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:4091 [inline] slab_alloc_node mm/slub.c:4134 [inline] kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587 __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678 alloc_skb include/linux/skbuff.h:1323 [inline] alloc_skb_with_frags+0xc8/0xd00 net/core/skbuff.c:6612 sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2881 packet_alloc_skb net/packet/af_packet.c:2995 [inline] packet_snd net/packet/af_packet.c:3089 [inline] packet_sendmsg+0x74c6/0xa6f0 net/packet/af_packet.c:3178 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:726 __sys_sendto+0x594/0x750 net/socket.c:2197 __do_sys_sendto net/socket.c:2204 [inline] __se_sys_sendto net/socket.c:2200 [inline] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200 x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-908 - Use of Uninitialized Resource

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/aa632691c722a123e…
	https://git.kernel.org/stable/c/c6e778901d0055356…
	https://git.kernel.org/stable/c/6bb5c8ebc99f0671d…
	https://git.kernel.org/stable/c/3c215663b3e27a3b0…
	https://git.kernel.org/stable/c/7ea527fbd7b94d0be…
	https://git.kernel.org/stable/c/b9653d19e556c6afd…

Impacted products

Vendor

Product

Version

Linux

Affected: f6442ee08fe66c8e45c4f246531a2aaf4f17a7a7 , < aa632691c722a123e47ccd05a3afdd5f87a36061 (git)
Affected: 48b491a5cc74333c4a6a82fe21cea42c055a3b0b , < c6e778901d0055356c4fb223058364cae731494a (git)
Affected: 48b491a5cc74333c4a6a82fe21cea42c055a3b0b , < 6bb5c8ebc99f0671dbd3c9408ebaf935c3951186 (git)
Affected: 48b491a5cc74333c4a6a82fe21cea42c055a3b0b , < 3c215663b3e27a3b08cefcaea623ff54c70c8035 (git)
Affected: 48b491a5cc74333c4a6a82fe21cea42c055a3b0b , < 7ea527fbd7b94d0bee64a0a7e98279bcc654b322 (git)
Affected: 48b491a5cc74333c4a6a82fe21cea42c055a3b0b , < b9653d19e556c6afd035602927a93d100a0d7644 (git)
Affected: 4ffd1d4a6b306ff69cbe412d2c54d2dd349ff436 (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56648",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:00:29.164296Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-908",
                "description": "CWE-908 Use of Uninitialized Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:11.414Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:51:54.024Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/hsr/hsr_forward.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "aa632691c722a123e47ccd05a3afdd5f87a36061",
              "status": "affected",
              "version": "f6442ee08fe66c8e45c4f246531a2aaf4f17a7a7",
              "versionType": "git"
            },
            {
              "lessThan": "c6e778901d0055356c4fb223058364cae731494a",
              "status": "affected",
              "version": "48b491a5cc74333c4a6a82fe21cea42c055a3b0b",
              "versionType": "git"
            },
            {
              "lessThan": "6bb5c8ebc99f0671dbd3c9408ebaf935c3951186",
              "status": "affected",
              "version": "48b491a5cc74333c4a6a82fe21cea42c055a3b0b",
              "versionType": "git"
            },
            {
              "lessThan": "3c215663b3e27a3b08cefcaea623ff54c70c8035",
              "status": "affected",
              "version": "48b491a5cc74333c4a6a82fe21cea42c055a3b0b",
              "versionType": "git"
            },
            {
              "lessThan": "7ea527fbd7b94d0bee64a0a7e98279bcc654b322",
              "status": "affected",
              "version": "48b491a5cc74333c4a6a82fe21cea42c055a3b0b",
              "versionType": "git"
            },
            {
              "lessThan": "b9653d19e556c6afd035602927a93d100a0d7644",
              "status": "affected",
              "version": "48b491a5cc74333c4a6a82fe21cea42c055a3b0b",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "4ffd1d4a6b306ff69cbe412d2c54d2dd349ff436",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/hsr/hsr_forward.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "5.10.42",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.12.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hsr: avoid potential out-of-bound access in fill_frame_info()\n\nsyzbot is able to feed a packet with 14 bytes, pretending\nit is a vlan one.\n\nSince fill_frame_info() is relying on skb-\u003emac_len already,\nextend the check to cover this case.\n\nBUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:709 [inline]\n BUG: KMSAN: uninit-value in hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724\n  fill_frame_info net/hsr/hsr_forward.c:709 [inline]\n  hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724\n  hsr_dev_xmit+0x2f0/0x350 net/hsr/hsr_device.c:235\n  __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n  netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n  xmit_one net/core/dev.c:3590 [inline]\n  dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3606\n  __dev_queue_xmit+0x366a/0x57d0 net/core/dev.c:4434\n  dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n  packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n  packet_snd net/packet/af_packet.c:3146 [inline]\n  packet_sendmsg+0x91ae/0xa6f0 net/packet/af_packet.c:3178\n  sock_sendmsg_nosec net/socket.c:711 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:726\n  __sys_sendto+0x594/0x750 net/socket.c:2197\n  __do_sys_sendto net/socket.c:2204 [inline]\n  __se_sys_sendto net/socket.c:2200 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200\n  x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n  slab_post_alloc_hook mm/slub.c:4091 [inline]\n  slab_alloc_node mm/slub.c:4134 [inline]\n  kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186\n  kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\n  __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\n  alloc_skb include/linux/skbuff.h:1323 [inline]\n  alloc_skb_with_frags+0xc8/0xd00 net/core/skbuff.c:6612\n  sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2881\n  packet_alloc_skb net/packet/af_packet.c:2995 [inline]\n  packet_snd net/packet/af_packet.c:3089 [inline]\n  packet_sendmsg+0x74c6/0xa6f0 net/packet/af_packet.c:3178\n  sock_sendmsg_nosec net/socket.c:711 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:726\n  __sys_sendto+0x594/0x750 net/socket.c:2197\n  __do_sys_sendto net/socket.c:2204 [inline]\n  __se_sys_sendto net/socket.c:2200 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200\n  x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T13:00:59.082Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/aa632691c722a123e47ccd05a3afdd5f87a36061"
        },
        {
          "url": "https://git.kernel.org/stable/c/c6e778901d0055356c4fb223058364cae731494a"
        },
        {
          "url": "https://git.kernel.org/stable/c/6bb5c8ebc99f0671dbd3c9408ebaf935c3951186"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c215663b3e27a3b08cefcaea623ff54c70c8035"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ea527fbd7b94d0bee64a0a7e98279bcc654b322"
        },
        {
          "url": "https://git.kernel.org/stable/c/b9653d19e556c6afd035602927a93d100a0d7644"
        }
      ],
      "title": "net: hsr: avoid potential out-of-bound access in fill_frame_info()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56648",
    "datePublished": "2024-12-27T15:02:48.687Z",
    "dateReserved": "2024-12-27T15:00:39.840Z",
    "dateUpdated": "2025-11-03T20:51:54.024Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56627 (GCVE-0-2024-56627)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:51 – Updated: 2025-11-03 20:51

Title

ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read

Summary

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read An offset from client could be a negative value, It could lead to an out-of-bounds read from the stream_buf. Note that this issue is coming when setting 'vfs objects = streams_xattr parameter' in ksmbd.conf.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-125 - Out-of-bounds Read

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/6bd1bf0e8c42f10a9…
	https://git.kernel.org/stable/c/de4d790dcf53be417…
	https://git.kernel.org/stable/c/27de4295522e9a33e…
	https://git.kernel.org/stable/c/81eed631935f2c52c…
	https://git.kernel.org/stable/c/fc342cf86e2dc4d2e…

Impacted products

Vendor

Product

Version

Linux

Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 6bd1bf0e8c42f10a9a9679a4c103a9032d30594d (git)
Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < de4d790dcf53be41736239d7ee63849a16ff5d10 (git)
Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 27de4295522e9a33e4a3fc72f7b8193df9eebe41 (git)
Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 81eed631935f2c52cdaf6691c6d48e0b06e8ad73 (git)
Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < fc342cf86e2dc4d2edb0fc2ff5e28b6c7845adb9 (git)

Linux

Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 5.15.176 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56627",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:00:48.902752Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:12.432Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:51:16.745Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/server/smb2pdu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6bd1bf0e8c42f10a9a9679a4c103a9032d30594d",
              "status": "affected",
              "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
              "versionType": "git"
            },
            {
              "lessThan": "de4d790dcf53be41736239d7ee63849a16ff5d10",
              "status": "affected",
              "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
              "versionType": "git"
            },
            {
              "lessThan": "27de4295522e9a33e4a3fc72f7b8193df9eebe41",
              "status": "affected",
              "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
              "versionType": "git"
            },
            {
              "lessThan": "81eed631935f2c52cdaf6691c6d48e0b06e8ad73",
              "status": "affected",
              "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
              "versionType": "git"
            },
            {
              "lessThan": "fc342cf86e2dc4d2edb0fc2ff5e28b6c7845adb9",
              "status": "affected",
              "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/server/smb2pdu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.176",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read\n\nAn offset from client could be a negative value, It could lead\nto an out-of-bounds read from the stream_buf.\nNote that this issue is coming when setting\n\u0027vfs objects = streams_xattr parameter\u0027 in ksmbd.conf."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:00:17.513Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6bd1bf0e8c42f10a9a9679a4c103a9032d30594d"
        },
        {
          "url": "https://git.kernel.org/stable/c/de4d790dcf53be41736239d7ee63849a16ff5d10"
        },
        {
          "url": "https://git.kernel.org/stable/c/27de4295522e9a33e4a3fc72f7b8193df9eebe41"
        },
        {
          "url": "https://git.kernel.org/stable/c/81eed631935f2c52cdaf6691c6d48e0b06e8ad73"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc342cf86e2dc4d2edb0fc2ff5e28b6c7845adb9"
        }
      ],
      "title": "ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56627",
    "datePublished": "2024-12-27T14:51:29.854Z",
    "dateReserved": "2024-12-27T14:03:06.018Z",
    "dateUpdated": "2025-11-03T20:51:16.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-47143 (GCVE-0-2024-47143)

Vulnerability from cvelistv5 – Published: 2025-01-11 12:25 – Updated: 2026-01-05 10:53

Title

dma-debug: fix a possible deadlock on radix_lock

Summary

In the Linux kernel, the following vulnerability has been resolved: dma-debug: fix a possible deadlock on radix_lock radix_lock() shouldn't be held while holding dma_hash_entry[idx].lock otherwise, there's a possible deadlock scenario when dma debug API is called holding rq_lock(): CPU0 CPU1 CPU2 dma_free_attrs() check_unmap() add_dma_entry() __schedule() //out (A) rq_lock() get_hash_bucket() (A) dma_entry_hash check_sync() (A) radix_lock() (W) dma_entry_hash dma_entry_free() (W) radix_lock() // CPU2's one (W) rq_lock() CPU1 situation can happen when it extending radix tree and it tries to wake up kswapd via wake_all_kswapd(). CPU2 situation can happen while perf_event_task_sched_out() (i.e. dma sync operation is called while deleting perf_event using etm and etr tmc which are Arm Coresight hwtracing driver backends). To remove this possible situation, call dma_entry_free() after put_hash_bucket() in check_unmap().

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-667 - Improper Locking

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3ccce34a5c3f5c954…
	https://git.kernel.org/stable/c/efe1b9bbf356357fd…
	https://git.kernel.org/stable/c/8c1b4fea8d62285f5…
	https://git.kernel.org/stable/c/c212d91070beca0d0…
	https://git.kernel.org/stable/c/f2b95248a16c5186d…
	https://git.kernel.org/stable/c/7543c3e3b9b88212f…

Impacted products

Vendor

Product

Version

Linux

Affected: 0abdd7a81b7e3fd781d7fabcca49501852bba17e , < 3ccce34a5c3f5c9541108a451657ade621524b32 (git)
Affected: 0abdd7a81b7e3fd781d7fabcca49501852bba17e , < efe1b9bbf356357fdff0399af361133d6e3ba18e (git)
Affected: 0abdd7a81b7e3fd781d7fabcca49501852bba17e , < 8c1b4fea8d62285f5e1a8194889b39661608bd8a (git)
Affected: 0abdd7a81b7e3fd781d7fabcca49501852bba17e , < c212d91070beca0d03fef7bf988baf4ff4b3eee4 (git)
Affected: 0abdd7a81b7e3fd781d7fabcca49501852bba17e , < f2b95248a16c5186d1c658fc0aeb2f3bd95e5259 (git)
Affected: 0abdd7a81b7e3fd781d7fabcca49501852bba17e , < 7543c3e3b9b88212fcd0aaf5cab5588797bdc7de (git)

Linux

Affected: 3.14
Unaffected: 0 , < 3.14 (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-47143",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:55:51.622689Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-667",
                "description": "CWE-667 Improper Locking",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:22.563Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:39:31.851Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/dma/debug.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3ccce34a5c3f5c9541108a451657ade621524b32",
              "status": "affected",
              "version": "0abdd7a81b7e3fd781d7fabcca49501852bba17e",
              "versionType": "git"
            },
            {
              "lessThan": "efe1b9bbf356357fdff0399af361133d6e3ba18e",
              "status": "affected",
              "version": "0abdd7a81b7e3fd781d7fabcca49501852bba17e",
              "versionType": "git"
            },
            {
              "lessThan": "8c1b4fea8d62285f5e1a8194889b39661608bd8a",
              "status": "affected",
              "version": "0abdd7a81b7e3fd781d7fabcca49501852bba17e",
              "versionType": "git"
            },
            {
              "lessThan": "c212d91070beca0d03fef7bf988baf4ff4b3eee4",
              "status": "affected",
              "version": "0abdd7a81b7e3fd781d7fabcca49501852bba17e",
              "versionType": "git"
            },
            {
              "lessThan": "f2b95248a16c5186d1c658fc0aeb2f3bd95e5259",
              "status": "affected",
              "version": "0abdd7a81b7e3fd781d7fabcca49501852bba17e",
              "versionType": "git"
            },
            {
              "lessThan": "7543c3e3b9b88212fcd0aaf5cab5588797bdc7de",
              "status": "affected",
              "version": "0abdd7a81b7e3fd781d7fabcca49501852bba17e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/dma/debug.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.14"
            },
            {
              "lessThan": "3.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-debug: fix a possible deadlock on radix_lock\n\nradix_lock() shouldn\u0027t be held while holding dma_hash_entry[idx].lock\notherwise, there\u0027s a possible deadlock scenario when\ndma debug API is called holding rq_lock():\n\nCPU0                   CPU1                       CPU2\ndma_free_attrs()\ncheck_unmap()          add_dma_entry()            __schedule() //out\n                                                  (A) rq_lock()\nget_hash_bucket()\n(A) dma_entry_hash\n                                                  check_sync()\n                       (A) radix_lock()           (W) dma_entry_hash\ndma_entry_free()\n(W) radix_lock()\n                       // CPU2\u0027s one\n                       (W) rq_lock()\n\nCPU1 situation can happen when it extending radix tree and\nit tries to wake up kswapd via wake_all_kswapd().\n\nCPU2 situation can happen while perf_event_task_sched_out()\n(i.e. dma sync operation is called while deleting perf_event using\n etm and etr tmc which are Arm Coresight hwtracing driver backends).\n\nTo remove this possible situation, call dma_entry_free() after\nput_hash_bucket() in check_unmap()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:53:43.155Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3ccce34a5c3f5c9541108a451657ade621524b32"
        },
        {
          "url": "https://git.kernel.org/stable/c/efe1b9bbf356357fdff0399af361133d6e3ba18e"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c1b4fea8d62285f5e1a8194889b39661608bd8a"
        },
        {
          "url": "https://git.kernel.org/stable/c/c212d91070beca0d03fef7bf988baf4ff4b3eee4"
        },
        {
          "url": "https://git.kernel.org/stable/c/f2b95248a16c5186d1c658fc0aeb2f3bd95e5259"
        },
        {
          "url": "https://git.kernel.org/stable/c/7543c3e3b9b88212fcd0aaf5cab5588797bdc7de"
        }
      ],
      "title": "dma-debug: fix a possible deadlock on radix_lock",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-47143",
    "datePublished": "2025-01-11T12:25:13.561Z",
    "dateReserved": "2025-01-09T09:49:29.749Z",
    "dateUpdated": "2026-01-05T10:53:43.155Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56659 (GCVE-0-2024-56659)

Vulnerability from cvelistv5 – Published: 2024-12-27 15:06 – Updated: 2025-11-03 20:52

Title

net: lapb: increase LAPB_HEADER_LEN

Summary

In the Linux kernel, the following vulnerability has been resolved: net: lapb: increase LAPB_HEADER_LEN It is unclear if net/lapb code is supposed to be ready for 8021q. We can at least avoid crashes like the following : skbuff: skb_under_panic: text:ffffffff8aabe1f6 len:24 put:20 head:ffff88802824a400 data:ffff88802824a3fe tail:0x16 end:0x140 dev:nr0.2 ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:206 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 5508 Comm: dhcpcd Not tainted 6.12.0-rc7-syzkaller-00144-g66418447d27b #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 RIP: 0010:skb_panic net/core/skbuff.c:206 [inline] RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216 Code: 0d 8d 48 c7 c6 2e 9e 29 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 1a 6f 37 02 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 RSP: 0018:ffffc90002ddf638 EFLAGS: 00010282 RAX: 0000000000000086 RBX: dffffc0000000000 RCX: 7a24750e538ff600 RDX: 0000000000000000 RSI: 0000000000000201 RDI: 0000000000000000 RBP: ffff888034a86650 R08: ffffffff8174b13c R09: 1ffff920005bbe60 R10: dffffc0000000000 R11: fffff520005bbe61 R12: 0000000000000140 R13: ffff88802824a400 R14: ffff88802824a3fe R15: 0000000000000016 FS: 00007f2a5990d740(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000110c2631fd CR3: 0000000029504000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_push+0xe5/0x100 net/core/skbuff.c:2636 nr_header+0x36/0x320 net/netrom/nr_dev.c:69 dev_hard_header include/linux/netdevice.h:3148 [inline] vlan_dev_hard_header+0x359/0x480 net/8021q/vlan_dev.c:83 dev_hard_header include/linux/netdevice.h:3148 [inline] lapbeth_data_transmit+0x1f6/0x2a0 drivers/net/wan/lapbether.c:257 lapb_data_transmit+0x91/0xb0 net/lapb/lapb_iface.c:447 lapb_transmit_buffer+0x168/0x1f0 net/lapb/lapb_out.c:149 lapb_establish_data_link+0x84/0xd0 lapb_device_event+0x4e0/0x670 notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93 __dev_notify_flags+0x207/0x400 dev_change_flags+0xf0/0x1a0 net/core/dev.c:8922 devinet_ioctl+0xa4e/0x1aa0 net/ipv4/devinet.c:1188 inet_ioctl+0x3d7/0x4f0 net/ipv4/af_inet.c:1003 sock_do_ioctl+0x158/0x460 net/socket.c:1227 sock_ioctl+0x626/0x8e0 net/socket.c:1346 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3aa2ef7ffd0451e8f…
	https://git.kernel.org/stable/c/76d856f03d0290cf5…
	https://git.kernel.org/stable/c/c21c7c1c00bcc60cf…
	https://git.kernel.org/stable/c/f0949199651bc87c5…
	https://git.kernel.org/stable/c/03e661b5e7aa1124f…
	https://git.kernel.org/stable/c/2b351355bbd50ae25…
	https://git.kernel.org/stable/c/a6d75ecee2bf828ac…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3aa2ef7ffd0451e8f81c249d2a2a68283c6bc700 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 76d856f03d0290cf5392364ecdf74c15ee16b8fd (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c21c7c1c00bcc60cf752ec491bdfd47693f4d3c7 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f0949199651bc87c5ed2c12a7323f441f1af6fe9 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 03e661b5e7aa1124f24054df9ab2ee5cb2178973 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 2b351355bbd50ae25d096785b6eb31998d2bf765 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a6d75ecee2bf828ac6a1b52724aba0a977e4eaf4 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 5.4.288 , ≤ 5.4.* (semver)
Unaffected: 5.10.232 , ≤ 5.10.* (semver)
Unaffected: 5.15.175 , ≤ 5.15.* (semver)
Unaffected: 6.1.121 , ≤ 6.1.* (semver)
Unaffected: 6.6.67 , ≤ 6.6.* (semver)
Unaffected: 6.12.6 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56659",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:00:09.932215Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:10.586Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:52:02.579Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/net/lapb.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3aa2ef7ffd0451e8f81c249d2a2a68283c6bc700",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "76d856f03d0290cf5392364ecdf74c15ee16b8fd",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c21c7c1c00bcc60cf752ec491bdfd47693f4d3c7",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f0949199651bc87c5ed2c12a7323f441f1af6fe9",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "03e661b5e7aa1124f24054df9ab2ee5cb2178973",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2b351355bbd50ae25d096785b6eb31998d2bf765",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a6d75ecee2bf828ac6a1b52724aba0a977e4eaf4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/net/lapb.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.288",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.232",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.175",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.121",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.67",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.288",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.232",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.175",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.121",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.67",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.6",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lapb: increase LAPB_HEADER_LEN\n\nIt is unclear if net/lapb code is supposed to be ready for 8021q.\n\nWe can at least avoid crashes like the following :\n\nskbuff: skb_under_panic: text:ffffffff8aabe1f6 len:24 put:20 head:ffff88802824a400 data:ffff88802824a3fe tail:0x16 end:0x140 dev:nr0.2\n------------[ cut here ]------------\n kernel BUG at net/core/skbuff.c:206 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 5508 Comm: dhcpcd Not tainted 6.12.0-rc7-syzkaller-00144-g66418447d27b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024\n RIP: 0010:skb_panic net/core/skbuff.c:206 [inline]\n RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216\nCode: 0d 8d 48 c7 c6 2e 9e 29 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 1a 6f 37 02 48 83 c4 20 90 \u003c0f\u003e 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3\nRSP: 0018:ffffc90002ddf638 EFLAGS: 00010282\nRAX: 0000000000000086 RBX: dffffc0000000000 RCX: 7a24750e538ff600\nRDX: 0000000000000000 RSI: 0000000000000201 RDI: 0000000000000000\nRBP: ffff888034a86650 R08: ffffffff8174b13c R09: 1ffff920005bbe60\nR10: dffffc0000000000 R11: fffff520005bbe61 R12: 0000000000000140\nR13: ffff88802824a400 R14: ffff88802824a3fe R15: 0000000000000016\nFS:  00007f2a5990d740(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000110c2631fd CR3: 0000000029504000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n  skb_push+0xe5/0x100 net/core/skbuff.c:2636\n  nr_header+0x36/0x320 net/netrom/nr_dev.c:69\n  dev_hard_header include/linux/netdevice.h:3148 [inline]\n  vlan_dev_hard_header+0x359/0x480 net/8021q/vlan_dev.c:83\n  dev_hard_header include/linux/netdevice.h:3148 [inline]\n  lapbeth_data_transmit+0x1f6/0x2a0 drivers/net/wan/lapbether.c:257\n  lapb_data_transmit+0x91/0xb0 net/lapb/lapb_iface.c:447\n  lapb_transmit_buffer+0x168/0x1f0 net/lapb/lapb_out.c:149\n lapb_establish_data_link+0x84/0xd0\n lapb_device_event+0x4e0/0x670\n  notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n __dev_notify_flags+0x207/0x400\n  dev_change_flags+0xf0/0x1a0 net/core/dev.c:8922\n  devinet_ioctl+0xa4e/0x1aa0 net/ipv4/devinet.c:1188\n  inet_ioctl+0x3d7/0x4f0 net/ipv4/af_inet.c:1003\n  sock_do_ioctl+0x158/0x460 net/socket.c:1227\n  sock_ioctl+0x626/0x8e0 net/socket.c:1346\n  vfs_ioctl fs/ioctl.c:51 [inline]\n  __do_sys_ioctl fs/ioctl.c:907 [inline]\n  __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:01:22.043Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3aa2ef7ffd0451e8f81c249d2a2a68283c6bc700"
        },
        {
          "url": "https://git.kernel.org/stable/c/76d856f03d0290cf5392364ecdf74c15ee16b8fd"
        },
        {
          "url": "https://git.kernel.org/stable/c/c21c7c1c00bcc60cf752ec491bdfd47693f4d3c7"
        },
        {
          "url": "https://git.kernel.org/stable/c/f0949199651bc87c5ed2c12a7323f441f1af6fe9"
        },
        {
          "url": "https://git.kernel.org/stable/c/03e661b5e7aa1124f24054df9ab2ee5cb2178973"
        },
        {
          "url": "https://git.kernel.org/stable/c/2b351355bbd50ae25d096785b6eb31998d2bf765"
        },
        {
          "url": "https://git.kernel.org/stable/c/a6d75ecee2bf828ac6a1b52724aba0a977e4eaf4"
        }
      ],
      "title": "net: lapb: increase LAPB_HEADER_LEN",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56659",
    "datePublished": "2024-12-27T15:06:22.298Z",
    "dateReserved": "2024-12-27T15:00:39.841Z",
    "dateUpdated": "2025-11-03T20:52:02.579Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56679 (GCVE-0-2024-56679)

Vulnerability from cvelistv5 – Published: 2024-12-28 09:46 – Updated: 2025-11-03 20:52

Title

octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c

Summary

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c Add error pointer check after calling otx2_mbox_get_rsp().

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/785c6758ea32aca73…
	https://git.kernel.org/stable/c/9265b6ee754226f61…
	https://git.kernel.org/stable/c/52c63a6a27d3178fa…
	https://git.kernel.org/stable/c/4b88b202cf1ae7915…
	https://git.kernel.org/stable/c/d4d5139d280f5837f…
	https://git.kernel.org/stable/c/0fbc7a5027c6f7f2c…

Impacted products

Vendor

Product

Version

Linux

Affected: ab58a416c93f134b72ec7e10d8d74509c3985243 , < 785c6758ea32aca73ba9331f7d902f7ce9a25757 (git)
Affected: ab58a416c93f134b72ec7e10d8d74509c3985243 , < 9265b6ee754226f61bd122ec57141a781d4e0dcb (git)
Affected: ab58a416c93f134b72ec7e10d8d74509c3985243 , < 52c63a6a27d3178fab533fcfb4baa2ed5b8608a3 (git)
Affected: ab58a416c93f134b72ec7e10d8d74509c3985243 , < 4b88b202cf1ae79159a94fff9500f9be31559235 (git)
Affected: ab58a416c93f134b72ec7e10d8d74509c3985243 , < d4d5139d280f5837f16d116614c05c2b4eeaf28f (git)
Affected: ab58a416c93f134b72ec7e10d8d74509c3985243 , < 0fbc7a5027c6f7f2c785adae3dcec22b2f2b69b3 (git)

Linux

Affected: 5.12
Unaffected: 0 , < 5.12 (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:52:25.716Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "785c6758ea32aca73ba9331f7d902f7ce9a25757",
              "status": "affected",
              "version": "ab58a416c93f134b72ec7e10d8d74509c3985243",
              "versionType": "git"
            },
            {
              "lessThan": "9265b6ee754226f61bd122ec57141a781d4e0dcb",
              "status": "affected",
              "version": "ab58a416c93f134b72ec7e10d8d74509c3985243",
              "versionType": "git"
            },
            {
              "lessThan": "52c63a6a27d3178fab533fcfb4baa2ed5b8608a3",
              "status": "affected",
              "version": "ab58a416c93f134b72ec7e10d8d74509c3985243",
              "versionType": "git"
            },
            {
              "lessThan": "4b88b202cf1ae79159a94fff9500f9be31559235",
              "status": "affected",
              "version": "ab58a416c93f134b72ec7e10d8d74509c3985243",
              "versionType": "git"
            },
            {
              "lessThan": "d4d5139d280f5837f16d116614c05c2b4eeaf28f",
              "status": "affected",
              "version": "ab58a416c93f134b72ec7e10d8d74509c3985243",
              "versionType": "git"
            },
            {
              "lessThan": "0fbc7a5027c6f7f2c785adae3dcec22b2f2b69b3",
              "status": "affected",
              "version": "ab58a416c93f134b72ec7e10d8d74509c3985243",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.12"
            },
            {
              "lessThan": "5.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c\n\nAdd error pointer check after calling otx2_mbox_get_rsp()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:02:05.847Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/785c6758ea32aca73ba9331f7d902f7ce9a25757"
        },
        {
          "url": "https://git.kernel.org/stable/c/9265b6ee754226f61bd122ec57141a781d4e0dcb"
        },
        {
          "url": "https://git.kernel.org/stable/c/52c63a6a27d3178fab533fcfb4baa2ed5b8608a3"
        },
        {
          "url": "https://git.kernel.org/stable/c/4b88b202cf1ae79159a94fff9500f9be31559235"
        },
        {
          "url": "https://git.kernel.org/stable/c/d4d5139d280f5837f16d116614c05c2b4eeaf28f"
        },
        {
          "url": "https://git.kernel.org/stable/c/0fbc7a5027c6f7f2c785adae3dcec22b2f2b69b3"
        }
      ],
      "title": "octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56679",
    "datePublished": "2024-12-28T09:46:08.124Z",
    "dateReserved": "2024-12-27T15:00:39.846Z",
    "dateUpdated": "2025-11-03T20:52:25.716Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56690 (GCVE-0-2024-56690)

Vulnerability from cvelistv5 – Published: 2024-12-28 09:46 – Updated: 2025-11-03 20:52

Title

crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY

Summary

In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Since commit 8f4f68e788c3 ("crypto: pcrypt - Fix hungtask for PADATA_RESET"), the pcrypt encryption and decryption operations return -EAGAIN when the CPU goes online or offline. In alg_test(), a WARN is generated when pcrypt_aead_decrypt() or pcrypt_aead_encrypt() returns -EAGAIN, the unnecessary panic will occur when panic_on_warn set 1. Fix this issue by calling crypto layer directly without parallelization in that case.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/dd8bf8eb5beba1e7c…
	https://git.kernel.org/stable/c/fca8aed12218f96b3…
	https://git.kernel.org/stable/c/a92ccd3618e42333a…
	https://git.kernel.org/stable/c/96001f52ae8c70e2c…
	https://git.kernel.org/stable/c/92834692a539b5b7f…
	https://git.kernel.org/stable/c/5edae7a9a35606017…
	https://git.kernel.org/stable/c/a8e0074ffb38c9a59…
	https://git.kernel.org/stable/c/7ddab756f2de5b7b4…
	https://git.kernel.org/stable/c/662f2f13e66d3883b…

Impacted products

Vendor

Product

Version

Linux

Affected: 039fec48e062504f14845124a1a25eb199b2ddc0 , < dd8bf8eb5beba1e7c3b11a9a5a58ccbf345a69e6 (git)
Affected: c9c1334697301c10e6918d747ed38abfbc0c96e7 , < fca8aed12218f96b38e374ff264d78ea1fbd23cc (git)
Affected: e97bf4ada7dddacd184c3e196bd063b0dc71b41d , < a92ccd3618e42333ac6f150ecdac14dca298bc7a (git)
Affected: 546c1796ad1ed0d87dab3c4b5156d75819be2316 , < 96001f52ae8c70e2c736d3e1e5dc53d5b521e5ca (git)
Affected: c55fc098fd9d2dca475b82d00ffbcaf97879d77e , < 92834692a539b5b7f409e467a14667d64713b732 (git)
Affected: 372636debe852913529b1716f44addd94fff2d28 , < 5edae7a9a35606017ee6e05911c290acee9fee5a (git)
Affected: 8f4f68e788c3a7a696546291258bfa5fdb215523 , < a8e0074ffb38c9a5964a221bb998034d016c93a2 (git)
Affected: 8f4f68e788c3a7a696546291258bfa5fdb215523 , < 7ddab756f2de5b7b43c122ebebdf37f400fb2b6f (git)
Affected: 8f4f68e788c3a7a696546291258bfa5fdb215523 , < 662f2f13e66d3883b9238b0b96b17886179e60e2 (git)
Affected: fb2d3a50a8f29a3c66682bb426144f40e32ab818 (git)
Affected: e134f3aba98e6c801a693f540912c2d493718ddf (git)

Linux

Affected: 6.7
Unaffected: 0 , < 6.7 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:52:36.988Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "crypto/pcrypt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "dd8bf8eb5beba1e7c3b11a9a5a58ccbf345a69e6",
              "status": "affected",
              "version": "039fec48e062504f14845124a1a25eb199b2ddc0",
              "versionType": "git"
            },
            {
              "lessThan": "fca8aed12218f96b38e374ff264d78ea1fbd23cc",
              "status": "affected",
              "version": "c9c1334697301c10e6918d747ed38abfbc0c96e7",
              "versionType": "git"
            },
            {
              "lessThan": "a92ccd3618e42333ac6f150ecdac14dca298bc7a",
              "status": "affected",
              "version": "e97bf4ada7dddacd184c3e196bd063b0dc71b41d",
              "versionType": "git"
            },
            {
              "lessThan": "96001f52ae8c70e2c736d3e1e5dc53d5b521e5ca",
              "status": "affected",
              "version": "546c1796ad1ed0d87dab3c4b5156d75819be2316",
              "versionType": "git"
            },
            {
              "lessThan": "92834692a539b5b7f409e467a14667d64713b732",
              "status": "affected",
              "version": "c55fc098fd9d2dca475b82d00ffbcaf97879d77e",
              "versionType": "git"
            },
            {
              "lessThan": "5edae7a9a35606017ee6e05911c290acee9fee5a",
              "status": "affected",
              "version": "372636debe852913529b1716f44addd94fff2d28",
              "versionType": "git"
            },
            {
              "lessThan": "a8e0074ffb38c9a5964a221bb998034d016c93a2",
              "status": "affected",
              "version": "8f4f68e788c3a7a696546291258bfa5fdb215523",
              "versionType": "git"
            },
            {
              "lessThan": "7ddab756f2de5b7b43c122ebebdf37f400fb2b6f",
              "status": "affected",
              "version": "8f4f68e788c3a7a696546291258bfa5fdb215523",
              "versionType": "git"
            },
            {
              "lessThan": "662f2f13e66d3883b9238b0b96b17886179e60e2",
              "status": "affected",
              "version": "8f4f68e788c3a7a696546291258bfa5fdb215523",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "fb2d3a50a8f29a3c66682bb426144f40e32ab818",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "e134f3aba98e6c801a693f540912c2d493718ddf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "crypto/pcrypt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "4.19.300",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "5.4.262",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "5.10.202",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.15.140",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "6.1.64",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "6.6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.331",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY\n\nSince commit 8f4f68e788c3 (\"crypto: pcrypt - Fix hungtask for\nPADATA_RESET\"), the pcrypt encryption and decryption operations return\n-EAGAIN when the CPU goes online or offline. In alg_test(), a WARN is\ngenerated when pcrypt_aead_decrypt() or pcrypt_aead_encrypt() returns\n-EAGAIN, the unnecessary panic will occur when panic_on_warn set 1.\nFix this issue by calling crypto layer directly without parallelization\nin that case."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T13:01:14.803Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/dd8bf8eb5beba1e7c3b11a9a5a58ccbf345a69e6"
        },
        {
          "url": "https://git.kernel.org/stable/c/fca8aed12218f96b38e374ff264d78ea1fbd23cc"
        },
        {
          "url": "https://git.kernel.org/stable/c/a92ccd3618e42333ac6f150ecdac14dca298bc7a"
        },
        {
          "url": "https://git.kernel.org/stable/c/96001f52ae8c70e2c736d3e1e5dc53d5b521e5ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/92834692a539b5b7f409e467a14667d64713b732"
        },
        {
          "url": "https://git.kernel.org/stable/c/5edae7a9a35606017ee6e05911c290acee9fee5a"
        },
        {
          "url": "https://git.kernel.org/stable/c/a8e0074ffb38c9a5964a221bb998034d016c93a2"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ddab756f2de5b7b43c122ebebdf37f400fb2b6f"
        },
        {
          "url": "https://git.kernel.org/stable/c/662f2f13e66d3883b9238b0b96b17886179e60e2"
        }
      ],
      "title": "crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56690",
    "datePublished": "2024-12-28T09:46:16.246Z",
    "dateReserved": "2024-12-27T15:00:39.848Z",
    "dateUpdated": "2025-11-03T20:52:36.988Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21636 (GCVE-0-2025-21636)

Vulnerability from cvelistv5 – Published: 2025-01-19 10:17 – Updated: 2025-11-03 20:58

Title

sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy

Summary

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The 'net' structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, as this is the only member needed from the 'net' structure, but that would increase the size of this fix, to use '*data' everywhere 'net->sctp.probe_interval' is used.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1dc5da6c4178f3e4b…
	https://git.kernel.org/stable/c/44ee8635922b6eb94…
	https://git.kernel.org/stable/c/284a221f8fa503628…
	https://git.kernel.org/stable/c/bcf8c60074e81ed2a…
	https://git.kernel.org/stable/c/6259d2484d0ceff42…

Impacted products

Vendor

Product

Version

Linux

Affected: d1e462a7a5f359cbb9a0e8fbfafcfb6657034105 , < 1dc5da6c4178f3e4b95c631418f72de9f86c0449 (git)
Affected: d1e462a7a5f359cbb9a0e8fbfafcfb6657034105 , < 44ee8635922b6eb940faddb961a8347c6857d722 (git)
Affected: d1e462a7a5f359cbb9a0e8fbfafcfb6657034105 , < 284a221f8fa503628432c7bb5108277c688c6ffa (git)
Affected: d1e462a7a5f359cbb9a0e8fbfafcfb6657034105 , < bcf8c60074e81ed2ac2d35130917175a3949c917 (git)
Affected: d1e462a7a5f359cbb9a0e8fbfafcfb6657034105 , < 6259d2484d0ceff42245d1f09cc8cb6ee72d847a (git)

Linux

Affected: 5.14
Unaffected: 0 , < 5.14 (semver)
Unaffected: 5.15.177 , ≤ 5.15.* (semver)
Unaffected: 6.1.125 , ≤ 6.1.* (semver)
Unaffected: 6.6.72 , ≤ 6.6.* (semver)
Unaffected: 6.12.10 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-21636",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:54:13.852333Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:17.956Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:58:13.639Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sctp/sysctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1dc5da6c4178f3e4b95c631418f72de9f86c0449",
              "status": "affected",
              "version": "d1e462a7a5f359cbb9a0e8fbfafcfb6657034105",
              "versionType": "git"
            },
            {
              "lessThan": "44ee8635922b6eb940faddb961a8347c6857d722",
              "status": "affected",
              "version": "d1e462a7a5f359cbb9a0e8fbfafcfb6657034105",
              "versionType": "git"
            },
            {
              "lessThan": "284a221f8fa503628432c7bb5108277c688c6ffa",
              "status": "affected",
              "version": "d1e462a7a5f359cbb9a0e8fbfafcfb6657034105",
              "versionType": "git"
            },
            {
              "lessThan": "bcf8c60074e81ed2ac2d35130917175a3949c917",
              "status": "affected",
              "version": "d1e462a7a5f359cbb9a0e8fbfafcfb6657034105",
              "versionType": "git"
            },
            {
              "lessThan": "6259d2484d0ceff42245d1f09cc8cb6ee72d847a",
              "status": "affected",
              "version": "d1e462a7a5f359cbb9a0e8fbfafcfb6657034105",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sctp/sysctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.125",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.72",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.177",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.125",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.72",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.10",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n  from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n  (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n  syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.probe_interval\u0027 is\nused."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:17:57.588Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1dc5da6c4178f3e4b95c631418f72de9f86c0449"
        },
        {
          "url": "https://git.kernel.org/stable/c/44ee8635922b6eb940faddb961a8347c6857d722"
        },
        {
          "url": "https://git.kernel.org/stable/c/284a221f8fa503628432c7bb5108277c688c6ffa"
        },
        {
          "url": "https://git.kernel.org/stable/c/bcf8c60074e81ed2ac2d35130917175a3949c917"
        },
        {
          "url": "https://git.kernel.org/stable/c/6259d2484d0ceff42245d1f09cc8cb6ee72d847a"
        }
      ],
      "title": "sctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21636",
    "datePublished": "2025-01-19T10:17:54.576Z",
    "dateReserved": "2024-12-29T08:45:45.726Z",
    "dateUpdated": "2025-11-03T20:58:13.639Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56637 (GCVE-0-2024-56637)

Vulnerability from cvelistv5 – Published: 2024-12-27 15:02 – Updated: 2025-11-03 20:51

Title

netfilter: ipset: Hold module reference while requesting a module

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Hold module reference while requesting a module User space may unload ip_set.ko while it is itself requesting a set type backend module, leading to a kernel crash. The race condition may be provoked by inserting an mdelay() right after the nfnl_unlock() call.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e5e2d3024753fdaca…
	https://git.kernel.org/stable/c/6099b5d3e37145484…
	https://git.kernel.org/stable/c/0e67805e805c1f3ed…
	https://git.kernel.org/stable/c/5bae60a933ba5d16e…
	https://git.kernel.org/stable/c/90bf312a6b6b3d601…
	https://git.kernel.org/stable/c/ba5e070f36682d07c…
	https://git.kernel.org/stable/c/456f010bfaefde84d…

Impacted products

Vendor

Product

Version

Linux

Affected: a7b4f989a629493bb4ec4a354def784d440b32c4 , < e5e2d3024753fdaca818b822e3827614bacbdccf (git)
Affected: a7b4f989a629493bb4ec4a354def784d440b32c4 , < 6099b5d3e37145484fac4b8b4070c3f1abfb3519 (git)
Affected: a7b4f989a629493bb4ec4a354def784d440b32c4 , < 0e67805e805c1f3edd6f43adbe08ea14b552694b (git)
Affected: a7b4f989a629493bb4ec4a354def784d440b32c4 , < 5bae60a933ba5d16eed55c6b279be51bcbbc79b0 (git)
Affected: a7b4f989a629493bb4ec4a354def784d440b32c4 , < 90bf312a6b6b3d6012137f6776a4052ee85e0340 (git)
Affected: a7b4f989a629493bb4ec4a354def784d440b32c4 , < ba5e070f36682d07ca7ad2a953e6c9d96be19dca (git)
Affected: a7b4f989a629493bb4ec4a354def784d440b32c4 , < 456f010bfaefde84d3390c755eedb1b0a5857c3c (git)

Linux

Affected: 2.6.39
Unaffected: 0 , < 2.6.39 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:51:38.620Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/ipset/ip_set_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e5e2d3024753fdaca818b822e3827614bacbdccf",
              "status": "affected",
              "version": "a7b4f989a629493bb4ec4a354def784d440b32c4",
              "versionType": "git"
            },
            {
              "lessThan": "6099b5d3e37145484fac4b8b4070c3f1abfb3519",
              "status": "affected",
              "version": "a7b4f989a629493bb4ec4a354def784d440b32c4",
              "versionType": "git"
            },
            {
              "lessThan": "0e67805e805c1f3edd6f43adbe08ea14b552694b",
              "status": "affected",
              "version": "a7b4f989a629493bb4ec4a354def784d440b32c4",
              "versionType": "git"
            },
            {
              "lessThan": "5bae60a933ba5d16eed55c6b279be51bcbbc79b0",
              "status": "affected",
              "version": "a7b4f989a629493bb4ec4a354def784d440b32c4",
              "versionType": "git"
            },
            {
              "lessThan": "90bf312a6b6b3d6012137f6776a4052ee85e0340",
              "status": "affected",
              "version": "a7b4f989a629493bb4ec4a354def784d440b32c4",
              "versionType": "git"
            },
            {
              "lessThan": "ba5e070f36682d07ca7ad2a953e6c9d96be19dca",
              "status": "affected",
              "version": "a7b4f989a629493bb4ec4a354def784d440b32c4",
              "versionType": "git"
            },
            {
              "lessThan": "456f010bfaefde84d3390c755eedb1b0a5857c3c",
              "status": "affected",
              "version": "a7b4f989a629493bb4ec4a354def784d440b32c4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/ipset/ip_set_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.39"
            },
            {
              "lessThan": "2.6.39",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: Hold module reference while requesting a module\n\nUser space may unload ip_set.ko while it is itself requesting a set type\nbackend module, leading to a kernel crash. The race condition may be\nprovoked by inserting an mdelay() right after the nfnl_unlock() call."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:00:42.586Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e5e2d3024753fdaca818b822e3827614bacbdccf"
        },
        {
          "url": "https://git.kernel.org/stable/c/6099b5d3e37145484fac4b8b4070c3f1abfb3519"
        },
        {
          "url": "https://git.kernel.org/stable/c/0e67805e805c1f3edd6f43adbe08ea14b552694b"
        },
        {
          "url": "https://git.kernel.org/stable/c/5bae60a933ba5d16eed55c6b279be51bcbbc79b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/90bf312a6b6b3d6012137f6776a4052ee85e0340"
        },
        {
          "url": "https://git.kernel.org/stable/c/ba5e070f36682d07ca7ad2a953e6c9d96be19dca"
        },
        {
          "url": "https://git.kernel.org/stable/c/456f010bfaefde84d3390c755eedb1b0a5857c3c"
        }
      ],
      "title": "netfilter: ipset: Hold module reference while requesting a module",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56637",
    "datePublished": "2024-12-27T15:02:39.876Z",
    "dateReserved": "2024-12-27T15:00:39.839Z",
    "dateUpdated": "2025-11-03T20:51:38.620Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53131 (GCVE-0-2024-53131)

Vulnerability from cvelistv5 – Published: 2024-12-04 14:20 – Updated: 2025-11-03 22:29

Title

nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint

Summary

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint Patch series "nilfs2: fix null-ptr-deref bugs on block tracepoints". This series fixes null pointer dereference bugs that occur when using nilfs2 and two block-related tracepoints. This patch (of 2): It has been reported that when using "block:block_touch_buffer" tracepoint, touch_buffer() called from __nilfs_get_folio_block() causes a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens because since the tracepoint was added in touch_buffer(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. In the current implementation, the block_device structure is set after the function returns to the caller. Here, touch_buffer() is used to mark the folio/page that owns the buffer head as accessed, but the common search helper for folio/page used by the caller function was optimized to mark the folio/page as accessed when it was reimplemented a long time ago, eliminating the need to call touch_buffer() here in the first place. So this solves the issue by eliminating the touch_buffer() call itself.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/085556bf8c70e2629…
	https://git.kernel.org/stable/c/6438f3f42cda825f6…
	https://git.kernel.org/stable/c/b017697a517f8779a…
	https://git.kernel.org/stable/c/19c71cdd77973f99a…
	https://git.kernel.org/stable/c/3b2a4fd9bbee77afd…
	https://git.kernel.org/stable/c/59b49ca67cca7b007…
	https://git.kernel.org/stable/c/77e47f89d32c2d72e…
	https://git.kernel.org/stable/c/cd45e963e44b0f10d…

Impacted products

Vendor

Product

Version

Linux

Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < 085556bf8c70e2629e02e79268dac3016a08b8bf (git)
Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < 6438f3f42cda825f6f59b4e45ac3a1da28a6f2c9 (git)
Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < b017697a517f8779ada4e8ce1c2c75dbf60a2636 (git)
Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < 19c71cdd77973f99a9adc3190130bc3aa7ae5423 (git)
Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < 3b2a4fd9bbee77afdd3ed5a05a0c02b6cde8d3b9 (git)
Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < 59b49ca67cca7b007a5afd3de0283c8008157665 (git)
Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < 77e47f89d32c2d72eb33d0becbce7abe14d061f4 (git)
Affected: 5305cb830834549b9203ad4d009ad5483c5e293f , < cd45e963e44b0f10d90b9e6c0e8b4f47f3c92471 (git)

Linux

Affected: 3.9
Unaffected: 0 , < 3.9 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.119 , ≤ 6.1.* (semver)
Unaffected: 6.6.63 , ≤ 6.6.* (semver)
Unaffected: 6.11.10 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:29:36.336Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/page.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "085556bf8c70e2629e02e79268dac3016a08b8bf",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            },
            {
              "lessThan": "6438f3f42cda825f6f59b4e45ac3a1da28a6f2c9",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            },
            {
              "lessThan": "b017697a517f8779ada4e8ce1c2c75dbf60a2636",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            },
            {
              "lessThan": "19c71cdd77973f99a9adc3190130bc3aa7ae5423",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            },
            {
              "lessThan": "3b2a4fd9bbee77afdd3ed5a05a0c02b6cde8d3b9",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            },
            {
              "lessThan": "59b49ca67cca7b007a5afd3de0283c8008157665",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            },
            {
              "lessThan": "77e47f89d32c2d72eb33d0becbce7abe14d061f4",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            },
            {
              "lessThan": "cd45e963e44b0f10d90b9e6c0e8b4f47f3c92471",
              "status": "affected",
              "version": "5305cb830834549b9203ad4d009ad5483c5e293f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/page.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.9"
            },
            {
              "lessThan": "3.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.119",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.63",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.10",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix null-ptr-deref in block_touch_buffer tracepoint\n\nPatch series \"nilfs2: fix null-ptr-deref bugs on block tracepoints\".\n\nThis series fixes null pointer dereference bugs that occur when using\nnilfs2 and two block-related tracepoints.\n\n\nThis patch (of 2):\n\nIt has been reported that when using \"block:block_touch_buffer\"\ntracepoint, touch_buffer() called from __nilfs_get_folio_block() causes a\nNULL pointer dereference, or a general protection fault when KASAN is\nenabled.\n\nThis happens because since the tracepoint was added in touch_buffer(), it\nreferences the dev_t member bh-\u003eb_bdev-\u003ebd_dev regardless of whether the\nbuffer head has a pointer to a block_device structure.  In the current\nimplementation, the block_device structure is set after the function\nreturns to the caller.\n\nHere, touch_buffer() is used to mark the folio/page that owns the buffer\nhead as accessed, but the common search helper for folio/page used by the\ncaller function was optimized to mark the folio/page as accessed when it\nwas reimplemented a long time ago, eliminating the need to call\ntouch_buffer() here in the first place.\n\nSo this solves the issue by eliminating the touch_buffer() call itself."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:53:49.029Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/085556bf8c70e2629e02e79268dac3016a08b8bf"
        },
        {
          "url": "https://git.kernel.org/stable/c/6438f3f42cda825f6f59b4e45ac3a1da28a6f2c9"
        },
        {
          "url": "https://git.kernel.org/stable/c/b017697a517f8779ada4e8ce1c2c75dbf60a2636"
        },
        {
          "url": "https://git.kernel.org/stable/c/19c71cdd77973f99a9adc3190130bc3aa7ae5423"
        },
        {
          "url": "https://git.kernel.org/stable/c/3b2a4fd9bbee77afdd3ed5a05a0c02b6cde8d3b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/59b49ca67cca7b007a5afd3de0283c8008157665"
        },
        {
          "url": "https://git.kernel.org/stable/c/77e47f89d32c2d72eb33d0becbce7abe14d061f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd45e963e44b0f10d90b9e6c0e8b4f47f3c92471"
        }
      ],
      "title": "nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53131",
    "datePublished": "2024-12-04T14:20:37.455Z",
    "dateReserved": "2024-11-19T17:17:24.995Z",
    "dateUpdated": "2025-11-03T22:29:36.336Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21678 (GCVE-0-2025-21678)

Vulnerability from cvelistv5 – Published: 2025-01-31 11:25 – Updated: 2025-11-03 20:58

Title

gtp: Destroy device along with udp socket's netns dismantle.

Summary

In the Linux kernel, the following vulnerability has been resolved: gtp: Destroy device along with udp socket's netns dismantle. gtp_newlink() links the device to a list in dev_net(dev) instead of src_net, where a udp tunnel socket is created. Even when src_net is removed, the device stays alive on dev_net(dev). Then, removing src_net triggers the splat below. [0] In this example, gtp0 is created in ns2, and the udp socket is created in ns1. ip netns add ns1 ip netns add ns2 ip -n ns1 link add netns ns2 name gtp0 type gtp role sgsn ip netns del ns1 Let's link the device to the socket's netns instead. Now, gtp_net_exit_batch_rtnl() needs another netdev iteration to remove all gtp devices in the netns. [0]: ref_tracker: net notrefcnt@000000003d6e7d05 has 1/2 users at sk_alloc (./include/net/net_namespace.h:345 net/core/sock.c:2236) inet_create (net/ipv4/af_inet.c:326 net/ipv4/af_inet.c:252) __sock_create (net/socket.c:1558) udp_sock_create4 (net/ipv4/udp_tunnel_core.c:18) gtp_create_sock (./include/net/udp_tunnel.h:59 drivers/net/gtp.c:1423) gtp_create_sockets (drivers/net/gtp.c:1447) gtp_newlink (drivers/net/gtp.c:1507) rtnl_newlink (net/core/rtnetlink.c:3786 net/core/rtnetlink.c:3897 net/core/rtnetlink.c:4012) rtnetlink_rcv_msg (net/core/rtnetlink.c:6922) netlink_rcv_skb (net/netlink/af_netlink.c:2542) netlink_unicast (net/netlink/af_netlink.c:1321 net/netlink/af_netlink.c:1347) netlink_sendmsg (net/netlink/af_netlink.c:1891) ____sys_sendmsg (net/socket.c:711 net/socket.c:726 net/socket.c:2583) ___sys_sendmsg (net/socket.c:2639) __sys_sendmsg (net/socket.c:2669) do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) WARNING: CPU: 1 PID: 60 at lib/ref_tracker.c:179 ref_tracker_dir_exit (lib/ref_tracker.c:179) Modules linked in: CPU: 1 UID: 0 PID: 60 Comm: kworker/u16:2 Not tainted 6.13.0-rc5-00147-g4c1224501e9d #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 Workqueue: netns cleanup_net RIP: 0010:ref_tracker_dir_exit (lib/ref_tracker.c:179) Code: 00 00 00 fc ff df 4d 8b 26 49 bd 00 01 00 00 00 00 ad de 4c 39 f5 0f 85 df 00 00 00 48 8b 74 24 08 48 89 df e8 a5 cc 12 02 90 <0f> 0b 90 48 8d 6b 44 be 04 00 00 00 48 89 ef e8 80 de 67 ff 48 89 RSP: 0018:ff11000009a07b60 EFLAGS: 00010286 RAX: 0000000000002bd3 RBX: ff1100000f4e1aa0 RCX: 1ffffffff0e40ac6 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8423ee3c RBP: ff1100000f4e1af0 R08: 0000000000000001 R09: fffffbfff0e395ae R10: 0000000000000001 R11: 0000000000036001 R12: ff1100000f4e1af0 R13: dead000000000100 R14: ff1100000f4e1af0 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ff1100006ce80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f9b2464bd98 CR3: 0000000005286005 CR4: 0000000000771ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __warn (kernel/panic.c:748) ? ref_tracker_dir_exit (lib/ref_tracker.c:179) ? report_bug (lib/bug.c:201 lib/bug.c:219) ? handle_bug (arch/x86/kernel/traps.c:285) ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1)) ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621) ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:97 ./arch/x86/include/asm/irqflags.h:155 ./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194) ? ref_tracker_dir_exit (lib/ref_tracker.c:179) ? __pfx_ref_tracker_dir_exit (lib/ref_tracker.c:158) ? kfree (mm/slub.c:4613 mm/slub.c:4761) net_free (net/core/net_namespace.c:476 net/core/net_namespace.c:467) cleanup_net (net/core/net_namespace.c:664 (discriminator 3)) process_one_work (kernel/workqueue.c:3229) worker_thread (kernel/workqueue.c:3304 kernel/workqueue.c:3391 ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c986380c1d5274c4d…
	https://git.kernel.org/stable/c/5f1678346109ff3a6…
	https://git.kernel.org/stable/c/036f8d814a2cd11ee…
	https://git.kernel.org/stable/c/efec287cbac92ac6e…
	https://git.kernel.org/stable/c/bb11f992f5a475bc6…
	https://git.kernel.org/stable/c/86f73d4ab2f27deef…
	https://git.kernel.org/stable/c/eb28fd76c0a08a47b…

Impacted products

	Vendor	Product	Version
	Linux	Linux	Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < c986380c1d5274c4d5e935addc807d6791cc23eb (git) Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < 5f1678346109ff3a6d229d33437fcba3cce9209d

CERTFR-2025-AVI-0308

Solutions

Action not permitted

CERTFR-2025-AVI-0308

Solutions

CVE-2024-53129 (GCVE-0-2024-53129)

CVE-2024-53130 (GCVE-0-2024-53130)

CVE-2024-53194 (GCVE-0-2024-53194)

CVE-2024-56610 (GCVE-0-2024-56610)

CVE-2024-57908 (GCVE-0-2024-57908)

CVE-2025-21692 (GCVE-0-2025-21692)

CVE-2024-56626 (GCVE-0-2024-56626)

CVE-2024-56698 (GCVE-0-2024-56698)

CVE-2024-53063 (GCVE-0-2024-53063)

CVE-2024-49952 (GCVE-0-2024-49952)

CVE-2024-56589 (GCVE-0-2024-56589)

CVE-2024-57841 (GCVE-0-2024-57841)

CVE-2025-21648 (GCVE-0-2025-21648)

CVE-2024-46784 (GCVE-0-2024-46784)

CVE-2024-53181 (GCVE-0-2024-53181)

CVE-2024-53145 (GCVE-0-2024-53145)

CVE-2024-56586 (GCVE-0-2024-56586)

CVE-2024-56763 (GCVE-0-2024-56763)

CVE-2024-55916 (GCVE-0-2024-55916)

CVE-2024-57892 (GCVE-0-2024-57892)

CVE-2024-56619 (GCVE-0-2024-56619)

CVE-2024-44938 (GCVE-0-2024-44938)

CVE-2024-53206 (GCVE-0-2024-53206)

CVE-2024-56708 (GCVE-0-2024-56708)

CVE-2024-56572 (GCVE-0-2024-56572)

CVE-2024-56720 (GCVE-0-2024-56720)

CVE-2024-57850 (GCVE-0-2024-57850)

CVE-2024-56776 (GCVE-0-2024-56776)

CVE-2021-47483 (GCVE-0-2021-47483)

CVE-2024-49925 (GCVE-0-2024-49925)

CVE-2024-53217 (GCVE-0-2024-53217)

CVE-2025-21702 (GCVE-0-2025-21702)

CVE-2024-56568 (GCVE-0-2024-56568)

CVE-2024-36899 (GCVE-0-2024-36899)

CVE-2024-47408 (GCVE-0-2024-47408)

CVE-2024-53184 (GCVE-0-2024-53184)

CVE-2024-57890 (GCVE-0-2024-57890)

CVE-2024-35973 (GCVE-0-2024-35973)

CVE-2024-56670 (GCVE-0-2024-56670)

CVE-2024-56777 (GCVE-0-2024-56777)

CVE-2024-56640 (GCVE-0-2024-56640)

CVE-2024-52332 (GCVE-0-2024-52332)

CVE-2024-56595 (GCVE-0-2024-56595)

CVE-2025-21687 (GCVE-0-2025-21687)

CVE-2024-53156 (GCVE-0-2024-53156)

CVE-2024-56558 (GCVE-0-2024-56558)

CVE-2024-56746 (GCVE-0-2024-56746)

CVE-2024-56724 (GCVE-0-2024-56724)

CVE-2025-21665 (GCVE-0-2025-21665)

CVE-2024-57900 (GCVE-0-2024-57900)

CVE-2025-21699 (GCVE-0-2025-21699)

CVE-2024-56694 (GCVE-0-2024-56694)

CVE-2024-56622 (GCVE-0-2024-56622)

CVE-2024-36476 (GCVE-0-2024-36476)

CVE-2024-50304 (GCVE-0-2024-50304)

CVE-2024-53158 (GCVE-0-2024-53158)

CVE-2024-56602 (GCVE-0-2024-56602)

CVE-2024-53135 (GCVE-0-2024-53135)

CVE-2024-53155 (GCVE-0-2024-53155)

CVE-2024-56578 (GCVE-0-2024-56578)

CVE-2024-50051 (GCVE-0-2024-50051)

CVE-2024-56767 (GCVE-0-2024-56767)

CVE-2025-21697 (GCVE-0-2025-21697)

CVE-2024-53122 (GCVE-0-2024-53122)

CVE-2024-53124 (GCVE-0-2024-53124)

CVE-2024-57931 (GCVE-0-2024-57931)

CVE-2024-53172 (GCVE-0-2024-53172)

CVE-2024-49571 (GCVE-0-2024-49571)

CVE-2024-53112 (GCVE-0-2024-53112)

CVE-2024-56532 (GCVE-0-2024-56532)

CVE-2024-57904 (GCVE-0-2024-57904)

CVE-2025-21683 (GCVE-0-2025-21683)

CVE-2024-56778 (GCVE-0-2024-56778)

CVE-2024-53173 (GCVE-0-2024-53173)

CVE-2025-21666 (GCVE-0-2025-21666)

CVE-2024-56548 (GCVE-0-2024-56548)

CVE-2021-47119 (GCVE-0-2021-47119)