cvelistv5 - cve-2024-39461

CVE-2024-39461 (GCVE-0-2024-39461)

Vulnerability from cvelistv5

Published

2024-06-25 14:25

Modified

2025-05-04 09:16

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs the bounds sanitizer about the number of elements in hws, so that it can warn when hws is accessed out of bounds. As noted in that change, the __counted_by member must be initialized with the number of elements before the first array access happens, otherwise there will be a warning from each access prior to the initialization because the number of elements is zero. This occurs in raspberrypi_discover_clocks() due to ->num being assigned after ->hws has been accessed: UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-raspberrypi.c:374:4 index 3 is out of range for type 'struct clk_hw *[] __counted_by(num)' (aka 'struct clk_hw *[]') Move the ->num initialization to before the first access of ->hws, which clears up the warning.

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/6dc445c1905096b2ed4db1a84570375b4e00cc0f	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/9562dbe5cdbb16ac887d27ef6f179980bb99193c	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/cdf9c7871d58d3df59d2775982e3533adb8ec920	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/6dc445c1905096b2ed4db1a84570375b4e00cc0f	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/9562dbe5cdbb16ac887d27ef6f179980bb99193c	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/cdf9c7871d58d3df59d2775982e3533adb8ec920	Patch

Impacted products

Vendor

Product

Version

▼

Linux

Version: f316cdff8d677db9ad9c90acb44c4cd535b0ee27
Version: f316cdff8d677db9ad9c90acb44c4cd535b0ee27
Version: f316cdff8d677db9ad9c90acb44c4cd535b0ee27

Linux

Version: 6.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:14.267Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9562dbe5cdbb16ac887d27ef6f179980bb99193c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cdf9c7871d58d3df59d2775982e3533adb8ec920"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6dc445c1905096b2ed4db1a84570375b4e00cc0f"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39461",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:08:08.266580Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:42.350Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/clk/bcm/clk-raspberrypi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9562dbe5cdbb16ac887d27ef6f179980bb99193c",
              "status": "affected",
              "version": "f316cdff8d677db9ad9c90acb44c4cd535b0ee27",
              "versionType": "git"
            },
            {
              "lessThan": "cdf9c7871d58d3df59d2775982e3533adb8ec920",
              "status": "affected",
              "version": "f316cdff8d677db9ad9c90acb44c4cd535b0ee27",
              "versionType": "git"
            },
            {
              "lessThan": "6dc445c1905096b2ed4db1a84570375b4e00cc0f",
              "status": "affected",
              "version": "f316cdff8d677db9ad9c90acb44c4cd535b0ee27",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/clk/bcm/clk-raspberrypi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.34",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.5",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: bcm: rpi: Assign -\u003enum before accessing -\u003ehws\n\nCommit f316cdff8d67 (\"clk: Annotate struct clk_hw_onecell_data with\n__counted_by\") annotated the hws member of \u0027struct clk_hw_onecell_data\u0027\nwith __counted_by, which informs the bounds sanitizer about the number\nof elements in hws, so that it can warn when hws is accessed out of\nbounds. As noted in that change, the __counted_by member must be\ninitialized with the number of elements before the first array access\nhappens, otherwise there will be a warning from each access prior to the\ninitialization because the number of elements is zero. This occurs in\nraspberrypi_discover_clocks() due to -\u003enum being assigned after -\u003ehws\nhas been accessed:\n\n  UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-raspberrypi.c:374:4\n  index 3 is out of range for type \u0027struct clk_hw *[] __counted_by(num)\u0027 (aka \u0027struct clk_hw *[]\u0027)\n\nMove the -\u003enum initialization to before the first access of -\u003ehws, which\nclears up the warning."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:16:18.680Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9562dbe5cdbb16ac887d27ef6f179980bb99193c"
        },
        {
          "url": "https://git.kernel.org/stable/c/cdf9c7871d58d3df59d2775982e3533adb8ec920"
        },
        {
          "url": "https://git.kernel.org/stable/c/6dc445c1905096b2ed4db1a84570375b4e00cc0f"
        }
      ],
      "title": "clk: bcm: rpi: Assign -\u003enum before accessing -\u003ehws",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39461",
    "datePublished": "2024-06-25T14:25:01.453Z",
    "dateReserved": "2024-06-25T14:23:23.743Z",
    "dateUpdated": "2025-05-04T09:16:18.680Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-39461\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-06-25T15:15:14.500\",\"lastModified\":\"2024-11-21T09:27:42.720\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nclk: bcm: rpi: Assign -\u003enum before accessing -\u003ehws\\n\\nCommit f316cdff8d67 (\\\"clk: Annotate struct clk_hw_onecell_data with\\n__counted_by\\\") annotated the hws member of \u0027struct clk_hw_onecell_data\u0027\\nwith __counted_by, which informs the bounds sanitizer about the number\\nof elements in hws, so that it can warn when hws is accessed out of\\nbounds. As noted in that change, the __counted_by member must be\\ninitialized with the number of elements before the first array access\\nhappens, otherwise there will be a warning from each access prior to the\\ninitialization because the number of elements is zero. This occurs in\\nraspberrypi_discover_clocks() due to -\u003enum being assigned after -\u003ehws\\nhas been accessed:\\n\\n  UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-raspberrypi.c:374:4\\n  index 3 is out of range for type \u0027struct clk_hw *[] __counted_by(num)\u0027 (aka \u0027struct clk_hw *[]\u0027)\\n\\nMove the -\u003enum initialization to before the first access of -\u003ehws, which\\nclears up the warning.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: bcm: rpi: Assign -\u0026gt;num before accessing -\u0026gt;hws Commit f316cdff8d67 (\\\"clk: Annotate struct clk_hw_onecell_data with __counted_by\\\") anot\u00f3 el miembro hws de \u0027struct clk_hw_onecell_data\u0027 con __counted_by, que informa al sanitizante de los l\u00edmites sobre la cantidad de elementos en hws, para que pueda advertir cuando se accede a hws fuera de los l\u00edmites. Como se se\u00f1al\u00f3 en ese cambio, el miembro __counted_by debe inicializarse con la cantidad de elementos antes de que ocurra el primer acceso a la matriz; de lo contrario, habr\u00e1 una advertencia de cada acceso antes de la inicializaci\u00f3n porque la cantidad de elementos es cero. Esto ocurre en raspberrypi_discover_clocks() debido a que -\u0026gt;num se asigna despu\u00e9s de que se haya accedido a -\u0026gt;hws: UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-raspberrypi.c:374:4 index 3 est\u00e1 fuera del rango para el tipo \u0027struct clk_hw *[] __counted_by(num)\u0027 (tambi\u00e9n conocido como \u0027struct clk_hw *[]\u0027) Mueva la inicializaci\u00f3n -\u0026gt;num antes del primer acceso de -\u0026gt;hws, lo que borra la advertencia.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-129\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.6\",\"versionEndExcluding\":\"6.6.34\",\"matchCriteriaId\":\"AC0C6E24-8240-425A-BD1A-F78E6D3A67FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.9.5\",\"matchCriteriaId\":\"8366481F-770F-4850-9D0F-2977BD97D5C5\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/6dc445c1905096b2ed4db1a84570375b4e00cc0f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9562dbe5cdbb16ac887d27ef6f179980bb99193c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cdf9c7871d58d3df59d2775982e3533adb8ec920\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6dc445c1905096b2ed4db1a84570375b4e00cc0f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9562dbe5cdbb16ac887d27ef6f179980bb99193c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cdf9c7871d58d3df59d2775982e3533adb8ec920\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/9562dbe5cdbb16ac887d27ef6f179980bb99193c\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/cdf9c7871d58d3df59d2775982e3533adb8ec920\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/6dc445c1905096b2ed4db1a84570375b4e00cc0f\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T04:26:14.267Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-39461\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T17:08:08.266580Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:25.295Z\"}}], \"cna\": {\"title\": \"clk: bcm: rpi: Assign -\u003enum before accessing -\u003ehws\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"f316cdff8d677db9ad9c90acb44c4cd535b0ee27\", \"lessThan\": \"9562dbe5cdbb16ac887d27ef6f179980bb99193c\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"f316cdff8d677db9ad9c90acb44c4cd535b0ee27\", \"lessThan\": \"cdf9c7871d58d3df59d2775982e3533adb8ec920\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"f316cdff8d677db9ad9c90acb44c4cd535b0ee27\", \"lessThan\": \"6dc445c1905096b2ed4db1a84570375b4e00cc0f\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/clk/bcm/clk-raspberrypi.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.6\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"6.6\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"6.6.34\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.9.5\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.9.*\"}, {\"status\": \"unaffected\", \"version\": \"6.10\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/clk/bcm/clk-raspberrypi.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/9562dbe5cdbb16ac887d27ef6f179980bb99193c\"}, {\"url\": \"https://git.kernel.org/stable/c/cdf9c7871d58d3df59d2775982e3533adb8ec920\"}, {\"url\": \"https://git.kernel.org/stable/c/6dc445c1905096b2ed4db1a84570375b4e00cc0f\"}], \"x_generator\": {\"engine\": \"bippy-5f407fcff5a0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nclk: bcm: rpi: Assign -\u003enum before accessing -\u003ehws\\n\\nCommit f316cdff8d67 (\\\"clk: Annotate struct clk_hw_onecell_data with\\n__counted_by\\\") annotated the hws member of \u0027struct clk_hw_onecell_data\u0027\\nwith __counted_by, which informs the bounds sanitizer about the number\\nof elements in hws, so that it can warn when hws is accessed out of\\nbounds. As noted in that change, the __counted_by member must be\\ninitialized with the number of elements before the first array access\\nhappens, otherwise there will be a warning from each access prior to the\\ninitialization because the number of elements is zero. This occurs in\\nraspberrypi_discover_clocks() due to -\u003enum being assigned after -\u003ehws\\nhas been accessed:\\n\\n  UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-raspberrypi.c:374:4\\n  index 3 is out of range for type \u0027struct clk_hw *[] __counted_by(num)\u0027 (aka \u0027struct clk_hw *[]\u0027)\\n\\nMove the -\u003enum initialization to before the first access of -\u003ehws, which\\nclears up the warning.\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2024-12-19T09:06:36.183Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-39461\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-19T09:06:36.183Z\", \"dateReserved\": \"2024-06-25T14:23:23.743Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-06-25T14:25:01.453Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

WID-SEC-W-2024-1451

Vulnerability from csaf_certbund

Published

2024-06-25 22:00

Modified

2025-08-27 22:00

Summary

Linux Kernel: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1451 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1451.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1451 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1451"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062500-CVE-2024-39468-11d2@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062500-CVE-2024-39469-a1be@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062500-CVE-2024-39470-5b25@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062501-CVE-2024-39471-3dee@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062506-CVE-2021-4440-f8f1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062512-CVE-2024-39461-cdbc@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062513-CVE-2024-39462-f5ec@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062513-CVE-2024-39463-42c8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062513-CVE-2024-39464-6214@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062513-CVE-2024-39465-f827@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062514-CVE-2024-39466-3da4@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062514-CVE-2024-39467-b07d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062546-CVE-2022-48772-8cbe@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062547-CVE-2024-37078-3aaa@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062547-CVE-2024-37354-ccfb@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062547-CVE-2024-38306-c570@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-38385-4b3a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-38661-44a9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-39276-5205@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-39293-d42a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062549-CVE-2024-39296-3976@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062549-CVE-2024-39298-53e8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062549-CVE-2024-39301-6610@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062550-CVE-2024-39362-2d27@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062550-CVE-2024-39371-42fb@gregkh/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2372-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018901.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2360-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018907.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2381-1 vom 2024-07-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018916.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2394-1 vom 2024-07-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018922.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5730 vom 2024-07-16",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00141.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2493-1 vom 2024-07-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018984.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5731 vom 2024-07-17",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00142.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2561-1 vom 2024-07-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019001.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2571-1 vom 2024-07-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019019.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2802-1 vom 2024-08-07",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019133.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:5101 vom 2024-08-08",
        "url": "https://access.redhat.com/errata/RHSA-2024:5101"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:5102 vom 2024-08-08",
        "url": "https://access.redhat.com/errata/RHSA-2024:5102"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6951-1 vom 2024-08-09",
        "url": "https://ubuntu.com/security/notices/USN-6951-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6953-1 vom 2024-08-09",
        "url": "https://ubuntu.com/security/notices/USN-6953-1"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-5101 vom 2024-08-09",
        "url": "https://linux.oracle.com/errata/ELSA-2024-5101.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12581 vom 2024-08-13",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12581.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12584 vom 2024-08-13",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12584.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12585 vom 2024-08-13",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12585.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2894-1 vom 2024-08-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019182.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2896-1 vom 2024-08-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019185.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2902-1 vom 2024-08-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019193.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6951-2 vom 2024-08-14",
        "url": "https://ubuntu.com/security/notices/USN-6951-2"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2901-1 vom 2024-08-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019194.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2929-1 vom 2024-08-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019209.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2939-1 vom 2024-08-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019211.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2947-1 vom 2024-08-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019220.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6951-3 vom 2024-08-19",
        "url": "https://ubuntu.com/security/notices/USN-6951-3"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2973-1 vom 2024-08-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019280.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2024:5101 vom 2024-08-21",
        "url": "https://errata.build.resf.org/RLSA-2024:5101"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6951-4 vom 2024-08-21",
        "url": "https://ubuntu.com/security/notices/USN-6951-4"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6979-1 vom 2024-08-22",
        "url": "https://ubuntu.com/security/notices/USN-6979-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3189-1 vom 2024-09-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019404.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12618 vom 2024-09-12",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12618.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12611 vom 2024-09-11",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12611.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6999-1 vom 2024-09-11",
        "url": "https://ubuntu.com/security/notices/USN-6999-1"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12610 vom 2024-09-12",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12610.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12612 vom 2024-09-12",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12612.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7003-1 vom 2024-09-12",
        "url": "https://ubuntu.com/security/notices/USN-7003-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7003-2 vom 2024-09-12",
        "url": "https://ubuntu.com/security/notices/USN-7003-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7006-1 vom 2024-09-12",
        "url": "https://ubuntu.com/security/notices/USN-7006-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7005-1 vom 2024-09-12",
        "url": "https://ubuntu.com/security/notices/USN-7005-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7004-1 vom 2024-09-12",
        "url": "https://ubuntu.com/security/notices/USN-7004-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7003-3 vom 2024-09-13",
        "url": "https://ubuntu.com/security/notices/USN-7003-3"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7007-1 vom 2024-09-13",
        "url": "https://ubuntu.com/security/notices/USN-7007-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7008-1 vom 2024-09-13",
        "url": "https://ubuntu.com/security/notices/USN-7008-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7005-2 vom 2024-09-13",
        "url": "https://ubuntu.com/security/notices/USN-7005-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7009-1 vom 2024-09-13",
        "url": "https://ubuntu.com/security/notices/USN-7009-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3251-1 vom 2024-09-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019435.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3252-1 vom 2024-09-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019436.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7007-2 vom 2024-09-23",
        "url": "https://ubuntu.com/security/notices/USN-7007-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6999-2 vom 2024-09-23",
        "url": "https://ubuntu.com/security/notices/USN-6999-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7007-3 vom 2024-09-23",
        "url": "https://ubuntu.com/security/notices/USN-7007-3"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7029-1 vom 2024-09-23",
        "url": "https://ubuntu.com/security/notices/USN-7029-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:7001 vom 2024-09-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:7001"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:7000 vom 2024-09-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:7000"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7009-2 vom 2024-09-25",
        "url": "https://ubuntu.com/security/notices/USN-7009-2"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-7000 vom 2024-09-26",
        "url": "https://linux.oracle.com/errata/ELSA-2024-7000.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7003-4 vom 2024-09-26",
        "url": "https://ubuntu.com/security/notices/USN-7003-4"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2024:7001 vom 2024-09-30",
        "url": "https://errata.build.resf.org/RLSA-2024:7001"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7003-5 vom 2024-10-01",
        "url": "https://ubuntu.com/security/notices/USN-7003-5"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-422 vom 2024-10-10",
        "url": "https://www.dell.com/support/kbdoc/de-de/000234730/dsa-2024-422-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12779 vom 2024-10-14",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12779.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8318 vom 2024-10-23",
        "url": "https://access.redhat.com/errata/RHSA-2024:8318"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin",
        "url": "https://www.ibm.com/support/pages/node/7174634"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:9315 vom 2024-11-12",
        "url": "https://access.redhat.com/errata/RHSA-2024:9315"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7166-1 vom 2024-12-17",
        "url": "https://ubuntu.com/security/notices/USN-7166-1"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12887 vom 2024-12-18",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12887.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7166-3 vom 2024-12-20",
        "url": "https://ubuntu.com/security/notices/USN-7166-3"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4008 vom 2025-01-03",
        "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7186-1 vom 2025-01-06",
        "url": "https://ubuntu.com/security/notices/USN-7186-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7184-1 vom 2025-01-06",
        "url": "https://ubuntu.com/security/notices/USN-7184-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7183-1 vom 2025-01-06",
        "url": "https://ubuntu.com/security/notices/USN-7183-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7186-2 vom 2025-01-09",
        "url": "https://ubuntu.com/security/notices/USN-7186-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7185-2 vom 2025-01-09",
        "url": "https://ubuntu.com/security/notices/USN-7185-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7194-1 vom 2025-01-09",
        "url": "https://ubuntu.com/security/notices/USN-7194-1"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-9315 vom 2025-01-13",
        "url": "https://oss.oracle.com/pipermail/el-errata/2025-January/017000.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7233-2 vom 2025-01-30",
        "url": "https://ubuntu.com/security/notices/USN-7233-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7233-3 vom 2025-02-03",
        "url": "https://ubuntu.com/security/notices/USN-7233-3"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2270 vom 2025-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2025:2270"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1912 vom 2025-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2025:1912"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7342-1 vom 2025-03-11",
        "url": "https://ubuntu.com/security/notices/USN-7342-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7344-1 vom 2025-03-11",
        "url": "https://ubuntu.com/security/notices/USN-7344-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7344-2 vom 2025-03-13",
        "url": "https://ubuntu.com/security/notices/USN-7344-2"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20008-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021403.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20028-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021386.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:10701 vom 2025-07-09",
        "url": "https://access.redhat.com/errata/RHSA-2025:10701"
      },
      {
        "category": "external",
        "summary": "Security Update for Dell PowerProtect Data Domain",
        "url": "https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02997-1 vom 2025-08-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022283.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-08-27T22:00:00.000+00:00",
      "generator": {
        "date": "2025-08-28T06:01:20.214+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2024-1451",
      "initial_release_date": "2024-06-25T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-06-25T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-07-09T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-07-10T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-07-15T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-07-16T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-07-18T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-07-22T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-06T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-07T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-08-08T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-08-11T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-08-12T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-08-13T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-14T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
        },
        {
          "date": "2024-08-15T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-18T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-19T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-08-21T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation und Ubuntu aufgenommen"
        },
        {
          "date": "2024-08-22T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-09-10T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-09-11T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Oracle Linux und Ubuntu aufgenommen"
        },
        {
          "date": "2024-09-12T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-09-15T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-09-16T22:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-09-22T22:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-09-23T22:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Ubuntu und Red Hat aufgenommen"
        },
        {
          "date": "2024-09-24T22:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-09-25T22:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-09-30T22:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2024-10-01T22:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-10-09T22:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-10-14T22:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-10-23T22:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-10-31T23:00:00.000+00:00",
          "number": "34",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-11-12T23:00:00.000+00:00",
          "number": "35",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-12-17T23:00:00.000+00:00",
          "number": "36",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-12-18T23:00:00.000+00:00",
          "number": "37",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-12-22T23:00:00.000+00:00",
          "number": "38",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-01-02T23:00:00.000+00:00",
          "number": "39",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-01-06T23:00:00.000+00:00",
          "number": "40",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-01-09T23:00:00.000+00:00",
          "number": "41",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-01-13T23:00:00.000+00:00",
          "number": "42",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2025-01-30T23:00:00.000+00:00",
          "number": "43",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-02-03T23:00:00.000+00:00",
          "number": "44",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-03-04T23:00:00.000+00:00",
          "number": "45",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-03-11T23:00:00.000+00:00",
          "number": "46",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-03-12T23:00:00.000+00:00",
          "number": "47",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-06-04T22:00:00.000+00:00",
          "number": "48",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-07-09T22:00:00.000+00:00",
          "number": "49",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-08-04T22:00:00.000+00:00",
          "number": "50",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2025-08-27T22:00:00.000+00:00",
          "number": "51",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "51"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell PowerProtect Data Domain",
            "product": {
              "name": "Dell PowerProtect Data Domain",
              "product_id": "T045852",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:powerprotect_data_domain:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Dell PowerProtect Data Domain Management Center",
            "product": {
              "name": "Dell PowerProtect Data Domain Management Center",
              "product_id": "T045853",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:powerprotect_data_domain_management_center:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Dell PowerProtect Data Domain OS",
            "product": {
              "name": "Dell PowerProtect Data Domain OS",
              "product_id": "T045854",
              "product_identification_helper": {
                "cpe": "cpe:/o:dell:powerprotect_data_domain_os:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.5.0 UP10 IF01",
                "product": {
                  "name": "IBM QRadar SIEM \u003c7.5.0 UP10 IF01",
                  "product_id": "T038741"
                }
              },
              {
                "category": "product_version",
                "name": "7.5.0 UP10 IF01",
                "product": {
                  "name": "IBM QRadar SIEM 7.5.0 UP10 IF01",
                  "product_id": "T038741-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up10_if01"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "QRadar SIEM"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "T035642",
              "product_identification_helper": {
                "cpe": "cpe:/o:linux:linux_kernel:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-4440",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2021-4440"
    },
    {
      "cve": "CVE-2022-48772",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2022-48772"
    },
    {
      "cve": "CVE-2024-37078",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-37078"
    },
    {
      "cve": "CVE-2024-37354",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-37354"
    },
    {
      "cve": "CVE-2024-38306",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-38306"
    },
    {
      "cve": "CVE-2024-38385",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-38385"
    },
    {
      "cve": "CVE-2024-38661",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-38661"
    },
    {
      "cve": "CVE-2024-39276",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39276"
    },
    {
      "cve": "CVE-2024-39293",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39293"
    },
    {
      "cve": "CVE-2024-39296",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39296"
    },
    {
      "cve": "CVE-2024-39298",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39298"
    },
    {
      "cve": "CVE-2024-39301",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39301"
    },
    {
      "cve": "CVE-2024-39362",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39362"
    },
    {
      "cve": "CVE-2024-39371",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39371"
    },
    {
      "cve": "CVE-2024-39461",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39461"
    },
    {
      "cve": "CVE-2024-39462",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39462"
    },
    {
      "cve": "CVE-2024-39463",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39463"
    },
    {
      "cve": "CVE-2024-39464",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39464"
    },
    {
      "cve": "CVE-2024-39465",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39465"
    },
    {
      "cve": "CVE-2024-39466",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39466"
    },
    {
      "cve": "CVE-2024-39467",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39467"
    },
    {
      "cve": "CVE-2024-39468",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39468"
    },
    {
      "cve": "CVE-2024-39469",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39469"
    },
    {
      "cve": "CVE-2024-39470",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39470"
    },
    {
      "cve": "CVE-2024-39471",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39471"
    }
  ]
}

wid-sec-w-2024-1451

Vulnerability from csaf_certbund

Published

2024-06-25 22:00

Modified

2025-08-27 22:00

Summary

Linux Kernel: Mehrere Schwachstellen

Notes

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1451 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1451.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1451 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1451"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062500-CVE-2024-39468-11d2@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062500-CVE-2024-39469-a1be@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062500-CVE-2024-39470-5b25@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062501-CVE-2024-39471-3dee@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062506-CVE-2021-4440-f8f1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062512-CVE-2024-39461-cdbc@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062513-CVE-2024-39462-f5ec@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062513-CVE-2024-39463-42c8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062513-CVE-2024-39464-6214@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062513-CVE-2024-39465-f827@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062514-CVE-2024-39466-3da4@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062514-CVE-2024-39467-b07d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062546-CVE-2022-48772-8cbe@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062547-CVE-2024-37078-3aaa@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062547-CVE-2024-37354-ccfb@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062547-CVE-2024-38306-c570@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-38385-4b3a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-38661-44a9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-39276-5205@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-39293-d42a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062549-CVE-2024-39296-3976@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062549-CVE-2024-39298-53e8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062549-CVE-2024-39301-6610@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062550-CVE-2024-39362-2d27@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062550-CVE-2024-39371-42fb@gregkh/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2372-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018901.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2360-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018907.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2381-1 vom 2024-07-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018916.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2394-1 vom 2024-07-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018922.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5730 vom 2024-07-16",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00141.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2493-1 vom 2024-07-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018984.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5731 vom 2024-07-17",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00142.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2561-1 vom 2024-07-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019001.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2571-1 vom 2024-07-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019019.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2802-1 vom 2024-08-07",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019133.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:5101 vom 2024-08-08",
        "url": "https://access.redhat.com/errata/RHSA-2024:5101"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:5102 vom 2024-08-08",
        "url": "https://access.redhat.com/errata/RHSA-2024:5102"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6951-1 vom 2024-08-09",
        "url": "https://ubuntu.com/security/notices/USN-6951-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6953-1 vom 2024-08-09",
        "url": "https://ubuntu.com/security/notices/USN-6953-1"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-5101 vom 2024-08-09",
        "url": "https://linux.oracle.com/errata/ELSA-2024-5101.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12581 vom 2024-08-13",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12581.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12584 vom 2024-08-13",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12584.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12585 vom 2024-08-13",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12585.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2894-1 vom 2024-08-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019182.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2896-1 vom 2024-08-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019185.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2902-1 vom 2024-08-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019193.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6951-2 vom 2024-08-14",
        "url": "https://ubuntu.com/security/notices/USN-6951-2"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2901-1 vom 2024-08-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019194.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2929-1 vom 2024-08-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019209.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2939-1 vom 2024-08-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019211.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2947-1 vom 2024-08-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019220.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6951-3 vom 2024-08-19",
        "url": "https://ubuntu.com/security/notices/USN-6951-3"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2973-1 vom 2024-08-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019280.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2024:5101 vom 2024-08-21",
        "url": "https://errata.build.resf.org/RLSA-2024:5101"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6951-4 vom 2024-08-21",
        "url": "https://ubuntu.com/security/notices/USN-6951-4"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6979-1 vom 2024-08-22",
        "url": "https://ubuntu.com/security/notices/USN-6979-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3189-1 vom 2024-09-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019404.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12618 vom 2024-09-12",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12618.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12611 vom 2024-09-11",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12611.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6999-1 vom 2024-09-11",
        "url": "https://ubuntu.com/security/notices/USN-6999-1"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12610 vom 2024-09-12",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12610.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12612 vom 2024-09-12",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12612.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7003-1 vom 2024-09-12",
        "url": "https://ubuntu.com/security/notices/USN-7003-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7003-2 vom 2024-09-12",
        "url": "https://ubuntu.com/security/notices/USN-7003-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7006-1 vom 2024-09-12",
        "url": "https://ubuntu.com/security/notices/USN-7006-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7005-1 vom 2024-09-12",
        "url": "https://ubuntu.com/security/notices/USN-7005-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7004-1 vom 2024-09-12",
        "url": "https://ubuntu.com/security/notices/USN-7004-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7003-3 vom 2024-09-13",
        "url": "https://ubuntu.com/security/notices/USN-7003-3"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7007-1 vom 2024-09-13",
        "url": "https://ubuntu.com/security/notices/USN-7007-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7008-1 vom 2024-09-13",
        "url": "https://ubuntu.com/security/notices/USN-7008-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7005-2 vom 2024-09-13",
        "url": "https://ubuntu.com/security/notices/USN-7005-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7009-1 vom 2024-09-13",
        "url": "https://ubuntu.com/security/notices/USN-7009-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3251-1 vom 2024-09-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019435.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3252-1 vom 2024-09-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019436.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7007-2 vom 2024-09-23",
        "url": "https://ubuntu.com/security/notices/USN-7007-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6999-2 vom 2024-09-23",
        "url": "https://ubuntu.com/security/notices/USN-6999-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7007-3 vom 2024-09-23",
        "url": "https://ubuntu.com/security/notices/USN-7007-3"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7029-1 vom 2024-09-23",
        "url": "https://ubuntu.com/security/notices/USN-7029-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:7001 vom 2024-09-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:7001"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:7000 vom 2024-09-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:7000"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7009-2 vom 2024-09-25",
        "url": "https://ubuntu.com/security/notices/USN-7009-2"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-7000 vom 2024-09-26",
        "url": "https://linux.oracle.com/errata/ELSA-2024-7000.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7003-4 vom 2024-09-26",
        "url": "https://ubuntu.com/security/notices/USN-7003-4"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2024:7001 vom 2024-09-30",
        "url": "https://errata.build.resf.org/RLSA-2024:7001"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7003-5 vom 2024-10-01",
        "url": "https://ubuntu.com/security/notices/USN-7003-5"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-422 vom 2024-10-10",
        "url": "https://www.dell.com/support/kbdoc/de-de/000234730/dsa-2024-422-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12779 vom 2024-10-14",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12779.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8318 vom 2024-10-23",
        "url": "https://access.redhat.com/errata/RHSA-2024:8318"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin",
        "url": "https://www.ibm.com/support/pages/node/7174634"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:9315 vom 2024-11-12",
        "url": "https://access.redhat.com/errata/RHSA-2024:9315"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7166-1 vom 2024-12-17",
        "url": "https://ubuntu.com/security/notices/USN-7166-1"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12887 vom 2024-12-18",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12887.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7166-3 vom 2024-12-20",
        "url": "https://ubuntu.com/security/notices/USN-7166-3"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4008 vom 2025-01-03",
        "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7186-1 vom 2025-01-06",
        "url": "https://ubuntu.com/security/notices/USN-7186-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7184-1 vom 2025-01-06",
        "url": "https://ubuntu.com/security/notices/USN-7184-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7183-1 vom 2025-01-06",
        "url": "https://ubuntu.com/security/notices/USN-7183-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7186-2 vom 2025-01-09",
        "url": "https://ubuntu.com/security/notices/USN-7186-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7185-2 vom 2025-01-09",
        "url": "https://ubuntu.com/security/notices/USN-7185-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7194-1 vom 2025-01-09",
        "url": "https://ubuntu.com/security/notices/USN-7194-1"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-9315 vom 2025-01-13",
        "url": "https://oss.oracle.com/pipermail/el-errata/2025-January/017000.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7233-2 vom 2025-01-30",
        "url": "https://ubuntu.com/security/notices/USN-7233-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7233-3 vom 2025-02-03",
        "url": "https://ubuntu.com/security/notices/USN-7233-3"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2270 vom 2025-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2025:2270"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1912 vom 2025-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2025:1912"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7342-1 vom 2025-03-11",
        "url": "https://ubuntu.com/security/notices/USN-7342-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7344-1 vom 2025-03-11",
        "url": "https://ubuntu.com/security/notices/USN-7344-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7344-2 vom 2025-03-13",
        "url": "https://ubuntu.com/security/notices/USN-7344-2"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20008-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021403.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20028-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021386.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:10701 vom 2025-07-09",
        "url": "https://access.redhat.com/errata/RHSA-2025:10701"
      },
      {
        "category": "external",
        "summary": "Security Update for Dell PowerProtect Data Domain",
        "url": "https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02997-1 vom 2025-08-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022283.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-08-27T22:00:00.000+00:00",
      "generator": {
        "date": "2025-08-28T06:01:20.214+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2024-1451",
      "initial_release_date": "2024-06-25T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-06-25T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-07-09T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-07-10T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-07-15T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-07-16T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-07-18T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-07-22T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-06T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-07T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-08-08T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-08-11T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-08-12T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-08-13T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-14T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
        },
        {
          "date": "2024-08-15T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-18T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-19T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-08-21T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation und Ubuntu aufgenommen"
        },
        {
          "date": "2024-08-22T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-09-10T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-09-11T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Oracle Linux und Ubuntu aufgenommen"
        },
        {
          "date": "2024-09-12T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-09-15T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-09-16T22:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-09-22T22:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-09-23T22:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Ubuntu und Red Hat aufgenommen"
        },
        {
          "date": "2024-09-24T22:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-09-25T22:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-09-30T22:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2024-10-01T22:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-10-09T22:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-10-14T22:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-10-23T22:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-10-31T23:00:00.000+00:00",
          "number": "34",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-11-12T23:00:00.000+00:00",
          "number": "35",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-12-17T23:00:00.000+00:00",
          "number": "36",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-12-18T23:00:00.000+00:00",
          "number": "37",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-12-22T23:00:00.000+00:00",
          "number": "38",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-01-02T23:00:00.000+00:00",
          "number": "39",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-01-06T23:00:00.000+00:00",
          "number": "40",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-01-09T23:00:00.000+00:00",
          "number": "41",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-01-13T23:00:00.000+00:00",
          "number": "42",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2025-01-30T23:00:00.000+00:00",
          "number": "43",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-02-03T23:00:00.000+00:00",
          "number": "44",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-03-04T23:00:00.000+00:00",
          "number": "45",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-03-11T23:00:00.000+00:00",
          "number": "46",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-03-12T23:00:00.000+00:00",
          "number": "47",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-06-04T22:00:00.000+00:00",
          "number": "48",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-07-09T22:00:00.000+00:00",
          "number": "49",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-08-04T22:00:00.000+00:00",
          "number": "50",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2025-08-27T22:00:00.000+00:00",
          "number": "51",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "51"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell PowerProtect Data Domain",
            "product": {
              "name": "Dell PowerProtect Data Domain",
              "product_id": "T045852",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:powerprotect_data_domain:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Dell PowerProtect Data Domain Management Center",
            "product": {
              "name": "Dell PowerProtect Data Domain Management Center",
              "product_id": "T045853",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:powerprotect_data_domain_management_center:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Dell PowerProtect Data Domain OS",
            "product": {
              "name": "Dell PowerProtect Data Domain OS",
              "product_id": "T045854",
              "product_identification_helper": {
                "cpe": "cpe:/o:dell:powerprotect_data_domain_os:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.5.0 UP10 IF01",
                "product": {
                  "name": "IBM QRadar SIEM \u003c7.5.0 UP10 IF01",
                  "product_id": "T038741"
                }
              },
              {
                "category": "product_version",
                "name": "7.5.0 UP10 IF01",
                "product": {
                  "name": "IBM QRadar SIEM 7.5.0 UP10 IF01",
                  "product_id": "T038741-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up10_if01"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "QRadar SIEM"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "T035642",
              "product_identification_helper": {
                "cpe": "cpe:/o:linux:linux_kernel:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-4440",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2021-4440"
    },
    {
      "cve": "CVE-2022-48772",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2022-48772"
    },
    {
      "cve": "CVE-2024-37078",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-37078"
    },
    {
      "cve": "CVE-2024-37354",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-37354"
    },
    {
      "cve": "CVE-2024-38306",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-38306"
    },
    {
      "cve": "CVE-2024-38385",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-38385"
    },
    {
      "cve": "CVE-2024-38661",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-38661"
    },
    {
      "cve": "CVE-2024-39276",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39276"
    },
    {
      "cve": "CVE-2024-39293",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39293"
    },
    {
      "cve": "CVE-2024-39296",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39296"
    },
    {
      "cve": "CVE-2024-39298",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39298"
    },
    {
      "cve": "CVE-2024-39301",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39301"
    },
    {
      "cve": "CVE-2024-39362",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39362"
    },
    {
      "cve": "CVE-2024-39371",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39371"
    },
    {
      "cve": "CVE-2024-39461",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39461"
    },
    {
      "cve": "CVE-2024-39462",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39462"
    },
    {
      "cve": "CVE-2024-39463",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39463"
    },
    {
      "cve": "CVE-2024-39464",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39464"
    },
    {
      "cve": "CVE-2024-39465",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39465"
    },
    {
      "cve": "CVE-2024-39466",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39466"
    },
    {
      "cve": "CVE-2024-39467",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39467"
    },
    {
      "cve": "CVE-2024-39468",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39468"
    },
    {
      "cve": "CVE-2024-39469",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39469"
    },
    {
      "cve": "CVE-2024-39470",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39470"
    },
    {
      "cve": "CVE-2024-39471",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255",
          "T035642",
          "T038741"
        ]
      },
      "release_date": "2024-06-25T22:00:00.000+00:00",
      "title": "CVE-2024-39471"
    }
  ]
}

ghsa-6jf6-455v-8c5m

Vulnerability from github

Published

2024-06-25 15:31

Modified

2024-09-03 18:31

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

In the Linux kernel, the following vulnerability has been resolved:

clk: bcm: rpi: Assign ->num before accessing ->hws

Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs the bounds sanitizer about the number of elements in hws, so that it can warn when hws is accessed out of bounds. As noted in that change, the __counted_by member must be initialized with the number of elements before the first array access happens, otherwise there will be a warning from each access prior to the initialization because the number of elements is zero. This occurs in raspberrypi_discover_clocks() due to ->num being assigned after ->hws has been accessed:

UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-raspberrypi.c:374:4 index 3 is out of range for type 'struct clk_hw [] __counted_by(num)' (aka 'struct clk_hw []')

Move the ->num initialization to before the first access of ->hws, which clears up the warning.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-39461"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-129"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-25T15:15:14Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: bcm: rpi: Assign -\u003enum before accessing -\u003ehws\n\nCommit f316cdff8d67 (\"clk: Annotate struct clk_hw_onecell_data with\n__counted_by\") annotated the hws member of \u0027struct clk_hw_onecell_data\u0027\nwith __counted_by, which informs the bounds sanitizer about the number\nof elements in hws, so that it can warn when hws is accessed out of\nbounds. As noted in that change, the __counted_by member must be\ninitialized with the number of elements before the first array access\nhappens, otherwise there will be a warning from each access prior to the\ninitialization because the number of elements is zero. This occurs in\nraspberrypi_discover_clocks() due to -\u003enum being assigned after -\u003ehws\nhas been accessed:\n\n  UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-raspberrypi.c:374:4\n  index 3 is out of range for type \u0027struct clk_hw *[] __counted_by(num)\u0027 (aka \u0027struct clk_hw *[]\u0027)\n\nMove the -\u003enum initialization to before the first access of -\u003ehws, which\nclears up the warning.",
  "id": "GHSA-6jf6-455v-8c5m",
  "modified": "2024-09-03T18:31:31Z",
  "published": "2024-06-25T15:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39461"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6dc445c1905096b2ed4db1a84570375b4e00cc0f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9562dbe5cdbb16ac887d27ef6f179980bb99193c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cdf9c7871d58d3df59d2775982e3533adb8ec920"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2024-39461

Vulnerability from fkie_nvd

Published

2024-06-25 15:15

Modified

2024-11-21 09:27

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/6dc445c1905096b2ed4db1a84570375b4e00cc0f	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/9562dbe5cdbb16ac887d27ef6f179980bb99193c	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/cdf9c7871d58d3df59d2775982e3533adb8ec920	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/6dc445c1905096b2ed4db1a84570375b4e00cc0f	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/9562dbe5cdbb16ac887d27ef6f179980bb99193c	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/cdf9c7871d58d3df59d2775982e3533adb8ec920	Patch

Impacted products

	Vendor	Product	Version
	linux	linux_kernel	*
	linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0C6E24-8240-425A-BD1A-F78E6D3A67FC",
              "versionEndExcluding": "6.6.34",
              "versionStartIncluding": "6.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8366481F-770F-4850-9D0F-2977BD97D5C5",
              "versionEndExcluding": "6.9.5",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: bcm: rpi: Assign -\u003enum before accessing -\u003ehws\n\nCommit f316cdff8d67 (\"clk: Annotate struct clk_hw_onecell_data with\n__counted_by\") annotated the hws member of \u0027struct clk_hw_onecell_data\u0027\nwith __counted_by, which informs the bounds sanitizer about the number\nof elements in hws, so that it can warn when hws is accessed out of\nbounds. As noted in that change, the __counted_by member must be\ninitialized with the number of elements before the first array access\nhappens, otherwise there will be a warning from each access prior to the\ninitialization because the number of elements is zero. This occurs in\nraspberrypi_discover_clocks() due to -\u003enum being assigned after -\u003ehws\nhas been accessed:\n\n  UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-raspberrypi.c:374:4\n  index 3 is out of range for type \u0027struct clk_hw *[] __counted_by(num)\u0027 (aka \u0027struct clk_hw *[]\u0027)\n\nMove the -\u003enum initialization to before the first access of -\u003ehws, which\nclears up the warning."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: bcm: rpi: Assign -\u0026gt;num before accessing -\u0026gt;hws Commit f316cdff8d67 (\"clk: Annotate struct clk_hw_onecell_data with __counted_by\") anot\u00f3 el miembro hws de \u0027struct clk_hw_onecell_data\u0027 con __counted_by, que informa al sanitizante de los l\u00edmites sobre la cantidad de elementos en hws, para que pueda advertir cuando se accede a hws fuera de los l\u00edmites. Como se se\u00f1al\u00f3 en ese cambio, el miembro __counted_by debe inicializarse con la cantidad de elementos antes de que ocurra el primer acceso a la matriz; de lo contrario, habr\u00e1 una advertencia de cada acceso antes de la inicializaci\u00f3n porque la cantidad de elementos es cero. Esto ocurre en raspberrypi_discover_clocks() debido a que -\u0026gt;num se asigna despu\u00e9s de que se haya accedido a -\u0026gt;hws: UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-raspberrypi.c:374:4 index 3 est\u00e1 fuera del rango para el tipo \u0027struct clk_hw *[] __counted_by(num)\u0027 (tambi\u00e9n conocido como \u0027struct clk_hw *[]\u0027) Mueva la inicializaci\u00f3n -\u0026gt;num antes del primer acceso de -\u0026gt;hws, lo que borra la advertencia."
    }
  ],
  "id": "CVE-2024-39461",
  "lastModified": "2024-11-21T09:27:42.720",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-25T15:15:14.500",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/6dc445c1905096b2ed4db1a84570375b4e00cc0f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/9562dbe5cdbb16ac887d27ef6f179980bb99193c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/cdf9c7871d58d3df59d2775982e3533adb8ec920"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/6dc445c1905096b2ed4db1a84570375b4e00cc0f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/9562dbe5cdbb16ac887d27ef6f179980bb99193c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/cdf9c7871d58d3df59d2775982e3533adb8ec920"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-129"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-39461 (GCVE-0-2024-39461)

Vulnerability from cvelistv5

WID-SEC-W-2024-1451

Vulnerability from csaf_certbund

wid-sec-w-2024-1451

Vulnerability from csaf_certbund

ghsa-6jf6-455v-8c5m

Vulnerability from github

fkie_cve-2024-39461

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature