github - ghsa-f53r-mw9w-8p2c

ghsa-f53r-mw9w-8p2c

Vulnerability from github

Published

2024-09-27 15:30

Modified

2024-10-02 15:30

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

In the Linux kernel, the following vulnerability has been resolved:

net: microchip: vcap: Fix use-after-free error in kunit test

This is a clear use-after-free error. We remove it, and rely on checking the return code of vcap_del_rule.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-46831"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-27T13:15:15Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: vcap: Fix use-after-free error in kunit test\n\nThis is a clear use-after-free error. We remove it, and rely on checking\nthe return code of vcap_del_rule.",
  "id": "GHSA-f53r-mw9w-8p2c",
  "modified": "2024-10-02T15:30:37Z",
  "published": "2024-09-27T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46831"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a3c1e45156ad39f225cd7ddae0f81230a3b1e657"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b0804c286ccfcf5f5c004d5bf8a54c0508b5e86b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f7fe95f40c85311c98913fe6ae2c56adb7f767a7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2024-46831 (GCVE-0-2024-46831)

Vulnerability from cvelistv5

Published

2024-09-27 12:39

Modified

2025-05-04 09:35

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap: Fix use-after-free error in kunit test This is a clear use-after-free error. We remove it, and rely on checking the return code of vcap_del_rule.

References

URL

Tags

	https://git.kernel.org/stable/c/b0804c286ccfcf5f5c004d5bf8a54c0508b5e86b
	https://git.kernel.org/stable/c/f7fe95f40c85311c98913fe6ae2c56adb7f767a7
	https://git.kernel.org/stable/c/a3c1e45156ad39f225cd7ddae0f81230a3b1e657

Impacted products

Vendor

Product

Version

Version: c956b9b318d9036701c471dd458f9ed31defc629
Version: c956b9b318d9036701c471dd458f9ed31defc629
Version: c956b9b318d9036701c471dd458f9ed31defc629

Version: 6.2

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46831",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:03:46.116815Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:11:44.754Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b0804c286ccfcf5f5c004d5bf8a54c0508b5e86b",
              "status": "affected",
              "version": "c956b9b318d9036701c471dd458f9ed31defc629",
              "versionType": "git"
            },
            {
              "lessThan": "f7fe95f40c85311c98913fe6ae2c56adb7f767a7",
              "status": "affected",
              "version": "c956b9b318d9036701c471dd458f9ed31defc629",
              "versionType": "git"
            },
            {
              "lessThan": "a3c1e45156ad39f225cd7ddae0f81230a3b1e657",
              "status": "affected",
              "version": "c956b9b318d9036701c471dd458f9ed31defc629",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "lessThan": "6.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: vcap: Fix use-after-free error in kunit test\n\nThis is a clear use-after-free error. We remove it, and rely on checking\nthe return code of vcap_del_rule."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:35:28.677Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b0804c286ccfcf5f5c004d5bf8a54c0508b5e86b"
        },
        {
          "url": "https://git.kernel.org/stable/c/f7fe95f40c85311c98913fe6ae2c56adb7f767a7"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3c1e45156ad39f225cd7ddae0f81230a3b1e657"
        }
      ],
      "title": "net: microchip: vcap: Fix use-after-free error in kunit test",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46831",
    "datePublished": "2024-09-27T12:39:29.078Z",
    "dateReserved": "2024-09-11T15:12:18.286Z",
    "dateUpdated": "2025-05-04T09:35:28.677Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.