diff --git a/2022/48xxx/CVE-2022-48627.json b/2022/48xxx/CVE-2022-48627.json
index 9de07b86c31..c0e017e2df6 100644
--- a/2022/48xxx/CVE-2022-48627.json
+++ b/2022/48xxx/CVE-2022-48627.json
@@ -1,18 +1,124 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-48627",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@kernel.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt: fix memory overlapping when deleting chars in the buffer\n\nA memory overlapping copy occurs when deleting a long line. This memory\noverlapping copy can cause data corruption when scr_memcpyw is optimized\nto memcpy because memcpy does not ensure its behavior if the destination\nbuffer overlaps with the source buffer. The line buffer is not always\nbroken, because the memcpy utilizes the hardware acceleration, whose\nresult is not deterministic.\n\nFix this problem by using replacing the scr_memcpyw with scr_memmovew."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Linux",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "81732c3b2fed",
+ "version_value": "bfee93c9a6c3"
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "3.7",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "3.7",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.10.132",
+ "lessThanOrEqual": "5.10.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.15.56",
+ "lessThanOrEqual": "5.15.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.18.13",
+ "lessThanOrEqual": "5.18.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.19",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://git.kernel.org/stable/c/bfee93c9a6c395f9aa62268f1cedf64999844926",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/bfee93c9a6c395f9aa62268f1cedf64999844926"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/57964a5710252bc82fe22d9fa98c180c58c20244",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/57964a5710252bc82fe22d9fa98c180c58c20244"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/14d2cc21ca622310babf373e3a8f0b40acfe8265",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/14d2cc21ca622310babf373e3a8f0b40acfe8265"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/39cdb68c64d84e71a4a717000b6e5de208ee60cc",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/39cdb68c64d84e71a4a717000b6e5de208ee60cc"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "bippy-4986f5686161"
}
}
\ No newline at end of file
diff --git a/2023/52xxx/CVE-2023-52567.json b/2023/52xxx/CVE-2023-52567.json
index 10b764c5ccd..7c73b946427 100644
--- a/2023/52xxx/CVE-2023-52567.json
+++ b/2023/52xxx/CVE-2023-52567.json
@@ -1,18 +1,188 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-52567",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@kernel.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250_port: Check IRQ data before use\n\nIn case the leaf driver wants to use IRQ polling (irq = 0) and\nIIR register shows that an interrupt happened in the 8250 hardware\nthe IRQ data can be NULL. In such a case we need to skip the wake\nevent as we came to this path from the timer interrupt and quite\nlikely system is already awake.\n\nWithout this fix we have got an Oops:\n\n serial8250: ttyS0 at I/O 0x3f8 (irq = 0, base_baud = 115200) is a 16550A\n ...\n BUG: kernel NULL pointer dereference, address: 0000000000000010\n RIP: 0010:serial8250_handle_irq+0x7c/0x240\n Call Trace:\n ? serial8250_handle_irq+0x7c/0x240\n ? __pfx_serial8250_timeout+0x10/0x10"
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Linux",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "edfe57aedff4",
+ "version_value": "ee5732caaffb"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "0bd49a043c79",
+ "version_value": "c334650150c2"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "572d48361aa0",
+ "version_value": "bf3c728e3692"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "d5d628fea5f6",
+ "version_value": "e14afa4450cb"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "424cf2929635",
+ "version_value": "2b837f13a818"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "727e92fe13e8",
+ "version_value": "e14f68a48fd4"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "0ba9e3a13c6a",
+ "version_value": "3345cc5f02f1"
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "4.14.327",
+ "lessThanOrEqual": "4.14.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "4.19.296",
+ "lessThanOrEqual": "4.19.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.4.258",
+ "lessThanOrEqual": "5.4.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.10.198",
+ "lessThanOrEqual": "5.10.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.15.134",
+ "lessThanOrEqual": "5.15.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.1.56",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.5.6",
+ "lessThanOrEqual": "6.5.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.6",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://git.kernel.org/stable/c/ee5732caaffba3a37e753fdb89b4958db9a61847",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/ee5732caaffba3a37e753fdb89b4958db9a61847"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/c334650150c29234b0923476f51573ae1b2f252a",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/c334650150c29234b0923476f51573ae1b2f252a"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/bf3c728e3692cc6d998874f0f27d433117348742",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/bf3c728e3692cc6d998874f0f27d433117348742"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/e14afa4450cb7e4cf93e993a765801203d41d014",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/e14afa4450cb7e4cf93e993a765801203d41d014"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/2b837f13a818f96304736453ac53b66a70aaa4f2",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/2b837f13a818f96304736453ac53b66a70aaa4f2"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/e14f68a48fd445a083ac0750fafcb064df5f18f7",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/e14f68a48fd445a083ac0750fafcb064df5f18f7"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/3345cc5f02f1fb4c4dcb114706f2210d879ab933",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/3345cc5f02f1fb4c4dcb114706f2210d879ab933"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/cce7fc8b29961b64fadb1ce398dc5ff32a79643b",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/cce7fc8b29961b64fadb1ce398dc5ff32a79643b"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "bippy-4986f5686161"
}
}
\ No newline at end of file
diff --git a/2023/52xxx/CVE-2023-52568.json b/2023/52xxx/CVE-2023-52568.json
index de743694f76..0174da14af1 100644
--- a/2023/52xxx/CVE-2023-52568.json
+++ b/2023/52xxx/CVE-2023-52568.json
@@ -1,18 +1,113 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-52568",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@kernel.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sgx: Resolves SECS reclaim vs. page fault for EAUG race\n\nThe SGX EPC reclaimer (ksgxd) may reclaim the SECS EPC page for an\nenclave and set secs.epc_page to NULL. The SECS page is used for EAUG\nand ELDU in the SGX page fault handler. However, the NULL check for\nsecs.epc_page is only done for ELDU, not EAUG before being used.\n\nFix this by doing the same NULL check and reloading of the SECS page as\nneeded for both EAUG and ELDU.\n\nThe SECS page holds global enclave metadata. It can only be reclaimed\nwhen there are no other enclave pages remaining. At that point,\nvirtually nothing can be done with the enclave until the SECS page is\npaged back in.\n\nAn enclave can not run nor generate page faults without a resident SECS\npage. But it is still possible for a #PF for a non-SECS page to race\nwith paging out the SECS page: when the last resident non-SECS page A\ntriggers a #PF in a non-resident page B, and then page A and the SECS\nboth are paged out before the #PF on B is handled.\n\nHitting this bug requires that race triggered with a #PF for EAUG.\nFollowing is a trace when it happens.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nRIP: 0010:sgx_encl_eaug_page+0xc7/0x210\nCall Trace:\n ? __kmem_cache_alloc_node+0x16a/0x440\n ? xa_load+0x6e/0xa0\n sgx_vma_fault+0x119/0x230\n __do_fault+0x36/0x140\n do_fault+0x12f/0x400\n __handle_mm_fault+0x728/0x1110\n handle_mm_fault+0x105/0x310\n do_user_addr_fault+0x1ee/0x750\n ? __this_cpu_preempt_check+0x13/0x20\n exc_page_fault+0x76/0x180\n asm_exc_page_fault+0x27/0x30"
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Linux",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5a90d2c3f5ef",
+ "version_value": "811ba2ef0cb6"
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "6.0",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "6.0",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.1.56",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.5.6",
+ "lessThanOrEqual": "6.5.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.6",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://git.kernel.org/stable/c/811ba2ef0cb6402672e64ba1419d6ef95aa3405d",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/811ba2ef0cb6402672e64ba1419d6ef95aa3405d"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/1348f7f15d7c7798456856bee74a4235c2da994e",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/1348f7f15d7c7798456856bee74a4235c2da994e"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/c6c2adcba50c2622ed25ba5d5e7f05f584711358",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/c6c2adcba50c2622ed25ba5d5e7f05f584711358"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "bippy-4986f5686161"
}
}
\ No newline at end of file
diff --git a/2023/52xxx/CVE-2023-52569.json b/2023/52xxx/CVE-2023-52569.json
index 2e1e8dbb741..a0d00f137b3 100644
--- a/2023/52xxx/CVE-2023-52569.json
+++ b/2023/52xxx/CVE-2023-52569.json
@@ -1,18 +1,103 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-52569",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@kernel.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: remove BUG() after failure to insert delayed dir index item\n\nInstead of calling BUG() when we fail to insert a delayed dir index item\ninto the delayed node's tree, we can just release all the resources we\nhave allocated/acquired before and return the error to the caller. This is\nfine because all existing call chains undo anything they have done before\ncalling btrfs_insert_delayed_dir_index() or BUG_ON (when creating pending\nsnapshots in the transaction commit path).\n\nSo remove the BUG() call and do proper error handling.\n\nThis relates to a syzbot report linked below, but does not fix it because\nit only prevents hitting a BUG(), it does not fix the issue where somehow\nwe attempt to use twice the same index number for different index items."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Linux",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1da177e4c3f4",
+ "version_value": "39c4a9522db0"
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "6.1.56",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.5.6",
+ "lessThanOrEqual": "6.5.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.6",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://git.kernel.org/stable/c/39c4a9522db0072570d602e9b365119e17fb9f4f",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/39c4a9522db0072570d602e9b365119e17fb9f4f"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/d10fd53393cc5de4b9cf1a4b8f9984f0a037aa51",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/d10fd53393cc5de4b9cf1a4b8f9984f0a037aa51"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/2c58c3931ede7cd08cbecf1f1a4acaf0a04a41a9",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/2c58c3931ede7cd08cbecf1f1a4acaf0a04a41a9"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "bippy-4986f5686161"
}
}
\ No newline at end of file
diff --git a/2023/52xxx/CVE-2023-52570.json b/2023/52xxx/CVE-2023-52570.json
index db9482a117a..b2ddf0c3451 100644
--- a/2023/52xxx/CVE-2023-52570.json
+++ b/2023/52xxx/CVE-2023-52570.json
@@ -1,18 +1,113 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-52570",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@kernel.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/mdev: Fix a null-ptr-deref bug for mdev_unregister_parent()\n\nInject fault while probing mdpy.ko, if kstrdup() of create_dir() fails in\nkobject_add_internal() in kobject_init_and_add() in mdev_type_add()\nin parent_create_sysfs_files(), it will return 0 and probe successfully.\nAnd when rmmod mdpy.ko, the mdpy_dev_exit() will call\nmdev_unregister_parent(), the mdev_type_remove() may traverse uninitialized\nparent->types[i] in parent_remove_sysfs_files(), and it will cause\nbelow null-ptr-deref.\n\nIf mdev_type_add() fails, return the error code and kset_unregister()\nto fix the issue.\n\n general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n CPU: 2 PID: 10215 Comm: rmmod Tainted: G W N 6.6.0-rc2+ #20\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:__kobject_del+0x62/0x1c0\n Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 51 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 6b 28 48 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 24 01 00 00 48 8b 75 10 48 89 df 48 8d 6b 3c e8\n RSP: 0018:ffff88810695fd30 EFLAGS: 00010202\n RAX: dffffc0000000000 RBX: ffffffffa0270268 RCX: 0000000000000000\n RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000010\n RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed10233a4ef1\n R10: ffff888119d2778b R11: 0000000063666572 R12: 0000000000000000\n R13: fffffbfff404e2d4 R14: dffffc0000000000 R15: ffffffffa0271660\n FS: 00007fbc81981540(0000) GS:ffff888119d00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fc14a142dc0 CR3: 0000000110a62003 CR4: 0000000000770ee0\n DR0: ffffffff8fb0bce8 DR1: ffffffff8fb0bce9 DR2: ffffffff8fb0bcea\n DR3: ffffffff8fb0bceb DR6: 00000000fffe0ff0 DR7: 0000000000000600\n PKRU: 55555554\n Call Trace:\n \n ? die_addr+0x3d/0xa0\n ? exc_general_protection+0x144/0x220\n ? asm_exc_general_protection+0x22/0x30\n ? __kobject_del+0x62/0x1c0\n kobject_del+0x32/0x50\n parent_remove_sysfs_files+0xd6/0x170 [mdev]\n mdev_unregister_parent+0xfb/0x190 [mdev]\n ? mdev_register_parent+0x270/0x270 [mdev]\n ? find_module_all+0x9d/0xe0\n mdpy_dev_exit+0x17/0x63 [mdpy]\n __do_sys_delete_module.constprop.0+0x2fa/0x4b0\n ? module_flags+0x300/0x300\n ? __fput+0x4e7/0xa00\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n RIP: 0033:0x7fbc813221b7\n Code: 73 01 c3 48 8b 0d d1 8c 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 b0 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a1 8c 2c 00 f7 d8 64 89 01 48\n RSP: 002b:00007ffe780e0648 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0\n RAX: ffffffffffffffda RBX: 00007ffe780e06a8 RCX: 00007fbc813221b7\n RDX: 000000000000000a RSI: 0000000000000800 RDI: 000055e214df9b58\n RBP: 000055e214df9af0 R08: 00007ffe780df5c1 R09: 0000000000000000\n R10: 00007fbc8139ecc0 R11: 0000000000000206 R12: 00007ffe780e0870\n R13: 00007ffe780e0ed0 R14: 000055e214df9260 R15: 000055e214df9af0\n \n Modules linked in: mdpy(-) mdev vfio_iommu_type1 vfio [last unloaded: mdpy]\n Dumping ftrace buffer:\n (ftrace buffer empty)\n ---[ end trace 0000000000000000 ]---\n RIP: 0010:__kobject_del+0x62/0x1c0\n Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 51 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 6b 28 48 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 24 01 00 00 48 8b 75 10 48 89 df 48 8d 6b 3c e8\n RSP: 0018:ffff88810695fd30 EFLAGS: 00010202\n RAX: dffffc0000000000 RBX: ffffffffa0270268 RCX: 0000000000000000\n RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000010\n RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed10233a4ef1\n R10: ffff888119d2778b R11: 0000000063666572 R12: 0000000000000000\n R13: fffffbfff404e2d4 R14: dffffc0000000000 R15: ffffffffa0271660\n FS: 00007fbc81981540(0000) GS:ffff888119d00000(000\n---truncated---"
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Linux",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "da44c340c4fe",
+ "version_value": "c01b2e0ee22e"
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "6.1",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "6.1",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.1.56",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.5.6",
+ "lessThanOrEqual": "6.5.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.6",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://git.kernel.org/stable/c/c01b2e0ee22ef8b4dd7509a93aecc0ac0826bae4",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/c01b2e0ee22ef8b4dd7509a93aecc0ac0826bae4"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/52093779b1830ac184a23848d971f06404cf513e",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/52093779b1830ac184a23848d971f06404cf513e"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/c777b11d34e0f47dbbc4b018ef65ad030f2b283a",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/c777b11d34e0f47dbbc4b018ef65ad030f2b283a"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "bippy-4986f5686161"
}
}
\ No newline at end of file
diff --git a/2023/52xxx/CVE-2023-52571.json b/2023/52xxx/CVE-2023-52571.json
index 662a334e4cc..7bbaa12f648 100644
--- a/2023/52xxx/CVE-2023-52571.json
+++ b/2023/52xxx/CVE-2023-52571.json
@@ -1,18 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-52571",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@kernel.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: rk817: Fix node refcount leak\n\nDan Carpenter reports that the Smatch static checker warning has found\nthat there is another refcount leak in the probe function. While\nof_node_put() was added in one of the return paths, it should in\nfact be added for ALL return paths that return an error and at driver\nremoval time."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Linux",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "7d1e3961725e",
+ "version_value": "fe6406238d5a"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "54c03bfd094f",
+ "version_value": "70326b46b6a0"
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "6.1.56",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.5.6",
+ "lessThanOrEqual": "6.5.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.6",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://git.kernel.org/stable/c/fe6406238d5a24e9fb0286c71edd67b99d8db58d",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/fe6406238d5a24e9fb0286c71edd67b99d8db58d"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/70326b46b6a043f7e7404b2ff678b033c06d6577",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/70326b46b6a043f7e7404b2ff678b033c06d6577"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/488ef44c068e79752dba8eda0b75f524f111a695",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/488ef44c068e79752dba8eda0b75f524f111a695"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "bippy-4986f5686161"
}
}
\ No newline at end of file
diff --git a/2023/52xxx/CVE-2023-52572.json b/2023/52xxx/CVE-2023-52572.json
index 9663ee06784..66d2b3166f7 100644
--- a/2023/52xxx/CVE-2023-52572.json
+++ b/2023/52xxx/CVE-2023-52572.json
@@ -1,18 +1,113 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-52572",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@kernel.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix UAF in cifs_demultiplex_thread()\n\nThere is a UAF when xfstests on cifs:\n\n BUG: KASAN: use-after-free in smb2_is_network_name_deleted+0x27/0x160\n Read of size 4 at addr ffff88810103fc08 by task cifsd/923\n\n CPU: 1 PID: 923 Comm: cifsd Not tainted 6.1.0-rc4+ #45\n ...\n Call Trace:\n \n dump_stack_lvl+0x34/0x44\n print_report+0x171/0x472\n kasan_report+0xad/0x130\n kasan_check_range+0x145/0x1a0\n smb2_is_network_name_deleted+0x27/0x160\n cifs_demultiplex_thread.cold+0x172/0x5a4\n kthread+0x165/0x1a0\n ret_from_fork+0x1f/0x30\n \n\n Allocated by task 923:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n __kasan_slab_alloc+0x54/0x60\n kmem_cache_alloc+0x147/0x320\n mempool_alloc+0xe1/0x260\n cifs_small_buf_get+0x24/0x60\n allocate_buffers+0xa1/0x1c0\n cifs_demultiplex_thread+0x199/0x10d0\n kthread+0x165/0x1a0\n ret_from_fork+0x1f/0x30\n\n Freed by task 921:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x2a/0x40\n ____kasan_slab_free+0x143/0x1b0\n kmem_cache_free+0xe3/0x4d0\n cifs_small_buf_release+0x29/0x90\n SMB2_negotiate+0x8b7/0x1c60\n smb2_negotiate+0x51/0x70\n cifs_negotiate_protocol+0xf0/0x160\n cifs_get_smb_ses+0x5fa/0x13c0\n mount_get_conns+0x7a/0x750\n cifs_mount+0x103/0xd00\n cifs_smb3_do_mount+0x1dd/0xcb0\n smb3_get_tree+0x1d5/0x300\n vfs_get_tree+0x41/0xf0\n path_mount+0x9b3/0xdd0\n __x64_sys_mount+0x190/0x1d0\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThe UAF is because:\n\n mount(pid: 921) | cifsd(pid: 923)\n-------------------------------|-------------------------------\n | cifs_demultiplex_thread\nSMB2_negotiate |\n cifs_send_recv |\n compound_send_recv |\n smb_send_rqst |\n wait_for_response |\n wait_event_state [1] |\n | standard_receive3\n | cifs_handle_standard\n | handle_mid\n | mid->resp_buf = buf; [2]\n | dequeue_mid [3]\n KILL the process [4] |\n resp_iov[i].iov_base = buf |\n free_rsp_buf [5] |\n | is_network_name_deleted [6]\n | callback\n\n1. After send request to server, wait the response until\n mid->mid_state != SUBMITTED;\n2. Receive response from server, and set it to mid;\n3. Set the mid state to RECEIVED;\n4. Kill the process, the mid state already RECEIVED, get 0;\n5. Handle and release the negotiate response;\n6. UAF.\n\nIt can be easily reproduce with add some delay in [3] - [6].\n\nOnly sync call has the problem since async call's callback is\nexecuted in cifsd process.\n\nAdd an extra state to mark the mid state to READY before wakeup the\nwaitter, then it can get the resp safely."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Linux",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "ec637e3ffb6b",
+ "version_value": "908b3b5e97d2"
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "2.6.16",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "2.6.16",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.1.56",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.5.6",
+ "lessThanOrEqual": "6.5.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.6",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://git.kernel.org/stable/c/908b3b5e97d25e879de3d1f172a255665491c2c3",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/908b3b5e97d25e879de3d1f172a255665491c2c3"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/76569e3819e0bb59fc19b1b8688b017e627c268a",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/76569e3819e0bb59fc19b1b8688b017e627c268a"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/d527f51331cace562393a8038d870b3e9916686f",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/d527f51331cace562393a8038d870b3e9916686f"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "bippy-4986f5686161"
}
}
\ No newline at end of file
diff --git a/2023/52xxx/CVE-2023-52573.json b/2023/52xxx/CVE-2023-52573.json
index e2150513083..adcde771ee6 100644
--- a/2023/52xxx/CVE-2023-52573.json
+++ b/2023/52xxx/CVE-2023-52573.json
@@ -1,18 +1,146 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-52573",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@kernel.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rds: Fix possible NULL-pointer dereference\n\nIn rds_rdma_cm_event_handler_cmn() check, if conn pointer exists\nbefore dereferencing it as rdma_set_service_type() argument\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Linux",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "fd261ce6a30e",
+ "version_value": "812da2a08dc5"
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "5.1",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "5.1",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.4.258",
+ "lessThanOrEqual": "5.4.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.10.198",
+ "lessThanOrEqual": "5.10.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.15.134",
+ "lessThanOrEqual": "5.15.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.1.56",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.5.6",
+ "lessThanOrEqual": "6.5.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.6",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://git.kernel.org/stable/c/812da2a08dc5cc75fb71e29083ea20904510ac7a",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/812da2a08dc5cc75fb71e29083ea20904510ac7a"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/f515112e833791001aaa8ab886af3ca78503617f",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/f515112e833791001aaa8ab886af3ca78503617f"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/ea82139e6e3561100d38d14401d57c0ea93fc07e",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/ea82139e6e3561100d38d14401d57c0ea93fc07e"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/51fa66024a5eabf270164f2dc82a48ffb35a12e9",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/51fa66024a5eabf270164f2dc82a48ffb35a12e9"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/069ac51c37a6f07a51f7134d8c34289075786a35",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/069ac51c37a6f07a51f7134d8c34289075786a35"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/f1d95df0f31048f1c59092648997686e3f7d9478",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/f1d95df0f31048f1c59092648997686e3f7d9478"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "bippy-4986f5686161"
}
}
\ No newline at end of file
diff --git a/2023/52xxx/CVE-2023-52574.json b/2023/52xxx/CVE-2023-52574.json
index 100c4c5ebfd..8ad5119f3fe 100644
--- a/2023/52xxx/CVE-2023-52574.json
+++ b/2023/52xxx/CVE-2023-52574.json
@@ -1,18 +1,168 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-52574",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@kernel.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nteam: fix null-ptr-deref when team device type is changed\n\nGet a null-ptr-deref bug as follows with reproducer [1].\n\nBUG: kernel NULL pointer dereference, address: 0000000000000228\n...\nRIP: 0010:vlan_dev_hard_header+0x35/0x140 [8021q]\n...\nCall Trace:\n \n ? __die+0x24/0x70\n ? page_fault_oops+0x82/0x150\n ? exc_page_fault+0x69/0x150\n ? asm_exc_page_fault+0x26/0x30\n ? vlan_dev_hard_header+0x35/0x140 [8021q]\n ? vlan_dev_hard_header+0x8e/0x140 [8021q]\n neigh_connected_output+0xb2/0x100\n ip6_finish_output2+0x1cb/0x520\n ? nf_hook_slow+0x43/0xc0\n ? ip6_mtu+0x46/0x80\n ip6_finish_output+0x2a/0xb0\n mld_sendpack+0x18f/0x250\n mld_ifc_work+0x39/0x160\n process_one_work+0x1e6/0x3f0\n worker_thread+0x4d/0x2f0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xe5/0x120\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n\n[1]\n$ teamd -t team0 -d -c '{\"runner\": {\"name\": \"loadbalance\"}}'\n$ ip link add name t-dummy type dummy\n$ ip link add link t-dummy name t-dummy.100 type vlan id 100\n$ ip link add name t-nlmon type nlmon\n$ ip link set t-nlmon master team0\n$ ip link set t-nlmon nomaster\n$ ip link set t-dummy up\n$ ip link set team0 up\n$ ip link set t-dummy.100 down\n$ ip link set t-dummy.100 master team0\n\nWhen enslave a vlan device to team device and team device type is changed\nfrom non-ether to ether, header_ops of team device is changed to\nvlan_header_ops. That is incorrect and will trigger null-ptr-deref\nfor vlan->real_dev in vlan_dev_hard_header() because team device is not\na vlan device.\n\nCache eth_header_ops in team_setup(), then assign cached header_ops to\nheader_ops of team net device when its type is changed from non-ether\nto ether to fix the bug."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Linux",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1d76efe1577b",
+ "version_value": "1779eb51b9cc"
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "3.7",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "3.7",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "4.14.327",
+ "lessThanOrEqual": "4.14.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "4.19.296",
+ "lessThanOrEqual": "4.19.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.4.258",
+ "lessThanOrEqual": "5.4.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.10.198",
+ "lessThanOrEqual": "5.10.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.15.134",
+ "lessThanOrEqual": "5.15.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.1.56",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.5.6",
+ "lessThanOrEqual": "6.5.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.6",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://git.kernel.org/stable/c/1779eb51b9cc628cee551f252701a85a2a50a457",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/1779eb51b9cc628cee551f252701a85a2a50a457"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/a7fb47b9711101d2405b0eb1276fb1f9b9b270c7",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/a7fb47b9711101d2405b0eb1276fb1f9b9b270c7"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/c5f6478686bb45f453031594ae19b6c9723a780d",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/c5f6478686bb45f453031594ae19b6c9723a780d"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/b44dd92e2afd89eb6e9d27616858e72a67bdc1a7",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/b44dd92e2afd89eb6e9d27616858e72a67bdc1a7"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/cd05eec2ee0cc396813a32ef675634e403748255",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/cd05eec2ee0cc396813a32ef675634e403748255"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/2f0acb0736ecc3eb85dc80ad2790d634dcb10b58",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/2f0acb0736ecc3eb85dc80ad2790d634dcb10b58"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/cac50d9f5d876be32cb9aa21c74018468900284d",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/cac50d9f5d876be32cb9aa21c74018468900284d"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/492032760127251e5540a5716a70996bacf2a3fd",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/492032760127251e5540a5716a70996bacf2a3fd"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "bippy-4986f5686161"
}
}
\ No newline at end of file
diff --git a/2023/52xxx/CVE-2023-52575.json b/2023/52xxx/CVE-2023-52575.json
index b8ea8b333c8..f931b1ece80 100644
--- a/2023/52xxx/CVE-2023-52575.json
+++ b/2023/52xxx/CVE-2023-52575.json
@@ -1,18 +1,140 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-52575",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@kernel.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/srso: Fix SBPB enablement for spec_rstack_overflow=off\n\nIf the user has requested no SRSO mitigation, other mitigations can use\nthe lighter-weight SBPB instead of IBPB."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Linux",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "8457fb5740b1",
+ "version_value": "ae806c74c063"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "153f9a7b02d4",
+ "version_value": "13ea4b92e875"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "4f25355540ad",
+ "version_value": "adbcec23c842"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "fb3bd914b3ec",
+ "version_value": "e3cb8b2c391b"
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "5.10.198",
+ "lessThanOrEqual": "5.10.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.15.134",
+ "lessThanOrEqual": "5.15.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.1.56",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.5.6",
+ "lessThanOrEqual": "6.5.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.6",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://git.kernel.org/stable/c/ae806c74c0634b0c23855066d8ba28d850fd1260",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/ae806c74c0634b0c23855066d8ba28d850fd1260"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/13ea4b92e8759d2f6c330a73cde31ad9c313021b",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/13ea4b92e8759d2f6c330a73cde31ad9c313021b"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/adbcec23c8423e3d5df1839c5ae91599dcf703cb",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/adbcec23c8423e3d5df1839c5ae91599dcf703cb"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/e3cb8b2c391b1f287eb76df4ba37880f4ea56d8a",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/e3cb8b2c391b1f287eb76df4ba37880f4ea56d8a"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/01b057b2f4cc2d905a0bd92195657dbd9a7005ab",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/01b057b2f4cc2d905a0bd92195657dbd9a7005ab"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "bippy-4986f5686161"
}
}
\ No newline at end of file
diff --git a/2023/52xxx/CVE-2023-52576.json b/2023/52xxx/CVE-2023-52576.json
index 30209818e3d..f79c415d42f 100644
--- a/2023/52xxx/CVE-2023-52576.json
+++ b/2023/52xxx/CVE-2023-52576.json
@@ -1,18 +1,113 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-52576",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@kernel.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer()\n\nThe code calling ima_free_kexec_buffer() runs long after the memblock\nallocator has already been torn down, potentially resulting in a use\nafter free in memblock_isolate_range().\n\nWith KASAN or KFENCE, this use after free will result in a BUG\nfrom the idle task, and a subsequent kernel panic.\n\nSwitch ima_free_kexec_buffer() over to memblock_free_late() to avoid\nthat bug."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Linux",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "fee3ff99bc67",
+ "version_value": "eef16bfdb212"
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "5.13",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "5.13",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.1.56",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.5.6",
+ "lessThanOrEqual": "6.5.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.6",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://git.kernel.org/stable/c/eef16bfdb212da60f5144689f2967fb25b051a2b",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/eef16bfdb212da60f5144689f2967fb25b051a2b"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/d2dfbc0e3b7a04c2d941421a958dc31c897fb204",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/d2dfbc0e3b7a04c2d941421a958dc31c897fb204"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/34cf99c250d5cd2530b93a57b0de31d3aaf8685b",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/34cf99c250d5cd2530b93a57b0de31d3aaf8685b"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "bippy-4986f5686161"
}
}
\ No newline at end of file
diff --git a/2024/0xxx/CVE-2024-0795.json b/2024/0xxx/CVE-2024-0795.json
index 07f18efd4ca..f9a9f900189 100644
--- a/2024/0xxx/CVE-2024-0795.json
+++ b/2024/0xxx/CVE-2024-0795.json
@@ -1,17 +1,91 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0795",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@huntr.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an `admin` role and then be able to use this new account to have elevated privileges on the instance"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-284 Improper Access Control",
+ "cweId": "CWE-284"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "mintplex-labs",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "mintplex-labs/anything-llm",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "unspecified",
+ "version_value": "1.0.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec",
+ "refsource": "MISC",
+ "name": "https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec"
+ },
+ {
+ "url": "https://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564",
+ "refsource": "MISC",
+ "name": "https://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "f69e3307-7b44-4776-ac60-2990990723ec",
+ "discovery": "EXTERNAL"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.0",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
}
]
}