admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 14:08:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-04-02 14:01:26 +00:00
parent 927e2271b0
commit 2284993dae
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
2 changed files with 143 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

144
2023/52xxx/CVE-2023-52605.json
View File

@ -5,14 +5,154 @@
"CVE_data_meta": {
"ID": "CVE-2023-52605",
"ASSIGNER": "cve@kernel.org",
"STATE": "REJECT"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: extlog: fix NULL pointer dereference check\n\nThe gcc plugin -fanalyzer [1] tries to detect various\npatterns of incorrect behaviour. The tool reports:\n\ndrivers/acpi/acpi_extlog.c: In function \u2018extlog_exit\u2019:\ndrivers/acpi/acpi_extlog.c:307:12: warning: check of \u2018extlog_l1_addr\u2019 for NULL after already dereferencing it [-Wanalyzer-deref-before-check]\n |\n | 306 | ((struct extlog_l1_head *)extlog_l1_addr)->flags &= ~FLAG_OS_OPTIN;\n | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~\n | | |\n | | (1) pointer \u2018extlog_l1_addr\u2019 is dereferenced here\n | 307 | if (extlog_l1_addr)\n | | ~\n | | |\n | | (2) pointer \u2018extlog_l1_addr\u2019 is checked for NULL here but it was already dereferenced at (1)\n |\n\nFix the NULL pointer dereference check in extlog_exit()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "b7b33627be06"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.19.307",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.269",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.210",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.149",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.77",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.16",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.4",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b7b33627be0626b16ca321b982d6a2261ef7f703",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b7b33627be0626b16ca321b982d6a2261ef7f703"
},
{
"url": "https://git.kernel.org/stable/c/d2049af7ddbc361702c3e1f09bd6c5e9488454ca",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d2049af7ddbc361702c3e1f09bd6c5e9488454ca"
},
{
"url": "https://git.kernel.org/stable/c/b17a71435e7e153e949df018244a98b4ede04069",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b17a71435e7e153e949df018244a98b4ede04069"
},
{
"url": "https://git.kernel.org/stable/c/5457b0cbaa0238fc56b855c4ef2c0b9cc9c559ab",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5457b0cbaa0238fc56b855c4ef2c0b9cc9c559ab"
},
{
"url": "https://git.kernel.org/stable/c/33650372e3ead97c5ab3b84d9ad97737bc5e00c0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/33650372e3ead97c5ab3b84d9ad97737bc5e00c0"
},
{
"url": "https://git.kernel.org/stable/c/f066171de33d71ff0f7c46bd17636a5a26db3fb6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f066171de33d71ff0f7c46bd17636a5a26db3fb6"
},
{
"url": "https://git.kernel.org/stable/c/77846571b3ba6a6125a20ad109bb8514ba884cf9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/77846571b3ba6a6125a20ad109bb8514ba884cf9"
},
{
"url": "https://git.kernel.org/stable/c/72d9b9747e78979510e9aafdd32eb99c7aa30dd1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/72d9b9747e78979510e9aafdd32eb99c7aa30dd1"
}
]
},
"generator": {
"engine": "bippy-8df59b4913de"
}
}

18
2024/0xxx/CVE-2024-0044.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
"value": "In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
@ -74,23 +74,7 @@
"url": "https://source.android.com/security/bulletin/2024-03-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-03-01"
},
{
"url": "https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html",
"refsource": "MISC",
"name": "https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html"
},
{
"url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2",
"refsource": "MISC",
"name": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
}
}