admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-07-15 07:01:32 +00:00
parent 43333bc4fa
commit 265c4e4949
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
100 changed files with 5067 additions and 265 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2022/48xxx/CVE-2022-48772.json
View File

@ -84,7 +84,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -142,6 +142,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2023/52xxx/CVE-2023-52884.json
View File

@ -82,7 +82,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -130,6 +130,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39301.json
View File

@ -100,7 +100,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc2",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -163,6 +163,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39371.json
View File

@ -76,7 +76,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc3",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -119,6 +119,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39461.json
View File

@ -70,7 +70,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -108,6 +108,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39462.json
View File

@ -70,7 +70,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -108,6 +108,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39463.json
View File

@ -76,7 +76,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc2",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -119,6 +119,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39464.json
View File

@ -70,7 +70,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -108,6 +108,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39465.json
View File

@ -64,7 +64,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc3",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -97,6 +97,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39466.json
View File

@ -82,7 +82,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -130,6 +130,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39467.json
View File

@ -84,7 +84,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -142,6 +142,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39468.json
View File

@ -78,7 +78,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc3",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -131,6 +131,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39469.json
View File

@ -100,7 +100,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc3",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -163,6 +163,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39470.json
View File

@ -75,7 +75,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -113,6 +113,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39471.json
View File

@ -84,7 +84,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -142,6 +142,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39472.json
View File

@ -58,7 +58,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -86,6 +86,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39473.json
View File

@ -70,7 +70,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc2",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -108,6 +108,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39474.json
View File

@ -76,7 +76,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -119,6 +119,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39475.json
View File

@ -130,7 +130,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -193,6 +193,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39476.json
View File

@ -120,7 +120,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -183,6 +183,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39477.json
View File

@ -64,7 +64,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc3",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -97,6 +97,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39478.json
View File

@ -54,7 +54,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -87,6 +87,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39479.json
View File

@ -60,7 +60,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -98,6 +98,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39480.json
View File

@ -90,7 +90,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -153,6 +153,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39481.json
View File

@ -76,7 +76,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -119,6 +119,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39482.json
View File

@ -78,7 +78,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -131,6 +131,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39483.json
View File

@ -70,7 +70,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc3",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -108,6 +108,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39484.json
View File

@ -88,7 +88,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -141,6 +141,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39485.json
View File

@ -70,7 +70,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -108,6 +108,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

6
2024/39xxx/CVE-2024-39486.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/drm_file: Fix pid refcounting race\n\n\nfilp->pid is supposed to be a refcounted pointer; however, before this\npatch, drm_file_update_pid() only increments the refcount of a struct\npid after storing a pointer to it in filp->pid and dropping the\ndev->filelist_mutex, making the following race possible:\n\nprocess A process B\n========= =========\n begin drm_file_update_pid\n mutex_lock(&dev->filelist_mutex)\n rcu_replace_pointer(filp->pid, <pid B>, 1)\n mutex_unlock(&dev->filelist_mutex)\nbegin drm_file_update_pid\nmutex_lock(&dev->filelist_mutex)\nrcu_replace_pointer(filp->pid, <pid A>, 1)\nmutex_unlock(&dev->filelist_mutex)\nget_pid(<pid A>)\nsynchronize_rcu()\nput_pid(<pid B>) *** pid B reaches refcount 0 and is freed here ***\n get_pid(<pid B>) *** UAF ***\n synchronize_rcu()\n put_pid(<pid A>)\n\nAs far as I know, this race can only occur with CONFIG_PREEMPT_RCU=y\nbecause it requires RCU to detect a quiescent state in code that is not\nexplicitly calling into the scheduler.\n\nThis race leads to use-after-free of a \"struct pid\".\nIt is probably somewhat hard to hit because process A has to pass\nthrough a synchronize_rcu() operation while process B is between\nmutex_unlock() and get_pid().\n\nFix it by ensuring that by the time a pointer to the current task's pid\nis stored in the file, an extra reference to the pid has been taken.\n\nThis fix also removes the condition for synchronize_rcu(); I think\nthat optimization is unnecessary complexity, since in that case we\nwould usually have bailed out on the lockless check above."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/drm_file: Fix pid refcounting race\n\n<maarten.lankhorst@linux.intel.com>, Maxime Ripard\n<mripard@kernel.org>, Thomas Zimmermann <tzimmermann@suse.de>\n\nfilp->pid is supposed to be a refcounted pointer; however, before this\npatch, drm_file_update_pid() only increments the refcount of a struct\npid after storing a pointer to it in filp->pid and dropping the\ndev->filelist_mutex, making the following race possible:\n\nprocess A process B\n========= =========\n begin drm_file_update_pid\n mutex_lock(&dev->filelist_mutex)\n rcu_replace_pointer(filp->pid, <pid B>, 1)\n mutex_unlock(&dev->filelist_mutex)\nbegin drm_file_update_pid\nmutex_lock(&dev->filelist_mutex)\nrcu_replace_pointer(filp->pid, <pid A>, 1)\nmutex_unlock(&dev->filelist_mutex)\nget_pid(<pid A>)\nsynchronize_rcu()\nput_pid(<pid B>) *** pid B reaches refcount 0 and is freed here ***\n get_pid(<pid B>) *** UAF ***\n synchronize_rcu()\n put_pid(<pid A>)\n\nAs far as I know, this race can only occur with CONFIG_PREEMPT_RCU=y\nbecause it requires RCU to detect a quiescent state in code that is not\nexplicitly calling into the scheduler.\n\nThis race leads to use-after-free of a \"struct pid\".\nIt is probably somewhat hard to hit because process A has to pass\nthrough a synchronize_rcu() operation while process B is between\nmutex_unlock() and get_pid().\n\nFix it by ensuring that by the time a pointer to the current task's pid\nis stored in the file, an extra reference to the pid has been taken.\n\nThis fix also removes the condition for synchronize_rcu(); I think\nthat optimization is unnecessary complexity, since in that case we\nwould usually have bailed out on the lockless check above."
}
]
},
@ -75,7 +75,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc6",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -113,6 +113,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

2
2024/39xxx/CVE-2024-39487.json
View File

@ -76,7 +76,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc7",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"

4
2024/39xxx/CVE-2024-39488.json
View File

@ -100,7 +100,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -163,6 +163,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39489.json
View File

@ -100,7 +100,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -163,6 +163,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39490.json
View File

@ -82,7 +82,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -130,6 +130,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39491.json
View File

@ -70,7 +70,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -108,6 +108,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39492.json
View File

@ -64,7 +64,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -97,6 +97,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

4
2024/39xxx/CVE-2024-39493.json
View File

@ -130,7 +130,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
@ -193,6 +193,6 @@
]
},
"generator": {
"engine": "bippy-7d53e8ef8be4"
"engine": "bippy-c9c4e1df01b2"
}
}

2
2024/39xxx/CVE-2024-39494.json
View File

@ -66,7 +66,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"

2
2024/39xxx/CVE-2024-39495.json
View File

@ -84,7 +84,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"

2
2024/39xxx/CVE-2024-39496.json
View File

@ -66,7 +66,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"

2
2024/39xxx/CVE-2024-39497.json
View File

@ -70,7 +70,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc2",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"

2
2024/39xxx/CVE-2024-39498.json
View File

@ -64,7 +64,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"

2
2024/39xxx/CVE-2024-39499.json
View File

@ -100,7 +100,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"

2
2024/39xxx/CVE-2024-39500.json
View File

@ -82,7 +82,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc2",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"

2
2024/39xxx/CVE-2024-39501.json
View File

@ -100,7 +100,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc4",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"

2
2024/39xxx/CVE-2024-39502.json
View File

@ -94,7 +94,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc4",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"

2
2024/39xxx/CVE-2024-39503.json
View File

@ -119,7 +119,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc4",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"

2
2024/39xxx/CVE-2024-39504.json
View File

@ -70,7 +70,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc4",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"

2
2024/39xxx/CVE-2024-39505.json
View File

@ -94,7 +94,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc4",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"

2
2024/39xxx/CVE-2024-39506.json
View File

@ -100,7 +100,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc4",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"

2
2024/39xxx/CVE-2024-39507.json
View File

@ -82,7 +82,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc4",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"

2
2024/39xxx/CVE-2024-39508.json
View File

@ -60,7 +60,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc1",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"

2
2024/39xxx/CVE-2024-39509.json
View File

@ -100,7 +100,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc3",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"

2
2024/39xxx/CVE-2024-39510.json
View File

@ -74,7 +74,7 @@
"versionType": "custom"
},
{
"version": "6.10-rc4",
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"

4
2024/3xxx/CVE-2024-3727.json
View File

@ -58,7 +58,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:1.14.4-1.rhaos4.16.el9",
"version": "2:1.14.4-1.rhaos4.16.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -341,7 +341,7 @@
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
"defaultStatus": "affected"
}
}
]

112
2024/40xxx/CVE-2024-40899.json
View File

@ -1,18 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40899",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd()\n\nWe got the following issue in a fuzz test of randomly issuing the restore\ncommand:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in cachefiles_ondemand_daemon_read+0x609/0xab0\nWrite of size 4 at addr ffff888109164a80 by task ondemand-04-dae/4962\n\nCPU: 11 PID: 4962 Comm: ondemand-04-dae Not tainted 6.8.0-rc7-dirty #542\nCall Trace:\n kasan_report+0x94/0xc0\n cachefiles_ondemand_daemon_read+0x609/0xab0\n vfs_read+0x169/0xb50\n ksys_read+0xf5/0x1e0\n\nAllocated by task 626:\n __kmalloc+0x1df/0x4b0\n cachefiles_ondemand_send_req+0x24d/0x690\n cachefiles_create_tmpfile+0x249/0xb30\n cachefiles_create_file+0x6f/0x140\n cachefiles_look_up_object+0x29c/0xa60\n cachefiles_lookup_cookie+0x37d/0xca0\n fscache_cookie_state_machine+0x43c/0x1230\n [...]\n\nFreed by task 626:\n kfree+0xf1/0x2c0\n cachefiles_ondemand_send_req+0x568/0x690\n cachefiles_create_tmpfile+0x249/0xb30\n cachefiles_create_file+0x6f/0x140\n cachefiles_look_up_object+0x29c/0xa60\n cachefiles_lookup_cookie+0x37d/0xca0\n fscache_cookie_state_machine+0x43c/0x1230\n [...]\n==================================================================\n\nFollowing is the process that triggers the issue:\n\n mount | daemon_thread1 | daemon_thread2\n------------------------------------------------------------\n cachefiles_ondemand_init_object\n cachefiles_ondemand_send_req\n REQ_A = kzalloc(sizeof(*req) + data_len)\n wait_for_completion(&REQ_A->done)\n\n cachefiles_daemon_read\n cachefiles_ondemand_daemon_read\n REQ_A = cachefiles_ondemand_select_req\n cachefiles_ondemand_get_fd\n copy_to_user(_buffer, msg, n)\n process_open_req(REQ_A)\n ------ restore ------\n cachefiles_ondemand_restore\n xas_for_each(&xas, req, ULONG_MAX)\n xas_set_mark(&xas, CACHEFILES_REQ_NEW);\n\n cachefiles_daemon_read\n cachefiles_ondemand_daemon_read\n REQ_A = cachefiles_ondemand_select_req\n\n write(devfd, (\"copen %u,%llu\", msg->msg_id, size));\n cachefiles_ondemand_copen\n xa_erase(&cache->reqs, id)\n complete(&REQ_A->done)\n kfree(REQ_A)\n cachefiles_ondemand_get_fd(REQ_A)\n fd = get_unused_fd_flags\n file = anon_inode_getfile\n fd_install(fd, file)\n load = (void *)REQ_A->msg.data;\n load->fd = fd;\n // load UAF !!!\n\nThis issue is caused by issuing a restore command when the daemon is still\nalive, which results in a request being processed multiple times thus\ntriggering a UAF. So to avoid this problem, add an additional reference\ncount to cachefiles_req, which is held while waiting and reading, and then\nreleased when the waiting and reading is over.\n\nNote that since there is only one reference count for waiting, we need to\navoid the same request being completed multiple times, so we can only\ncomplete the request if it is successfully removed from the xarray."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "a0cc87f86698",
"version_value": "99e9c5bd27dd"
},
{
"version_affected": "<",
"version_name": "9f5fa40f0924",
"version_value": "a6de82765e12"
},
{
"version_affected": "<",
"version_name": "e73fa11a356c",
"version_value": "1d902d9a3aa4"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.8",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/99e9c5bd27ddefa0f9db88625bf5e31c1e833d62",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/99e9c5bd27ddefa0f9db88625bf5e31c1e833d62"
},
{
"url": "https://git.kernel.org/stable/c/a6de82765e12fb1201ab607f0d3ffe3309b30fc0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a6de82765e12fb1201ab607f0d3ffe3309b30fc0"
},
{
"url": "https://git.kernel.org/stable/c/1d902d9a3aa4f2a8bda698294e34be788be012fc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1d902d9a3aa4f2a8bda698294e34be788be012fc"
},
{
"url": "https://git.kernel.org/stable/c/de3e26f9e5b76fc628077578c001c4a51bf54d06",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/de3e26f9e5b76fc628077578c001c4a51bf54d06"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

114
2024/40xxx/CVE-2024-40900.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40900",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: remove requests from xarray during flushing requests\n\nEven with CACHEFILES_DEAD set, we can still read the requests, so in the\nfollowing concurrency the request may be used after it has been freed:\n\n mount | daemon_thread1 | daemon_thread2\n------------------------------------------------------------\n cachefiles_ondemand_init_object\n cachefiles_ondemand_send_req\n REQ_A = kzalloc(sizeof(*req) + data_len)\n wait_for_completion(&REQ_A->done)\n cachefiles_daemon_read\n cachefiles_ondemand_daemon_read\n // close dev fd\n cachefiles_flush_reqs\n complete(&REQ_A->done)\n kfree(REQ_A)\n xa_lock(&cache->reqs);\n cachefiles_ondemand_select_req\n req->msg.opcode != CACHEFILES_OP_READ\n // req use-after-free !!!\n xa_unlock(&cache->reqs);\n xa_destroy(&cache->reqs)\n\nHence remove requests from cache->reqs when flushing them to avoid\naccessing freed requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "c8383054506c",
"version_value": "9f13aacdd4ee"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.19",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.19",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/9f13aacdd4ee9a7644b2a3c96d67113cd083c9c7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9f13aacdd4ee9a7644b2a3c96d67113cd083c9c7"
},
{
"url": "https://git.kernel.org/stable/c/50d0e55356ba5b84ffb51c42704126124257e598",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/50d0e55356ba5b84ffb51c42704126124257e598"
},
{
"url": "https://git.kernel.org/stable/c/37e19cf86a520d65de1de9cb330415c332a40d19",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/37e19cf86a520d65de1de9cb330415c332a40d19"
},
{
"url": "https://git.kernel.org/stable/c/0fc75c5940fa634d84e64c93bfc388e1274ed013",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0fc75c5940fa634d84e64c93bfc388e1274ed013"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

158
2024/40xxx/CVE-2024-40901.json
View File

@ -1,18 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40901",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory\n\nThere is a potential out-of-bounds access when using test_bit() on a single\nword. The test_bit() and set_bit() functions operate on long values, and\nwhen testing or setting a single word, they can exceed the word\nboundary. KASAN detects this issue and produces a dump:\n\n\t BUG: KASAN: slab-out-of-bounds in _scsih_add_device.constprop.0 (./arch/x86/include/asm/bitops.h:60 ./include/asm-generic/bitops/instrumented-atomic.h:29 drivers/scsi/mpt3sas/mpt3sas_scsih.c:7331) mpt3sas\n\n\t Write of size 8 at addr ffff8881d26e3c60 by task kworker/u1536:2/2965\n\nFor full log, please look at [1].\n\nMake the allocation at least the size of sizeof(unsigned long) so that\nset_bit() and test_bit() have sufficient room for read/write operations\nwithout overwriting unallocated memory.\n\n[1] Link: https://lore.kernel.org/all/ZkNcALr3W3KGYYJG@gmail.com/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "c696f7b83ede",
"version_value": "e9bce7c751f6"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.10",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.10",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.317",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.279",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.221",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.162",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e9bce7c751f6d6c7be88c0bc081a66aaf61a23ee",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e9bce7c751f6d6c7be88c0bc081a66aaf61a23ee"
},
{
"url": "https://git.kernel.org/stable/c/19649e49a6df07cd2e03e0a11396fd3a99485ec2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/19649e49a6df07cd2e03e0a11396fd3a99485ec2"
},
{
"url": "https://git.kernel.org/stable/c/0081d2b3ae0a17a86b8cc0fa3c8bdc54e233ba16",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0081d2b3ae0a17a86b8cc0fa3c8bdc54e233ba16"
},
{
"url": "https://git.kernel.org/stable/c/521f333e644c4246ca04a4fc4772edc53dd2a801",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/521f333e644c4246ca04a4fc4772edc53dd2a801"
},
{
"url": "https://git.kernel.org/stable/c/46bab2bcd771e725ff5ca3a68ba68cfeac45676c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/46bab2bcd771e725ff5ca3a68ba68cfeac45676c"
},
{
"url": "https://git.kernel.org/stable/c/9079338c5a0d1f1fee34fb1c9e99b754efe414c5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9079338c5a0d1f1fee34fb1c9e99b754efe414c5"
},
{
"url": "https://git.kernel.org/stable/c/18abb5db0aa9b2d48f7037a88b41af2eef821674",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/18abb5db0aa9b2d48f7037a88b41af2eef821674"
},
{
"url": "https://git.kernel.org/stable/c/4254dfeda82f20844299dca6c38cbffcfd499f41",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4254dfeda82f20844299dca6c38cbffcfd499f41"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

148
2024/40xxx/CVE-2024-40902.json
View File

@ -1,18 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40902",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: xattr: fix buffer overflow for invalid xattr\n\nWhen an xattr size is not what is expected, it is printed out to the\nkernel log in hex format as a form of debugging. But when that xattr\nsize is bigger than the expected size, printing it out can cause an\naccess off the end of the buffer.\n\nFix this all up by properly restricting the size of the debug hex dump\nin the kernel log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "f0dedb5c511e"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.19.317",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.279",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.221",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.162",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f0dedb5c511ed82cbaff4997a8decf2351ba549f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f0dedb5c511ed82cbaff4997a8decf2351ba549f"
},
{
"url": "https://git.kernel.org/stable/c/1e84c9b1838152a87cf453270a5fa75c5037e83a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1e84c9b1838152a87cf453270a5fa75c5037e83a"
},
{
"url": "https://git.kernel.org/stable/c/fc745f6e83cb650f9a5f2c864158e3a5ea76dad0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fc745f6e83cb650f9a5f2c864158e3a5ea76dad0"
},
{
"url": "https://git.kernel.org/stable/c/480e5bc21f2c42d90c2c16045d64d824dcdd5ec7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/480e5bc21f2c42d90c2c16045d64d824dcdd5ec7"
},
{
"url": "https://git.kernel.org/stable/c/33aecc5799c93d3ee02f853cb94e201f9731f123",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/33aecc5799c93d3ee02f853cb94e201f9731f123"
},
{
"url": "https://git.kernel.org/stable/c/4598233d9748fe4db4e13b9f473588aa25e87d69",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4598233d9748fe4db4e13b9f473588aa25e87d69"
},
{
"url": "https://git.kernel.org/stable/c/b537cb2f4c4a1357479716a9c339c0bda03d873f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b537cb2f4c4a1357479716a9c339c0bda03d873f"
},
{
"url": "https://git.kernel.org/stable/c/7c55b78818cfb732680c4a72ab270cc2d2ee3d0f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7c55b78818cfb732680c4a72ab270cc2d2ee3d0f"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

124
2024/40xxx/CVE-2024-40903.json
View File

@ -1,18 +1,134 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40903",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps\n\nThere could be a potential use-after-free case in\ntcpm_register_source_caps(). This could happen when:\n * new (say invalid) source caps are advertised\n * the existing source caps are unregistered\n * tcpm_register_source_caps() returns with an error as\n usb_power_delivery_register_capabilities() fails\n\nThis causes port->partner_source_caps to hold on to the now freed source\ncaps.\n\nReset port->partner_source_caps value to NULL after unregistering\nexisting source caps."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "cfcd544a9974",
"version_value": "4053696594d7"
},
{
"version_affected": "<",
"version_name": "b16abab1fb64",
"version_value": "04c05d50fa79"
},
{
"version_affected": "<",
"version_name": "230ecdf71a64",
"version_value": "6b67b652849f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.9",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.9",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/4053696594d7235f3638d49a00cf0f289e4b36a3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4053696594d7235f3638d49a00cf0f289e4b36a3"
},
{
"url": "https://git.kernel.org/stable/c/04c05d50fa79a41582f7bde8a1fd4377ae4a39e5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/04c05d50fa79a41582f7bde8a1fd4377ae4a39e5"
},
{
"url": "https://git.kernel.org/stable/c/6b67b652849faf108a09647c7fde9b179ef24e2b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6b67b652849faf108a09647c7fde9b179ef24e2b"
},
{
"url": "https://git.kernel.org/stable/c/e7e921918d905544500ca7a95889f898121ba886",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e7e921918d905544500ca7a95889f898121ba886"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

158
2024/40xxx/CVE-2024-40904.json
View File

@ -1,18 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40904",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages\n\nThe syzbot fuzzer found that the interrupt-URB completion callback in\nthe cdc-wdm driver was taking too long, and the driver's immediate\nresubmission of interrupt URBs with -EPROTO status combined with the\ndummy-hcd emulation to cause a CPU lockup:\n\ncdc_wdm 1-1:1.0: nonzero urb status received: -71\ncdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes\nwatchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]\nCPU#0 Utilization every 4s during lockup:\n\t#1: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#2: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#3: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#4: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#5: 98% system,\t 1% softirq,\t 3% hardirq,\t 0% idle\nModules linked in:\nirq event stamp: 73096\nhardirqs last enabled at (73095): [<ffff80008037bc00>] console_emit_next_record kernel/printk/printk.c:2935 [inline]\nhardirqs last enabled at (73095): [<ffff80008037bc00>] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994\nhardirqs last disabled at (73096): [<ffff80008af10b00>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\nhardirqs last disabled at (73096): [<ffff80008af10b00>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\nsoftirqs last enabled at (73048): [<ffff8000801ea530>] softirq_handle_end kernel/softirq.c:400 [inline]\nsoftirqs last enabled at (73048): [<ffff8000801ea530>] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582\nsoftirqs last disabled at (73043): [<ffff800080020de8>] __do_softirq+0x14/0x20 kernel/softirq.c:588\nCPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n\nTesting showed that the problem did not occur if the two error\nmessages -- the first two lines above -- were removed; apparently adding\nmaterial to the kernel log takes a surprisingly large amount of time.\n\nIn any case, the best approach for preventing these lockups and to\navoid spamming the log with thousands of error messages per second is\nto ratelimit the two dev_err() calls. Therefore we replace them with\ndev_err_ratelimited()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9908a32e94de",
"version_value": "217d1f44fff5"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.28",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.28",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.317",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.279",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.221",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.162",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/217d1f44fff560b3995a685a60aa66e55a7f0f56",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/217d1f44fff560b3995a685a60aa66e55a7f0f56"
},
{
"url": "https://git.kernel.org/stable/c/05b2cd6d33f700597e6f081b53c668a226a96d28",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/05b2cd6d33f700597e6f081b53c668a226a96d28"
},
{
"url": "https://git.kernel.org/stable/c/c0747d76eb05542b5d49f67069b64ef5ff732c6c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c0747d76eb05542b5d49f67069b64ef5ff732c6c"
},
{
"url": "https://git.kernel.org/stable/c/53250b54c92fe087fd4b0c48f85529efe1ebd879",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/53250b54c92fe087fd4b0c48f85529efe1ebd879"
},
{
"url": "https://git.kernel.org/stable/c/02a4c0499fc3a02e992b4c69a9809912af372d94",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/02a4c0499fc3a02e992b4c69a9809912af372d94"
},
{
"url": "https://git.kernel.org/stable/c/72a3fe36cf9f0d030865e571f45a40f9c1e07e8a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/72a3fe36cf9f0d030865e571f45a40f9c1e07e8a"
},
{
"url": "https://git.kernel.org/stable/c/82075aff7ffccb1e72b0ac8aa349e473624d857c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/82075aff7ffccb1e72b0ac8aa349e473624d857c"
},
{
"url": "https://git.kernel.org/stable/c/22f00812862564b314784167a89f27b444f82a46",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/22f00812862564b314784167a89f27b444f82a46"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

147
2024/40xxx/CVE-2024-40905.json
View File

@ -1,18 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40905",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible race in __fib6_drop_pcpu_from()\n\nsyzbot found a race in __fib6_drop_pcpu_from() [1]\n\nIf compiler reads more than once (*ppcpu_rt),\nsecond read could read NULL, if another cpu clears\nthe value in rt6_get_pcpu_route().\n\nAdd a READ_ONCE() to prevent this race.\n\nAlso add rcu_read_lock()/rcu_read_unlock() because\nwe rely on RCU protection while dereferencing pcpu_rt.\n\n[1]\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]\nCPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nWorkqueue: netns cleanup_net\n RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984\nCode: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48\nRSP: 0018:ffffc900040df070 EFLAGS: 00010206\nRAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16\nRDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091\nRBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007\nR10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8\nR13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001\nFS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline]\n fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline]\n fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038\n fib6_del_route net/ipv6/ip6_fib.c:1998 [inline]\n fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043\n fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205\n fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127\n fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175\n fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255\n __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271\n rt6_sync_down_dev net/ipv6/route.c:4906 [inline]\n rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911\n addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855\n addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778\n notifier_call_chain+0xb9/0x410 kernel/notifier.c:93\n call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992\n call_netdevice_notifiers_extack net/core/dev.c:2030 [inline]\n call_netdevice_notifiers net/core/dev.c:2044 [inline]\n dev_close_many+0x333/0x6a0 net/core/dev.c:1585\n unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193\n unregister_netdevice_many net/core/dev.c:11276 [inline]\n default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "d52d3997f843",
"version_value": "c90af1cced2f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.2",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.2",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.279",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.221",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.162",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/c90af1cced2f669a7b2304584be4ada495eaa0e5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c90af1cced2f669a7b2304584be4ada495eaa0e5"
},
{
"url": "https://git.kernel.org/stable/c/c693698787660c97950bc1f93a8dd19d8307153d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c693698787660c97950bc1f93a8dd19d8307153d"
},
{
"url": "https://git.kernel.org/stable/c/a0bc020592b54a8f3fa2b7f244b6e39e526c2e12",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a0bc020592b54a8f3fa2b7f244b6e39e526c2e12"
},
{
"url": "https://git.kernel.org/stable/c/2498960dac9b6fc49b6d1574f7cd1a4872744adf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2498960dac9b6fc49b6d1574f7cd1a4872744adf"
},
{
"url": "https://git.kernel.org/stable/c/7e796c3fefa8b17b30e7252886ae8cffacd2b9ef",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7e796c3fefa8b17b30e7252886ae8cffacd2b9ef"
},
{
"url": "https://git.kernel.org/stable/c/09e5a5a80e205922151136069e440477d6816914",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/09e5a5a80e205922151136069e440477d6816914"
},
{
"url": "https://git.kernel.org/stable/c/b01e1c030770ff3b4fe37fc7cc6bca03f594133f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b01e1c030770ff3b4fe37fc7cc6bca03f594133f"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

114
2024/40xxx/CVE-2024-40906.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40906",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Always stop health timer during driver removal\n\nCurrently, if teardown_hca fails to execute during driver removal, mlx5\ndoes not stop the health timer. Afterwards, mlx5 continue with driver\nteardown. This may lead to a UAF bug, which results in page fault\nOops[1], since the health timer invokes after resources were freed.\n\nHence, stop the health monitor even if teardown_hca fails.\n\n[1]\nmlx5_core 0000:18:00.0: E-Switch: Unload vfs: mode(LEGACY), nvfs(0), necvfs(0), active vports(0)\nmlx5_core 0000:18:00.0: E-Switch: Disable: mode(LEGACY), nvfs(0), necvfs(0), active vports(0)\nmlx5_core 0000:18:00.0: E-Switch: Disable: mode(LEGACY), nvfs(0), necvfs(0), active vports(0)\nmlx5_core 0000:18:00.0: E-Switch: cleanup\nmlx5_core 0000:18:00.0: wait_func:1155:(pid 1967079): TEARDOWN_HCA(0x103) timeout. Will cause a leak of a command resource\nmlx5_core 0000:18:00.0: mlx5_function_close:1288:(pid 1967079): tear_down_hca failed, skip cleanup\nBUG: unable to handle page fault for address: ffffa26487064230\nPGD 100c00067 P4D 100c00067 PUD 100e5a067 PMD 105ed7067 PTE 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 0 PID: 0 Comm: swapper/0 Tainted: G OE ------- --- 6.7.0-68.fc38.x86_64 #1\nHardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0013.121520200651 12/15/2020\nRIP: 0010:ioread32be+0x34/0x60\nRSP: 0018:ffffa26480003e58 EFLAGS: 00010292\nRAX: ffffa26487064200 RBX: ffff9042d08161a0 RCX: ffff904c108222c0\nRDX: 000000010bbf1b80 RSI: ffffffffc055ddb0 RDI: ffffa26487064230\nRBP: ffff9042d08161a0 R08: 0000000000000022 R09: ffff904c108222e8\nR10: 0000000000000004 R11: 0000000000000441 R12: ffffffffc055ddb0\nR13: ffffa26487064200 R14: ffffa26480003f00 R15: ffff904c108222c0\nFS: 0000000000000000(0000) GS:ffff904c10800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffa26487064230 CR3: 00000002c4420006 CR4: 00000000007706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <IRQ>\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? exc_page_fault+0x175/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? __pfx_poll_health+0x10/0x10 [mlx5_core]\n ? __pfx_poll_health+0x10/0x10 [mlx5_core]\n ? ioread32be+0x34/0x60\n mlx5_health_check_fatal_sensors+0x20/0x100 [mlx5_core]\n ? __pfx_poll_health+0x10/0x10 [mlx5_core]\n poll_health+0x42/0x230 [mlx5_core]\n ? __next_timer_interrupt+0xbc/0x110\n ? __pfx_poll_health+0x10/0x10 [mlx5_core]\n call_timer_fn+0x21/0x130\n ? __pfx_poll_health+0x10/0x10 [mlx5_core]\n __run_timers+0x222/0x2c0\n run_timer_softirq+0x1d/0x40\n __do_softirq+0xc9/0x2c8\n __irq_exit_rcu+0xa6/0xc0\n sysvec_apic_timer_interrupt+0x72/0x90\n </IRQ>\n <TASK>\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:cpuidle_enter_state+0xcc/0x440\n ? cpuidle_enter_state+0xbd/0x440\n cpuidle_enter+0x2d/0x40\n do_idle+0x20d/0x270\n cpu_startup_entry+0x2a/0x30\n rest_init+0xd0/0xd0\n arch_call_rest_init+0xe/0x30\n start_kernel+0x709/0xa90\n x86_64_start_reservations+0x18/0x30\n x86_64_start_kernel+0x96/0xa0\n secondary_startup_64_no_verify+0x18f/0x19b\n---[ end trace 0000000000000000 ]---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9b98d395b85d",
"version_value": "e7d4485d4783"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.1",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e7d4485d47839f4d1284592ae242c4e65b2810a9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e7d4485d47839f4d1284592ae242c4e65b2810a9"
},
{
"url": "https://git.kernel.org/stable/c/6ccada6ffb42e0ac75e3db06d41baf5a7f483f8a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6ccada6ffb42e0ac75e3db06d41baf5a7f483f8a"
},
{
"url": "https://git.kernel.org/stable/c/e6777ae0bf6fd5bc626bb051c8c93e3c8198a3f8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e6777ae0bf6fd5bc626bb051c8c93e3c8198a3f8"
},
{
"url": "https://git.kernel.org/stable/c/c8b3f38d2dae0397944814d691a419c451f9906f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c8b3f38d2dae0397944814d691a419c451f9906f"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

92
2024/40xxx/CVE-2024-40907.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40907",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nionic: fix kernel panic in XDP_TX action\n\nIn the XDP_TX path, ionic driver sends a packet to the TX path with rx\npage and corresponding dma address.\nAfter tx is done, ionic_tx_clean() frees that page.\nBut RX ring buffer isn't reset to NULL.\nSo, it uses a freed page, which causes kernel panic.\n\nBUG: unable to handle page fault for address: ffff8881576c110c\nPGD 773801067 P4D 773801067 PUD 87f086067 PMD 87efca067 PTE 800ffffea893e060\nOops: Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN NOPTI\nCPU: 1 PID: 25 Comm: ksoftirqd/1 Not tainted 6.9.0+ #11\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nRIP: 0010:bpf_prog_f0b8caeac1068a55_balancer_ingress+0x3b/0x44f\nCode: 00 53 41 55 41 56 41 57 b8 01 00 00 00 48 8b 5f 08 4c 8b 77 00 4c 89 f7 48 83 c7 0e 48 39 d8\nRSP: 0018:ffff888104e6fa28 EFLAGS: 00010283\nRAX: 0000000000000002 RBX: ffff8881576c1140 RCX: 0000000000000002\nRDX: ffffffffc0051f64 RSI: ffffc90002d33048 RDI: ffff8881576c110e\nRBP: ffff888104e6fa88 R08: 0000000000000000 R09: ffffed1027a04a23\nR10: 0000000000000000 R11: 0000000000000000 R12: ffff8881b03a21a8\nR13: ffff8881589f800f R14: ffff8881576c1100 R15: 00000001576c1100\nFS: 0000000000000000(0000) GS:ffff88881ae00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffff8881576c110c CR3: 0000000767a90000 CR4: 00000000007506f0\nPKRU: 55555554\nCall Trace:\n<TASK>\n? __die+0x20/0x70\n? page_fault_oops+0x254/0x790\n? __pfx_page_fault_oops+0x10/0x10\n? __pfx_is_prefetch.constprop.0+0x10/0x10\n? search_bpf_extables+0x165/0x260\n? fixup_exception+0x4a/0x970\n? exc_page_fault+0xcb/0xe0\n? asm_exc_page_fault+0x22/0x30\n? 0xffffffffc0051f64\n? bpf_prog_f0b8caeac1068a55_balancer_ingress+0x3b/0x44f\n? do_raw_spin_unlock+0x54/0x220\nionic_rx_service+0x11ab/0x3010 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864]\n? ionic_tx_clean+0x29b/0xc60 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864]\n? __pfx_ionic_tx_clean+0x10/0x10 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864]\n? __pfx_ionic_rx_service+0x10/0x10 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864]\n? ionic_tx_cq_service+0x25d/0xa00 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864]\n? __pfx_ionic_rx_service+0x10/0x10 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864]\nionic_cq_service+0x69/0x150 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864]\nionic_txrx_napi+0x11a/0x540 [ionic 9180c3001ab627d82bbc5f3ebe8a0decaf6bb864]\n__napi_poll.constprop.0+0xa0/0x440\nnet_rx_action+0x7e7/0xc30\n? __pfx_net_rx_action+0x10/0x10"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8eeed8373e1c",
"version_value": "8812aa35f3e9"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.9",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.9",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/8812aa35f3e930f61074b9c1ecea26f354992c21",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8812aa35f3e930f61074b9c1ecea26f354992c21"
},
{
"url": "https://git.kernel.org/stable/c/491aee894a08bc9b8bb52e7363b9d4bc6403f363",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/491aee894a08bc9b8bb52e7363b9d4bc6403f363"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

125
2024/40xxx/CVE-2024-40908.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40908",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Set run context for rawtp test_run callback\n\nsyzbot reported crash when rawtp program executed through the\ntest_run interface calls bpf_get_attach_cookie helper or any\nother helper that touches task->bpf_ctx pointer.\n\nSetting the run context (task->bpf_ctx pointer) for test_run\ncallback."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7adfc6c9b315",
"version_value": "789bd77c9342"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.15",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.162",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/789bd77c9342aa6125003871ae5c6034d0f6f9d2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/789bd77c9342aa6125003871ae5c6034d0f6f9d2"
},
{
"url": "https://git.kernel.org/stable/c/3708b6c2546c9eb34aead8a34a17e8ae69004e4d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3708b6c2546c9eb34aead8a34a17e8ae69004e4d"
},
{
"url": "https://git.kernel.org/stable/c/d387805d4b4a46ee01e3dae133c81b6d80195e5b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d387805d4b4a46ee01e3dae133c81b6d80195e5b"
},
{
"url": "https://git.kernel.org/stable/c/ae0ba0ab7475a129ef7d449966edf677367efeb4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ae0ba0ab7475a129ef7d449966edf677367efeb4"
},
{
"url": "https://git.kernel.org/stable/c/d0d1df8ba18abc57f28fb3bc053b2bf319367f2c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d0d1df8ba18abc57f28fb3bc053b2bf319367f2c"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

108
2024/40xxx/CVE-2024-40909.json
View File

@ -1,18 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40909",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a potential use-after-free in bpf_link_free()\n\nAfter commit 1a80dbcb2dba, bpf_link can be freed by\nlink->ops->dealloc_deferred, but the code still tests and uses\nlink->ops->dealloc afterward, which leads to a use-after-free as\nreported by syzbot. Actually, one of them should be sufficient, so\njust call one of them instead of both. Also add a WARN_ON() in case\nof any problematic implementation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "876941f533e7",
"version_value": "91cff53136da"
},
{
"version_affected": "<",
"version_name": "1a80dbcb2dba",
"version_value": "fa97b8fed989"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.9",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.9",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/91cff53136daeff50816b0baeafd38a6976f6209",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/91cff53136daeff50816b0baeafd38a6976f6209"
},
{
"url": "https://git.kernel.org/stable/c/fa97b8fed9896f1e89cb657513e483a152d4c382",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fa97b8fed9896f1e89cb657513e483a152d4c382"
},
{
"url": "https://git.kernel.org/stable/c/2884dc7d08d98a89d8d65121524bb7533183a63a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2884dc7d08d98a89d8d65121524bb7533183a63a"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

114
2024/40xxx/CVE-2024-40910.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40910",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix refcount imbalance on inbound connections\n\nWhen releasing a socket in ax25_release(), we call netdev_put() to\ndecrease the refcount on the associated ax.25 device. However, the\nexecution path for accepting an incoming connection never calls\nnetdev_hold(). This imbalance leads to refcount errors, and ultimately\nto kernel crashes.\n\nA typical call trace for the above situation will start with one of the\nfollowing errors:\n\n refcount_t: decrement hit 0; leaking memory.\n refcount_t: underflow; use-after-free.\n\nAnd will then have a trace like:\n\n Call Trace:\n <TASK>\n ? show_regs+0x64/0x70\n ? __warn+0x83/0x120\n ? refcount_warn_saturate+0xb2/0x100\n ? report_bug+0x158/0x190\n ? prb_read_valid+0x20/0x30\n ? handle_bug+0x3e/0x70\n ? exc_invalid_op+0x1c/0x70\n ? asm_exc_invalid_op+0x1f/0x30\n ? refcount_warn_saturate+0xb2/0x100\n ? refcount_warn_saturate+0xb2/0x100\n ax25_release+0x2ad/0x360\n __sock_release+0x35/0xa0\n sock_close+0x19/0x20\n [...]\n\nOn reboot (or any attempt to remove the interface), the kernel gets\nstuck in an infinite loop:\n\n unregister_netdevice: waiting for ax0 to become free. Usage count = 0\n\nThis patch corrects these issues by ensuring that we call netdev_hold()\nand ax25_dev_hold() for new connections in ax25_accept(). This makes the\nlogic leading to ax25_accept() match the logic for ax25_bind(): in both\ncases we increment the refcount, which is ultimately decremented in\nax25_release()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9fd75b66b8f6",
"version_value": "f4df9d6c8d4e"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.18",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.18",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f4df9d6c8d4e4c818252b0419c2165d66eabd4eb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f4df9d6c8d4e4c818252b0419c2165d66eabd4eb"
},
{
"url": "https://git.kernel.org/stable/c/52100fd74ad07b53a4666feafff1cd11436362d3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/52100fd74ad07b53a4666feafff1cd11436362d3"
},
{
"url": "https://git.kernel.org/stable/c/a723a6c8d4831cc8e2c7b0c9f3f0c010d4671964",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a723a6c8d4831cc8e2c7b0c9f3f0c010d4671964"
},
{
"url": "https://git.kernel.org/stable/c/3c34fb0bd4a4237592c5ecb5b2e2531900c55774",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3c34fb0bd4a4237592c5ecb5b2e2531900c55774"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

125
2024/40xxx/CVE-2024-40911.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40911",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: Lock wiphy in cfg80211_get_station\n\nWiphy should be locked before calling rdev_get_station() (see lockdep\nassert in ieee80211_get_station()).\n\nThis fixes the following kernel NULL dereference:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050\n Mem abort info:\n ESR = 0x0000000096000006\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x06: level 2 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000006\n CM = 0, WnR = 0\n user pgtable: 4k pages, 48-bit VAs, pgdp=0000000003001000\n [0000000000000050] pgd=0800000002dca003, p4d=0800000002dca003, pud=08000000028e9003, pmd=0000000000000000\n Internal error: Oops: 0000000096000006 [#1] SMP\n Modules linked in: netconsole dwc3_meson_g12a dwc3_of_simple dwc3 ip_gre gre ath10k_pci ath10k_core ath9k ath9k_common ath9k_hw ath\n CPU: 0 PID: 1091 Comm: kworker/u8:0 Not tainted 6.4.0-02144-g565f9a3a7911-dirty #705\n Hardware name: RPT (r1) (DT)\n Workqueue: bat_events batadv_v_elp_throughput_metric_update\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : ath10k_sta_statistics+0x10/0x2dc [ath10k_core]\n lr : sta_set_sinfo+0xcc/0xbd4\n sp : ffff000007b43ad0\n x29: ffff000007b43ad0 x28: ffff0000071fa900 x27: ffff00000294ca98\n x26: ffff000006830880 x25: ffff000006830880 x24: ffff00000294c000\n x23: 0000000000000001 x22: ffff000007b43c90 x21: ffff800008898acc\n x20: ffff00000294c6e8 x19: ffff000007b43c90 x18: 0000000000000000\n x17: 445946354d552d78 x16: 62661f7200000000 x15: 57464f445946354d\n x14: 0000000000000000 x13: 00000000000000e3 x12: d5f0acbcebea978e\n x11: 00000000000000e3 x10: 000000010048fe41 x9 : 0000000000000000\n x8 : ffff000007b43d90 x7 : 000000007a1e2125 x6 : 0000000000000000\n x5 : ffff0000024e0900 x4 : ffff800000a0250c x3 : ffff000007b43c90\n x2 : ffff00000294ca98 x1 : ffff000006831920 x0 : 0000000000000000\n Call trace:\n ath10k_sta_statistics+0x10/0x2dc [ath10k_core]\n sta_set_sinfo+0xcc/0xbd4\n ieee80211_get_station+0x2c/0x44\n cfg80211_get_station+0x80/0x154\n batadv_v_elp_get_throughput+0x138/0x1fc\n batadv_v_elp_throughput_metric_update+0x1c/0xa4\n process_one_work+0x1ec/0x414\n worker_thread+0x70/0x46c\n kthread+0xdc/0xe0\n ret_from_fork+0x10/0x20\n Code: a9bb7bfd 910003fd a90153f3 f9411c40 (f9402814)\n\nThis happens because STA has time to disconnect and reconnect before\nbatadv_v_elp_throughput_metric_update() delayed work gets scheduled. In\nthis situation, ath10k_sta_state() can be in the middle of resetting\narsta data when the work queue get chance to be scheduled and ends up\naccessing it. Locking wiphy prevents that."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7406353d43c8",
"version_value": "dfd84ce41663"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.16",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.16",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.162",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/dfd84ce41663be9ca3f69bd657c45f49b69344d9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dfd84ce41663be9ca3f69bd657c45f49b69344d9"
},
{
"url": "https://git.kernel.org/stable/c/6d540b0317901535275020bd4ac44fac6439ca76",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6d540b0317901535275020bd4ac44fac6439ca76"
},
{
"url": "https://git.kernel.org/stable/c/0ccc63958d8373e15a69f4f8069f3e78f7f3898a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0ccc63958d8373e15a69f4f8069f3e78f7f3898a"
},
{
"url": "https://git.kernel.org/stable/c/43e1eefb0b2094e2281150d87d09e8bc872b9fba",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/43e1eefb0b2094e2281150d87d09e8bc872b9fba"
},
{
"url": "https://git.kernel.org/stable/c/642f89daa34567d02f312d03e41523a894906dae",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/642f89daa34567d02f312d03e41523a894906dae"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

158
2024/40xxx/CVE-2024-40912.json
View File

@ -1,18 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40912",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()\n\nThe ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock to\nsynchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from\nsoftirq context. However using only spin_lock() to get sta->ps_lock in\nieee80211_sta_ps_deliver_wakeup() does not prevent softirq to execute\non this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try to\ntake this same lock ending in deadlock. Below is an example of rcu stall\nthat arises in such situation.\n\n rcu: INFO: rcu_sched self-detected stall on CPU\n rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996\n rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4)\n CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742\n Hardware name: RPT (r1) (DT)\n pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : queued_spin_lock_slowpath+0x58/0x2d0\n lr : invoke_tx_handlers_early+0x5b4/0x5c0\n sp : ffff00001ef64660\n x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8\n x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000\n x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000\n x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000\n x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80\n x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da\n x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440\n x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880\n x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8\n Call trace:\n queued_spin_lock_slowpath+0x58/0x2d0\n ieee80211_tx+0x80/0x12c\n ieee80211_tx_pending+0x110/0x278\n tasklet_action_common.constprop.0+0x10c/0x144\n tasklet_action+0x20/0x28\n _stext+0x11c/0x284\n ____do_softirq+0xc/0x14\n call_on_irq_stack+0x24/0x34\n do_softirq_own_stack+0x18/0x20\n do_softirq+0x74/0x7c\n __local_bh_enable_ip+0xa0/0xa4\n _ieee80211_wake_txqs+0x3b0/0x4b8\n __ieee80211_wake_queue+0x12c/0x168\n ieee80211_add_pending_skbs+0xec/0x138\n ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480\n ieee80211_mps_sta_status_update.part.0+0xd8/0x11c\n ieee80211_mps_sta_status_update+0x18/0x24\n sta_apply_parameters+0x3bc/0x4c0\n ieee80211_change_station+0x1b8/0x2dc\n nl80211_set_station+0x444/0x49c\n genl_family_rcv_msg_doit.isra.0+0xa4/0xfc\n genl_rcv_msg+0x1b0/0x244\n netlink_rcv_skb+0x38/0x10c\n genl_rcv+0x34/0x48\n netlink_unicast+0x254/0x2bc\n netlink_sendmsg+0x190/0x3b4\n ____sys_sendmsg+0x1e8/0x218\n ___sys_sendmsg+0x68/0x8c\n __sys_sendmsg+0x44/0x84\n __arm64_sys_sendmsg+0x20/0x28\n do_el0_svc+0x6c/0xe8\n el0_svc+0x14/0x48\n el0t_64_sync_handler+0xb0/0xb4\n el0t_64_sync+0x14c/0x150\n\nUsing spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raise\non the same CPU that is holding the lock."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1d147bfa6429",
"version_value": "e51637e0c66a"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.14",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.317",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.279",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.221",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.162",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e51637e0c66a6f72d134d9f95daa47ea62b43c7e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e51637e0c66a6f72d134d9f95daa47ea62b43c7e"
},
{
"url": "https://git.kernel.org/stable/c/28ba44d680a30c51cf485a2f5a3b680e66ed3932",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/28ba44d680a30c51cf485a2f5a3b680e66ed3932"
},
{
"url": "https://git.kernel.org/stable/c/e7e916d693dcb5a297f40312600a82475f2e63bc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e7e916d693dcb5a297f40312600a82475f2e63bc"
},
{
"url": "https://git.kernel.org/stable/c/d90bdff79f8e40adf889b5408bfcf521528b169f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d90bdff79f8e40adf889b5408bfcf521528b169f"
},
{
"url": "https://git.kernel.org/stable/c/9c49b58b9a2bed707e7638576e54c4bccd97b9eb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9c49b58b9a2bed707e7638576e54c4bccd97b9eb"
},
{
"url": "https://git.kernel.org/stable/c/456bbb8a31e425177dc0e8d4f98728a560c20e81",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/456bbb8a31e425177dc0e8d4f98728a560c20e81"
},
{
"url": "https://git.kernel.org/stable/c/47d176755d5c0baf284eff039560f8c1ba0ea485",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/47d176755d5c0baf284eff039560f8c1ba0ea485"
},
{
"url": "https://git.kernel.org/stable/c/44c06bbde6443de206b30f513100b5670b23fc5e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/44c06bbde6443de206b30f513100b5670b23fc5e"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

114
2024/40xxx/CVE-2024-40913.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40913",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: defer exposing anon_fd until after copy_to_user() succeeds\n\nAfter installing the anonymous fd, we can now see it in userland and close\nit. However, at this point we may not have gotten the reference count of\nthe cache, but we will put it during colse fd, so this may cause a cache\nUAF.\n\nSo grab the cache reference count before fd_install(). In addition, by\nkernel convention, fd is taken over by the user land after fd_install(),\nand the kernel should not call close_fd() after that, i.e., it should call\nfd_install() after everything is ready, thus fd_install() is called after\ncopy_to_user() succeeds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "c8383054506c",
"version_value": "eac51d9daacd"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.19",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.19",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/eac51d9daacd61dcc93333ff6a890cf3efc8c1c0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/eac51d9daacd61dcc93333ff6a890cf3efc8c1c0"
},
{
"url": "https://git.kernel.org/stable/c/d2d3eb377a5d081bf2bed177d354a4f59b74da88",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d2d3eb377a5d081bf2bed177d354a4f59b74da88"
},
{
"url": "https://git.kernel.org/stable/c/b9f58cdae6a364a3270fd6b6a46e0fd4f7f8ce32",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b9f58cdae6a364a3270fd6b6a46e0fd4f7f8ce32"
},
{
"url": "https://git.kernel.org/stable/c/4b4391e77a6bf24cba2ef1590e113d9b73b11039",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4b4391e77a6bf24cba2ef1590e113d9b73b11039"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

130
2024/40xxx/CVE-2024-40914.json
View File

@ -1,18 +1,140 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40914",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: don't unpoison huge_zero_folio\n\nWhen I did memory failure tests recently, below panic occurs:\n\n kernel BUG at include/linux/mm.h:1135!\n invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14\n RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0\n RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246\n RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8\n RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0\n RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492\n R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00\n FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0\n Call Trace:\n <TASK>\n do_shrink_slab+0x14f/0x6a0\n shrink_slab+0xca/0x8c0\n shrink_node+0x2d0/0x7d0\n balance_pgdat+0x33a/0x720\n kswapd+0x1f3/0x410\n kthread+0xd5/0x100\n ret_from_fork+0x2f/0x50\n ret_from_fork_asm+0x1a/0x30\n </TASK>\n Modules linked in: mce_inject hwpoison_inject\n ---[ end trace 0000000000000000 ]---\n RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0\n RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246\n RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8\n RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0\n RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492\n R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00\n FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0\n\nThe root cause is that HWPoison flag will be set for huge_zero_folio\nwithout increasing the folio refcnt. But then unpoison_memory() will\ndecrease the folio refcnt unexpectedly as it appears like a successfully\nhwpoisoned folio leading to VM_BUG_ON_PAGE(page_ref_count(page) == 0) when\nreleasing huge_zero_folio.\n\nSkip unpoisoning huge_zero_folio in unpoison_memory() to fix this issue. \nWe're not prepared to unpoison huge_zero_folio yet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "f8f836100fff",
"version_value": "688bb46ad339"
},
{
"version_affected": "<",
"version_name": "478d134e9506",
"version_value": "b2494506f306"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.18",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.18",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.162",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/688bb46ad339497b5b7f527b6636d2afe04b46af",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/688bb46ad339497b5b7f527b6636d2afe04b46af"
},
{
"url": "https://git.kernel.org/stable/c/b2494506f30675245a3e6787281f79601af087bf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b2494506f30675245a3e6787281f79601af087bf"
},
{
"url": "https://git.kernel.org/stable/c/0d73477af964dbd7396163a13817baf13940bca9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0d73477af964dbd7396163a13817baf13940bca9"
},
{
"url": "https://git.kernel.org/stable/c/d72b7711919de49d92a67dfc844a6cf4c23dd794",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d72b7711919de49d92a67dfc844a6cf4c23dd794"
},
{
"url": "https://git.kernel.org/stable/c/fe6f86f4b40855a130a19aa589f9ba7f650423f4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fe6f86f4b40855a130a19aa589f9ba7f650423f4"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

114
2024/40xxx/CVE-2024-40915.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40915",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: rewrite __kernel_map_pages() to fix sleeping in invalid context\n\n__kernel_map_pages() is a debug function which clears the valid bit in page\ntable entry for deallocated pages to detect illegal memory accesses to\nfreed pages.\n\nThis function set/clear the valid bit using __set_memory(). __set_memory()\nacquires init_mm's semaphore, and this operation may sleep. This is\nproblematic, because __kernel_map_pages() can be called in atomic context,\nand thus is illegal to sleep. An example warning that this causes:\n\nBUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1578\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd\npreempt_count: 2, expected: 0\nCPU: 0 PID: 2 Comm: kthreadd Not tainted 6.9.0-g1d4c6d784ef6 #37\nHardware name: riscv-virtio,qemu (DT)\nCall Trace:\n[<ffffffff800060dc>] dump_backtrace+0x1c/0x24\n[<ffffffff8091ef6e>] show_stack+0x2c/0x38\n[<ffffffff8092baf8>] dump_stack_lvl+0x5a/0x72\n[<ffffffff8092bb24>] dump_stack+0x14/0x1c\n[<ffffffff8003b7ac>] __might_resched+0x104/0x10e\n[<ffffffff8003b7f4>] __might_sleep+0x3e/0x62\n[<ffffffff8093276a>] down_write+0x20/0x72\n[<ffffffff8000cf00>] __set_memory+0x82/0x2fa\n[<ffffffff8000d324>] __kernel_map_pages+0x5a/0xd4\n[<ffffffff80196cca>] __alloc_pages_bulk+0x3b2/0x43a\n[<ffffffff8018ee82>] __vmalloc_node_range+0x196/0x6ba\n[<ffffffff80011904>] copy_process+0x72c/0x17ec\n[<ffffffff80012ab4>] kernel_clone+0x60/0x2fe\n[<ffffffff80012f62>] kernel_thread+0x82/0xa0\n[<ffffffff8003552c>] kthreadd+0x14a/0x1be\n[<ffffffff809357de>] ret_from_fork+0xe/0x1c\n\nRewrite this function with apply_to_existing_page_range(). It is fine to\nnot have any locking, because __kernel_map_pages() works with pages being\nallocated/deallocated and those pages are not changed by anyone else in the\nmeantime."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5fde3db5eb02",
"version_value": "919f8626099d"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.7",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/919f8626099d9909b9a9620b05e8c8ab06581876",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/919f8626099d9909b9a9620b05e8c8ab06581876"
},
{
"url": "https://git.kernel.org/stable/c/8661a7af04991201640863ad1a0983173f84b5eb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8661a7af04991201640863ad1a0983173f84b5eb"
},
{
"url": "https://git.kernel.org/stable/c/d5257ceb19d92069195254866421f425aea42915",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d5257ceb19d92069195254866421f425aea42915"
},
{
"url": "https://git.kernel.org/stable/c/fb1cf0878328fe75d47f0aed0a65b30126fcefc4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fb1cf0878328fe75d47f0aed0a65b30126fcefc4"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

172
2024/40xxx/CVE-2024-40916.json
View File

@ -1,18 +1,182 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40916",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found\n\nWhen reading EDID fails and driver reports no modes available, the DRM\ncore adds an artificial 1024x786 mode to the connector. Unfortunately\nsome variants of the Exynos HDMI (like the one in Exynos4 SoCs) are not\nable to drive such mode, so report a safe 640x480 mode instead of nothing\nin case of the EDID reading failure.\n\nThis fixes the following issue observed on Trats2 board since commit\n13d5b040363c (\"drm/exynos: do not return negative values from .get_modes()\"):\n\n[drm] Exynos DRM: using 11c00000.fimd device for DMA mapping operations\nexynos-drm exynos-drm: bound 11c00000.fimd (ops fimd_component_ops)\nexynos-drm exynos-drm: bound 12c10000.mixer (ops mixer_component_ops)\nexynos-dsi 11c80000.dsi: [drm:samsung_dsim_host_attach] Attached s6e8aa0 device (lanes:4 bpp:24 mode-flags:0x10b)\nexynos-drm exynos-drm: bound 11c80000.dsi (ops exynos_dsi_component_ops)\nexynos-drm exynos-drm: bound 12d00000.hdmi (ops hdmi_component_ops)\n[drm] Initialized exynos 1.1.0 20180330 for exynos-drm on minor 1\nexynos-hdmi 12d00000.hdmi: [drm:hdmiphy_enable.part.0] *ERROR* PLL could not reach steady state\npanel-samsung-s6e8aa0 11c80000.dsi.0: ID: 0xa2, 0x20, 0x8c\nexynos-mixer 12c10000.mixer: timeout waiting for VSYNC\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 11 at drivers/gpu/drm/drm_atomic_helper.c:1682 drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8\n[CRTC:70:crtc-1] vblank wait timed out\nModules linked in:\nCPU: 1 PID: 11 Comm: kworker/u16:0 Not tainted 6.9.0-rc5-next-20240424 #14913\nHardware name: Samsung Exynos (Flattened Device Tree)\nWorkqueue: events_unbound deferred_probe_work_func\nCall trace:\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x68/0x88\n dump_stack_lvl from __warn+0x7c/0x1c4\n __warn from warn_slowpath_fmt+0x11c/0x1a8\n warn_slowpath_fmt from drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8\n drm_atomic_helper_wait_for_vblanks.part.0 from drm_atomic_helper_commit_tail_rpm+0x7c/0x8c\n drm_atomic_helper_commit_tail_rpm from commit_tail+0x9c/0x184\n commit_tail from drm_atomic_helper_commit+0x168/0x190\n drm_atomic_helper_commit from drm_atomic_commit+0xb4/0xe0\n drm_atomic_commit from drm_client_modeset_commit_atomic+0x23c/0x27c\n drm_client_modeset_commit_atomic from drm_client_modeset_commit_locked+0x60/0x1cc\n drm_client_modeset_commit_locked from drm_client_modeset_commit+0x24/0x40\n drm_client_modeset_commit from __drm_fb_helper_restore_fbdev_mode_unlocked+0x9c/0xc4\n __drm_fb_helper_restore_fbdev_mode_unlocked from drm_fb_helper_set_par+0x2c/0x3c\n drm_fb_helper_set_par from fbcon_init+0x3d8/0x550\n fbcon_init from visual_init+0xc0/0x108\n visual_init from do_bind_con_driver+0x1b8/0x3a4\n do_bind_con_driver from do_take_over_console+0x140/0x1ec\n do_take_over_console from do_fbcon_takeover+0x70/0xd0\n do_fbcon_takeover from fbcon_fb_registered+0x19c/0x1ac\n fbcon_fb_registered from register_framebuffer+0x190/0x21c\n register_framebuffer from __drm_fb_helper_initial_config_and_unlock+0x350/0x574\n __drm_fb_helper_initial_config_and_unlock from exynos_drm_fbdev_client_hotplug+0x6c/0xb0\n exynos_drm_fbdev_client_hotplug from drm_client_register+0x58/0x94\n drm_client_register from exynos_drm_bind+0x160/0x190\n exynos_drm_bind from try_to_bring_up_aggregate_device+0x200/0x2d8\n try_to_bring_up_aggregate_device from __component_add+0xb0/0x170\n __component_add from mixer_probe+0x74/0xcc\n mixer_probe from platform_probe+0x5c/0xb8\n platform_probe from really_probe+0xe0/0x3d8\n really_probe from __driver_probe_device+0x9c/0x1e4\n __driver_probe_device from driver_probe_device+0x30/0xc0\n driver_probe_device from __device_attach_driver+0xa8/0x120\n __device_attach_driver from bus_for_each_drv+0x80/0xcc\n bus_for_each_drv from __device_attach+0xac/0x1fc\n __device_attach from bus_probe_device+0x8c/0x90\n bus_probe_device from deferred_probe_work_func+0\n---truncated---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "348aa3d47e8b",
"version_value": "e23f2eaf51ec"
},
{
"version_affected": "<",
"version_name": "a8cb3b072403",
"version_value": "4dfffb50316c"
},
{
"version_affected": "<",
"version_name": "912c149a52c3",
"version_value": "6d6bb258d886"
},
{
"version_affected": "<",
"version_name": "8f914db6fe25",
"version_value": "c3ca24dfe9a2"
},
{
"version_affected": "<",
"version_name": "b71ae5fb2dd3",
"version_value": "35bcf16b4a28"
},
{
"version_affected": "<",
"version_name": "13d5b040363c",
"version_value": "510a6c0dfa6e"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.9",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.9",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.279",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.221",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.162",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e23f2eaf51ecb6ab4ceb770e747d50c1db2eb222",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e23f2eaf51ecb6ab4ceb770e747d50c1db2eb222"
},
{
"url": "https://git.kernel.org/stable/c/4dfffb50316c761c59386c9b002a10ac6d7bb6c9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4dfffb50316c761c59386c9b002a10ac6d7bb6c9"
},
{
"url": "https://git.kernel.org/stable/c/6d6bb258d886e124e5a5328e947b36fdcb3a6028",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6d6bb258d886e124e5a5328e947b36fdcb3a6028"
},
{
"url": "https://git.kernel.org/stable/c/c3ca24dfe9a2b3f4e8899af108829b0f4b4b15ec",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c3ca24dfe9a2b3f4e8899af108829b0f4b4b15ec"
},
{
"url": "https://git.kernel.org/stable/c/35bcf16b4a28c10923ff391d14f6ed0ae471ee5f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/35bcf16b4a28c10923ff391d14f6ed0ae471ee5f"
},
{
"url": "https://git.kernel.org/stable/c/510a6c0dfa6ec61d07a4b64698d8dc60045bd632",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/510a6c0dfa6ec61d07a4b64698d8dc60045bd632"
},
{
"url": "https://git.kernel.org/stable/c/799d4b392417ed6889030a5b2335ccb6dcf030ab",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/799d4b392417ed6889030a5b2335ccb6dcf030ab"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

92
2024/40xxx/CVE-2024-40917.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40917",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemblock: make memblock_set_node() also warn about use of MAX_NUMNODES\n\nOn an (old) x86 system with SRAT just covering space above 4Gb:\n\n ACPI: SRAT: Node 0 PXM 0 [mem 0x100000000-0xfffffffff] hotplug\n\nthe commit referenced below leads to this NUMA configuration no longer\nbeing refused by a CONFIG_NUMA=y kernel (previously\n\n NUMA: nodes only cover 6144MB of your 8185MB e820 RAM. Not used.\n No NUMA configuration found\n Faking a node at [mem 0x0000000000000000-0x000000027fffffff]\n\nwas seen in the log directly after the message quoted above), because of\nmemblock_validate_numa_coverage() checking for NUMA_NO_NODE (only). This\nin turn led to memblock_alloc_range_nid()'s warning about MAX_NUMNODES\ntriggering, followed by a NULL deref in memmap_init() when trying to\naccess node 64's (NODE_SHIFT=6) node data.\n\nTo compensate said change, make memblock_set_node() warn on and adjust\na passed in value of MAX_NUMNODES, just like various other functions\nalready do."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ff6c3d81f2e8",
"version_value": "22f742b8f738"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.8",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/22f742b8f738918f683198a18ec3c691acda14c4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/22f742b8f738918f683198a18ec3c691acda14c4"
},
{
"url": "https://git.kernel.org/stable/c/e0eec24e2e199873f43df99ec39773ad3af2bff7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e0eec24e2e199873f43df99ec39773ad3af2bff7"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

93
2024/40xxx/CVE-2024-40918.json
View File

@ -1,18 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40918",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Try to fix random segmentation faults in package builds\n\nPA-RISC systems with PA8800 and PA8900 processors have had problems\nwith random segmentation faults for many years. Systems with earlier\nprocessors are much more stable.\n\nSystems with PA8800 and PA8900 processors have a large L2 cache which\nneeds per page flushing for decent performance when a large range is\nflushed. The combined cache in these systems is also more sensitive to\nnon-equivalent aliases than the caches in earlier systems.\n\nThe majority of random segmentation faults that I have looked at\nappear to be memory corruption in memory allocated using mmap and\nmalloc.\n\nMy first attempt at fixing the random faults didn't work. On\nreviewing the cache code, I realized that there were two issues\nwhich the existing code didn't handle correctly. Both relate\nto cache move-in. Another issue is that the present bit in PTEs\nis racy.\n\n1) PA-RISC caches have a mind of their own and they can speculatively\nload data and instructions for a page as long as there is a entry in\nthe TLB for the page which allows move-in. TLBs are local to each\nCPU. Thus, the TLB entry for a page must be purged before flushing\nthe page. This is particularly important on SMP systems.\n\nIn some of the flush routines, the flush routine would be called\nand then the TLB entry would be purged. This was because the flush\nroutine needed the TLB entry to do the flush.\n\n2) My initial approach to trying the fix the random faults was to\ntry and use flush_cache_page_if_present for all flush operations.\nThis actually made things worse and led to a couple of hardware\nlockups. It finally dawned on me that some lines weren't being\nflushed because the pte check code was racy. This resulted in\nrandom inequivalent mappings to physical pages.\n\nThe __flush_cache_page tmpalias flush sets up its own TLB entry\nand it doesn't need the existing TLB entry. As long as we can find\nthe pte pointer for the vm page, we can get the pfn and physical\naddress of the page. We can also purge the TLB entry for the page\nbefore doing the flush. Further, __flush_cache_page uses a special\nTLB entry that inhibits cache move-in.\n\nWhen switching page mappings, we need to ensure that lines are\nremoved from the cache. It is not sufficient to just flush the\nlines to memory as they may come back.\n\nThis made it clear that we needed to implement all the required\nflush operations using tmpalias routines. This includes flushes\nfor user and kernel pages.\n\nAfter modifying the code to use tmpalias flushes, it became clear\nthat the random segmentation faults were not fully resolved. The\nfrequency of faults was worse on systems with a 64 MB L2 (PA8900)\nand systems with more CPUs (rp4440).\n\nThe warning that I added to flush_cache_page_if_present to detect\npages that couldn't be flushed triggered frequently on some systems.\n\nHelge and I looked at the pages that couldn't be flushed and found\nthat the PTE was either cleared or for a swap page. Ignoring pages\nthat were swapped out seemed okay but pages with cleared PTEs seemed\nproblematic.\n\nI looked at routines related to pte_clear and noticed ptep_clear_flush.\nThe default implementation just flushes the TLB entry. However, it was\nobvious that on parisc we need to flush the cache page as well. If\nwe don't flush the cache page, stale lines will be left in the cache\nand cause random corruption. Once a PTE is cleared, there is no way\nto find the physical address associated with the PTE and flush the\nassociated page at a later time.\n\nI implemented an updated change with a parisc specific version of\nptep_clear_flush. It fixed the random data corruption on Helge's rp4440\nand rp3440, as well as on my c8000.\n\nAt this point, I realized that I could restore the code where we only\nflush in flush_cache_page_if_present if the page has been accessed.\nHowever, for this, we also need to flush the cache when the accessed\nbit is cleared in\n---truncated---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "5bf196f1936b"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/5bf196f1936bf93df31112fbdfb78c03537c07b0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5bf196f1936bf93df31112fbdfb78c03537c07b0"
},
{
"url": "https://git.kernel.org/stable/c/d66f2607d89f760cdffed88b22f309c895a2af20",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d66f2607d89f760cdffed88b22f309c895a2af20"
},
{
"url": "https://git.kernel.org/stable/c/72d95924ee35c8cd16ef52f912483ee938a34d49",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/72d95924ee35c8cd16ef52f912483ee938a34d49"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

114
2024/40xxx/CVE-2024-40919.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40919",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()\n\nIn case of token is released due to token->state == BNXT_HWRM_DEFERRED,\nreleased token (set to NULL) is used in log messages. This issue is\nexpected to be prevented by HWRM_ERR_CODE_PF_UNAVAILABLE error code. But\nthis error code is returned by recent firmware. So some firmware may not\nreturn it. This may lead to NULL pointer dereference.\nAdjust this issue by adding token pointer check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8fa4219dba8e",
"version_value": "cde177fa235c"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.17",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.17",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/cde177fa235cd36f981012504a6376315bac03c9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cde177fa235cd36f981012504a6376315bac03c9"
},
{
"url": "https://git.kernel.org/stable/c/ca6660c956242623b4cfe9be2a1abc67907c44bf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ca6660c956242623b4cfe9be2a1abc67907c44bf"
},
{
"url": "https://git.kernel.org/stable/c/8b65eaeae88d4e9f999e806e196dd887b90bfed9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8b65eaeae88d4e9f999e806e196dd887b90bfed9"
},
{
"url": "https://git.kernel.org/stable/c/a9b9741854a9fe9df948af49ca5514e0ed0429df",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a9b9741854a9fe9df948af49ca5514e0ed0429df"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

102
2024/40xxx/CVE-2024-40920.json
View File

@ -1,18 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40920",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mst: fix suspicious rcu usage in br_mst_set_state\n\nI converted br_mst_set_state to RCU to avoid a vlan use-after-free\nbut forgot to change the vlan group dereference helper. Switch to vlan\ngroup RCU deref helper to fix the suspicious rcu usage warning."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8ca9a750fc71",
"version_value": "caaa2129784a"
},
{
"version_affected": "<",
"version_name": "4488617e5e99",
"version_value": "7caefa277172"
},
{
"version_affected": "<",
"version_name": "e43dd2b1ec74",
"version_value": "406bfc04b01e"
},
{
"version_affected": "<",
"version_name": "3a7c1661ae13",
"version_value": "546ceb1dfdac"
},
{
"version_affected": "<",
"version_name": "6.1.93",
"version_value": "6.1.95"
},
{
"version_affected": "<",
"version_name": "6.6.33",
"version_value": "6.6.35"
},
{
"version_affected": "<",
"version_name": "6.9.3",
"version_value": "6.9.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8"
},
{
"url": "https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345"
},
{
"url": "https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166"
},
{
"url": "https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

102
2024/40xxx/CVE-2024-40921.json
View File

@ -1,18 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40921",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mst: pass vlan group directly to br_mst_vlan_set_state\n\nPass the already obtained vlan group pointer to br_mst_vlan_set_state()\ninstead of dereferencing it again. Each caller has already correctly\ndereferenced it for their context. This change is required for the\nfollowing suspicious RCU dereference fix. No functional changes\nintended."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8ca9a750fc71",
"version_value": "09f4337c27f5"
},
{
"version_affected": "<",
"version_name": "4488617e5e99",
"version_value": "a6cc9e9a651b"
},
{
"version_affected": "<",
"version_name": "e43dd2b1ec74",
"version_value": "d2dc02775fc0"
},
{
"version_affected": "<",
"version_name": "3a7c1661ae13",
"version_value": "36c92936e868"
},
{
"version_affected": "<",
"version_name": "6.1.93",
"version_value": "6.1.95"
},
{
"version_affected": "<",
"version_name": "6.6.33",
"version_value": "6.6.35"
},
{
"version_affected": "<",
"version_name": "6.9.3",
"version_value": "6.9.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/09f4337c27f5bdeb8646a6db91488cc2f7d537ff",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/09f4337c27f5bdeb8646a6db91488cc2f7d537ff"
},
{
"url": "https://git.kernel.org/stable/c/a6cc9e9a651b9861efa068c164ee62dfba68c6ca",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a6cc9e9a651b9861efa068c164ee62dfba68c6ca"
},
{
"url": "https://git.kernel.org/stable/c/d2dc02775fc0c4eacaee833a0637e5958884a8e5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d2dc02775fc0c4eacaee833a0637e5958884a8e5"
},
{
"url": "https://git.kernel.org/stable/c/36c92936e868601fa1f43da6758cf55805043509",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/36c92936e868601fa1f43da6758cf55805043509"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

103
2024/40xxx/CVE-2024-40922.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40922",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rsrc: don't lock while !TASK_RUNNING\n\nThere is a report of io_rsrc_ref_quiesce() locking a mutex while not\nTASK_RUNNING, which is due to forgetting restoring the state back after\nio_run_task_work_sig() and attempts to break out of the waiting loop.\n\ndo not call blocking ops when !TASK_RUNNING; state=1 set at\n[<ffffffff815d2494>] prepare_to_wait+0xa4/0x380\nkernel/sched/wait.c:237\nWARNING: CPU: 2 PID: 397056 at kernel/sched/core.c:10099\n__might_sleep+0x114/0x160 kernel/sched/core.c:10099\nRIP: 0010:__might_sleep+0x114/0x160 kernel/sched/core.c:10099\nCall Trace:\n <TASK>\n __mutex_lock_common kernel/locking/mutex.c:585 [inline]\n __mutex_lock+0xb4/0x940 kernel/locking/mutex.c:752\n io_rsrc_ref_quiesce+0x590/0x940 io_uring/rsrc.c:253\n io_sqe_buffers_unregister+0xa2/0x340 io_uring/rsrc.c:799\n __io_uring_register io_uring/register.c:424 [inline]\n __do_sys_io_uring_register+0x5b9/0x2400 io_uring/register.c:613\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd8/0x270 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6f/0x77"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4ea15b56f081",
"version_value": "0c9df3df0c88"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.4",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.4",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0c9df3df0c888d9ec8d11a68474a4aa04d371cff",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0c9df3df0c888d9ec8d11a68474a4aa04d371cff"
},
{
"url": "https://git.kernel.org/stable/c/4429c6c77e176a4c5aa7a3bbd1632f9fc0582518",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4429c6c77e176a4c5aa7a3bbd1632f9fc0582518"
},
{
"url": "https://git.kernel.org/stable/c/54559642b96116b45e4b5ca7fd9f7835b8561272",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/54559642b96116b45e4b5ca7fd9f7835b8561272"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

103
2024/40xxx/CVE-2024-40923.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40923",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: disable rx data ring on dma allocation failure\n\nWhen vmxnet3_rq_create() fails to allocate memory for rq->data_ring.base,\nthe subsequent call to vmxnet3_rq_destroy_all_rxdataring does not reset\nrq->data_ring.desc_size for the data ring that failed, which presumably\ncauses the hypervisor to reference it on packet reception.\n\nTo fix this bug, rq->data_ring.desc_size needs to be set to 0 to tell\nthe hypervisor to disable this feature.\n\n[ 95.436876] kernel BUG at net/core/skbuff.c:207!\n[ 95.439074] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[ 95.440411] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 6.9.3-dirty #1\n[ 95.441558] Hardware name: VMware, Inc. VMware Virtual\nPlatform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018\n[ 95.443481] RIP: 0010:skb_panic+0x4d/0x4f\n[ 95.444404] Code: 4f 70 50 8b 87 c0 00 00 00 50 8b 87 bc 00 00 00 50\nff b7 d0 00 00 00 4c 8b 8f c8 00 00 00 48 c7 c7 68 e8 be 9f e8 63 58 f9\nff <0f> 0b 48 8b 14 24 48 c7 c1 d0 73 65 9f e8 a1 ff ff ff 48 8b 14 24\n[ 95.447684] RSP: 0018:ffffa13340274dd0 EFLAGS: 00010246\n[ 95.448762] RAX: 0000000000000089 RBX: ffff8fbbc72b02d0 RCX: 000000000000083f\n[ 95.450148] RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000083f\n[ 95.451520] RBP: 000000000000002d R08: 0000000000000000 R09: ffffa13340274c60\n[ 95.452886] R10: ffffffffa04ed468 R11: 0000000000000002 R12: 0000000000000000\n[ 95.454293] R13: ffff8fbbdab3c2d0 R14: ffff8fbbdbd829e0 R15: ffff8fbbdbd809e0\n[ 95.455682] FS: 0000000000000000(0000) GS:ffff8fbeefd80000(0000) knlGS:0000000000000000\n[ 95.457178] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 95.458340] CR2: 00007fd0d1f650c8 CR3: 0000000115f28000 CR4: 00000000000406f0\n[ 95.459791] Call Trace:\n[ 95.460515] <IRQ>\n[ 95.461180] ? __die_body.cold+0x19/0x27\n[ 95.462150] ? die+0x2e/0x50\n[ 95.462976] ? do_trap+0xca/0x110\n[ 95.463973] ? do_error_trap+0x6a/0x90\n[ 95.464966] ? skb_panic+0x4d/0x4f\n[ 95.465901] ? exc_invalid_op+0x50/0x70\n[ 95.466849] ? skb_panic+0x4d/0x4f\n[ 95.467718] ? asm_exc_invalid_op+0x1a/0x20\n[ 95.468758] ? skb_panic+0x4d/0x4f\n[ 95.469655] skb_put.cold+0x10/0x10\n[ 95.470573] vmxnet3_rq_rx_complete+0x862/0x11e0 [vmxnet3]\n[ 95.471853] vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3]\n[ 95.473185] __napi_poll+0x2b/0x160\n[ 95.474145] net_rx_action+0x2c6/0x3b0\n[ 95.475115] handle_softirqs+0xe7/0x2a0\n[ 95.476122] __irq_exit_rcu+0x97/0xb0\n[ 95.477109] common_interrupt+0x85/0xa0\n[ 95.478102] </IRQ>\n[ 95.478846] <TASK>\n[ 95.479603] asm_common_interrupt+0x26/0x40\n[ 95.480657] RIP: 0010:pv_native_safe_halt+0xf/0x20\n[ 95.481801] Code: 22 d7 e9 54 87 01 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 93 ba 3b 00 fb f4 <e9> 2c 87 01 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90\n[ 95.485563] RSP: 0018:ffffa133400ffe58 EFLAGS: 00000246\n[ 95.486882] RAX: 0000000000004000 RBX: ffff8fbbc1d14064 RCX: 0000000000000000\n[ 95.488477] RDX: ffff8fbeefd80000 RSI: ffff8fbbc1d14000 RDI: 0000000000000001\n[ 95.490067] RBP: ffff8fbbc1d14064 R08: ffffffffa0652260 R09: 00000000000010d3\n[ 95.491683] R10: 0000000000000018 R11: ffff8fbeefdb4764 R12: ffffffffa0652260\n[ 95.493389] R13: ffffffffa06522e0 R14: 0000000000000001 R15: 0000000000000000\n[ 95.495035] acpi_safe_halt+0x14/0x20\n[ 95.496127] acpi_idle_do_entry+0x2f/0x50\n[ 95.497221] acpi_idle_enter+0x7f/0xd0\n[ 95.498272] cpuidle_enter_state+0x81/0x420\n[ 95.499375] cpuidle_enter+0x2d/0x40\n[ 95.500400] do_idle+0x1e5/0x240\n[ 95.501385] cpu_startup_entry+0x29/0x30\n[ 95.502422] start_secondary+0x11c/0x140\n[ 95.503454] common_startup_64+0x13e/0x141\n[ 95.504466] </TASK>\n[ 95.505197] Modules linked in: nft_fib_inet nft_fib_ipv4\nnft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6\nnft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ip\n---truncated---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6f4833383e85",
"version_value": "9ee14af24e67"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.3",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.3",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/9ee14af24e67ef170108db547f7d1f701b3f2bc5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9ee14af24e67ef170108db547f7d1f701b3f2bc5"
},
{
"url": "https://git.kernel.org/stable/c/aa116ae9d169e28b692292460aed27fc44f4a017",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/aa116ae9d169e28b692292460aed27fc44f4a017"
},
{
"url": "https://git.kernel.org/stable/c/ffbe335b8d471f79b259e950cb20999700670456",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ffbe335b8d471f79b259e950cb20999700670456"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

114
2024/40xxx/CVE-2024-40924.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40924",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/dpt: Make DPT object unshrinkable\n\nIn some scenarios, the DPT object gets shrunk but\nthe actual framebuffer did not and thus its still\nthere on the DPT's vm->bound_list. Then it tries to\nrewrite the PTEs via a stale CPU mapping. This causes panic.\n\n[vsyrjala: Add TODO comment]\n(cherry picked from commit 51064d471c53dcc8eddd2333c3f1c1d9131ba36c)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0dc987b699ce",
"version_value": "327280149066"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.0",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.0",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/327280149066f0e5f2e50356b5823f76dabfe86e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/327280149066f0e5f2e50356b5823f76dabfe86e"
},
{
"url": "https://git.kernel.org/stable/c/7a9883be3b98673333eec65c4a21cc18e60292eb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7a9883be3b98673333eec65c4a21cc18e60292eb"
},
{
"url": "https://git.kernel.org/stable/c/a2552020fb714ff357182c3c179abfac2289f84d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a2552020fb714ff357182c3c179abfac2289f84d"
},
{
"url": "https://git.kernel.org/stable/c/43e2b37e2ab660c3565d4cff27922bc70e79c3f1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/43e2b37e2ab660c3565d4cff27922bc70e79c3f1"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

103
2024/40xxx/CVE-2024-40925.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40925",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix request.queuelist usage in flush\n\nFriedrich Weber reported a kernel crash problem and bisected to commit\n81ada09cc25e (\"blk-flush: reuse rq queuelist in flush state machine\").\n\nThe root cause is that we use \"list_move_tail(&rq->queuelist, pending)\"\nin the PREFLUSH/POSTFLUSH sequences. But rq->queuelist.next == xxx since\nit's popped out from plug->cached_rq in __blk_mq_alloc_requests_batch().\nWe don't initialize its queuelist just for this first request, although\nthe queuelist of all later popped requests will be initialized.\n\nFix it by changing to use \"list_add_tail(&rq->queuelist, pending)\" so\nrq->queuelist doesn't need to be initialized. It should be ok since rq\ncan't be on any list when PREFLUSH or POSTFLUSH, has no move actually.\n\nPlease note the commit 81ada09cc25e (\"blk-flush: reuse rq queuelist in\nflush state machine\") also has another requirement that no drivers would\ntouch rq->queuelist after blk_mq_end_request() since we will reuse it to\nadd rq to the post-flush pending list in POSTFLUSH. If this is not true,\nwe will have to revert that commit IMHO.\n\nThis updated version adds \"list_del_init(&rq->queuelist)\" in flush rq\ncallback since the dm layer may submit request of a weird invalid format\n(REQ_FSEQ_PREFLUSH | REQ_FSEQ_POSTFLUSH), which causes double list_add\nif without this \"list_del_init(&rq->queuelist)\". The weird invalid format\nproblem should be fixed in dm layer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "81ada09cc25e",
"version_value": "fe1e395563cc"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.6",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/fe1e395563ccb051e9dbd8fa99859f5caaad2e71",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fe1e395563ccb051e9dbd8fa99859f5caaad2e71"
},
{
"url": "https://git.kernel.org/stable/c/87907bd69721a8506618a954d41a1de3040e88aa",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/87907bd69721a8506618a954d41a1de3040e88aa"
},
{
"url": "https://git.kernel.org/stable/c/d0321c812d89c5910d8da8e4b10c891c6b96ff70",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d0321c812d89c5910d8da8e4b10c891c6b96ff70"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

92
2024/40xxx/CVE-2024-40926.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40926",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: don't attempt to schedule hpd_work on headless cards\n\nIf the card doesn't have display hardware, hpd_work and hpd_lock are\nleft uninitialized which causes BUG when attempting to schedule hpd_work\non runtime PM resume.\n\nFix it by adding headless flag to DRM and skip any hpd if it's set."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ae1aadb1eb8d",
"version_value": "227349998e57"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.7",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/227349998e5740f14d531b0f0d704e66b1ed3c2f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/227349998e5740f14d531b0f0d704e66b1ed3c2f"
},
{
"url": "https://git.kernel.org/stable/c/b96a225377b6602299a03d2ce3c289b68cd41bb7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b96a225377b6602299a03d2ce3c289b68cd41bb7"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

125
2024/40xxx/CVE-2024-40927.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40927",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Handle TD clearing for multiple streams case\n\nWhen multiple streams are in use, multiple TDs might be in flight when\nan endpoint is stopped. We need to issue a Set TR Dequeue Pointer for\neach, to ensure everything is reset properly and the caches cleared.\nChange the logic so that any N>1 TDs found active for different streams\nare deferred until after the first one is processed, calling\nxhci_invalidate_cancelled_tds() again from xhci_handle_cmd_set_deq() to\nqueue another command until we are done with all of them. Also change\nthe error/\"should never happen\" paths to ensure we at least clear any\naffected TDs, even if we can't issue a command to clear the hardware\ncache, and complain loudly with an xhci_warn() if this ever happens.\n\nThis problem case dates back to commit e9df17eb1408 (\"USB: xhci: Correct\nassumptions about number of rings per endpoint.\") early on in the XHCI\ndriver's life, when stream support was first added.\nIt was then identified but not fixed nor made into a warning in commit\n674f8438c121 (\"xhci: split handling halted endpoints into two steps\"),\nwhich added a FIXME comment for the problem case (without materially\nchanging the behavior as far as I can tell, though the new logic made\nthe problem more obvious).\n\nThen later, in commit 94f339147fc3 (\"xhci: Fix failure to give back some\ncached cancelled URBs.\"), it was acknowledged again.\n\n[Mathias: commit 94f339147fc3 (\"xhci: Fix failure to give back some cached\ncancelled URBs.\") was a targeted regression fix to the previously mentioned\npatch. Users reported issues with usb stuck after unmounting/disconnecting\nUAS devices. This rolled back the TD clearing of multiple streams to its\noriginal state.]\n\nApparently the commit author was aware of the problem (yet still chose\nto submit it): It was still mentioned as a FIXME, an xhci_dbg() was\nadded to log the problem condition, and the remaining issue was mentioned\nin the commit description. The choice of making the log type xhci_dbg()\nfor what is, at this point, a completely unhandled and known broken\ncondition is puzzling and unfortunate, as it guarantees that no actual\nusers would see the log in production, thereby making it nigh\nundebuggable (indeed, even if you turn on DEBUG, the message doesn't\nreally hint at there being a problem at all).\n\nIt took me *months* of random xHC crashes to finally find a reliable\nrepro and be able to do a deep dive debug session, which could all have\nbeen avoided had this unhandled, broken condition been actually reported\nwith a warning, as it should have been as a bug intentionally left in\nunfixed (never mind that it shouldn't have been left in at all).\n\n> Another fix to solve clearing the caches of all stream rings with\n> cancelled TDs is needed, but not as urgent.\n\n3 years after that statement and 14 years after the original bug was\nintroduced, I think it's finally time to fix it. And maybe next time\nlet's not leave bugs unfixed (that are actually worse than the original\nbug), and let's actually get people to review kernel commits please.\n\nFixes xHC crashes and IOMMU faults with UAS devices when handling\nerrors/faults. Easiest repro is to use `hdparm` to mark an early sector\n(e.g. 1024) on a disk as bad, then `cat /dev/sdX > /dev/null` in a loop.\nAt least in the case of JMicron controllers, the read errors end up\nhaving to cancel two TDs (for two queued requests to different streams)\nand the one that didn't get cleared properly ends up faulting the xHC\nentirely when it tries to access DMA pages that have since been unmapped,\nreferred to by the stale TDs. This normally happens quickly (after two\nor three loops). After this fix, I left the `cat` in a loop running\novernight and experienced no xHC failures, with all read errors\nrecovered properly. Repro'd and tested on an Apple M1 Mac Mini\n(dwc3 host).\n\nOn systems without an IOMMU, this bug would instead silently corrupt\nfreed memory, making this a\n---truncated---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "e9df17eb1408",
"version_value": "26460c1afa31"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.35",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.35",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.162",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/26460c1afa311524f588e288a4941432f0de6228",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/26460c1afa311524f588e288a4941432f0de6228"
},
{
"url": "https://git.kernel.org/stable/c/633f72cb6124ecda97b641fbc119340bd88d51a9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/633f72cb6124ecda97b641fbc119340bd88d51a9"
},
{
"url": "https://git.kernel.org/stable/c/949be4ec5835e0ccb3e2a8ab0e46179cb5512518",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/949be4ec5835e0ccb3e2a8ab0e46179cb5512518"
},
{
"url": "https://git.kernel.org/stable/c/61593dc413c3655e4328a351555235bc3089486a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/61593dc413c3655e4328a351555235bc3089486a"
},
{
"url": "https://git.kernel.org/stable/c/5ceac4402f5d975e5a01c806438eb4e554771577",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5ceac4402f5d975e5a01c806438eb4e554771577"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

103
2024/40xxx/CVE-2024-40928.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40928",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool()\n\nClang static checker (scan-build) warning:\nnet/ethtool/ioctl.c:line 2233, column 2\nCalled function pointer is null (null dereference).\n\nReturn '-EOPNOTSUPP' when 'ops->get_ethtool_phy_stats' is NULL to fix\nthis typo error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "201ed315f967",
"version_value": "6548d543a274"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.2",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.2",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/6548d543a27449a1a3d8079925de93f5764d6f22",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6548d543a27449a1a3d8079925de93f5764d6f22"
},
{
"url": "https://git.kernel.org/stable/c/92196be82a4eb61813833dc62876fd198ae51ab1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/92196be82a4eb61813833dc62876fd198ae51ab1"
},
{
"url": "https://git.kernel.org/stable/c/0dcc53abf58d572d34c5313de85f607cd33fc691",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0dcc53abf58d572d34c5313de85f607cd33fc691"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

136
2024/40xxx/CVE-2024-40929.json
View File

@ -1,18 +1,146 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40929",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: check n_ssids before accessing the ssids\n\nIn some versions of cfg80211, the ssids poinet might be a valid one even\nthough n_ssids is 0. Accessing the pointer in this case will cuase an\nout-of-bound access. Fix this by checking n_ssids first."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "c1a7515393e4",
"version_value": "3c4771091ea8"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.17",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.17",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.221",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.162",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/3c4771091ea8016c8601399078916f722dd8833b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3c4771091ea8016c8601399078916f722dd8833b"
},
{
"url": "https://git.kernel.org/stable/c/f777792952d03bbaf8329fdfa99393a5a33e2640",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f777792952d03bbaf8329fdfa99393a5a33e2640"
},
{
"url": "https://git.kernel.org/stable/c/9e719ae3abad60e245ce248ba3f08148f375a614",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9e719ae3abad60e245ce248ba3f08148f375a614"
},
{
"url": "https://git.kernel.org/stable/c/29a18d56bd64b95bd10bda4afda512558471382a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/29a18d56bd64b95bd10bda4afda512558471382a"
},
{
"url": "https://git.kernel.org/stable/c/62e007bdeb91c6879a4652c3426aef1cd9d2937b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/62e007bdeb91c6879a4652c3426aef1cd9d2937b"
},
{
"url": "https://git.kernel.org/stable/c/60d62757df30b74bf397a2847a6db7385c6ee281",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/60d62757df30b74bf397a2847a6db7385c6ee281"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

92
2024/40xxx/CVE-2024-40930.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40930",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: validate HE operation element parsing\n\nValidate that the HE operation element has the correct\nlength before parsing it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "645f3d85129d",
"version_value": "f15e3e13e14c"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.8",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f15e3e13e14cc5ae8f950c16efe706add18ac8e2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f15e3e13e14cc5ae8f950c16efe706add18ac8e2"
},
{
"url": "https://git.kernel.org/stable/c/4dc3a3893dae5a7f73e5809273aca0f1f3548d55",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4dc3a3893dae5a7f73e5809273aca0f1f3548d55"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

136
2024/40xxx/CVE-2024-40931.json
View File

@ -1,18 +1,146 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40931",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: ensure snd_una is properly initialized on connect\n\nThis is strictly related to commit fb7a0d334894 (\"mptcp: ensure snd_nxt\nis properly initialized on connect\"). It turns out that syzkaller can\ntrigger the retransmit after fallback and before processing any other\nincoming packet - so that snd_una is still left uninitialized.\n\nAddress the issue explicitly initializing snd_una together with snd_nxt\nand write_seq."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8fd738049ac3",
"version_value": "208cd22ef5e5"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.9",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.9",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.221",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.162",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/208cd22ef5e57f82d38ec11c1a1703f9401d6dde",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/208cd22ef5e57f82d38ec11c1a1703f9401d6dde"
},
{
"url": "https://git.kernel.org/stable/c/7b9c7fc8600b64a86e4b47b2d190bba380267726",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7b9c7fc8600b64a86e4b47b2d190bba380267726"
},
{
"url": "https://git.kernel.org/stable/c/f03c46eabb3a67bd2993e237ab5517f00a5f1813",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f03c46eabb3a67bd2993e237ab5517f00a5f1813"
},
{
"url": "https://git.kernel.org/stable/c/f1f0a46f8bb8890b90ab7194f0a0c8fe2a3fb57f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f1f0a46f8bb8890b90ab7194f0a0c8fe2a3fb57f"
},
{
"url": "https://git.kernel.org/stable/c/ef473bf1dd7e8dd08bcc04b9e2d1bfed69a0a7ce",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ef473bf1dd7e8dd08bcc04b9e2d1bfed69a0a7ce"
},
{
"url": "https://git.kernel.org/stable/c/8031b58c3a9b1db3ef68b3bd749fbee2e1e1aaa3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8031b58c3a9b1db3ef68b3bd749fbee2e1e1aaa3"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

148
2024/40xxx/CVE-2024-40932.json
View File

@ -1,18 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40932",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos/vidi: fix memory leak in .get_modes()\n\nThe duplicated EDID is never freed. Fix it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "540ca99729e2"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.19.317",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.279",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.221",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.162",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/540ca99729e28dbe902b01039a3b4bd74520a819",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/540ca99729e28dbe902b01039a3b4bd74520a819"
},
{
"url": "https://git.kernel.org/stable/c/ebcf81504fef03f701b9711e43fea4fe2d82ebc8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ebcf81504fef03f701b9711e43fea4fe2d82ebc8"
},
{
"url": "https://git.kernel.org/stable/c/0acc356da8546b5c55aabfc2e2c5caa0ac9b0003",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0acc356da8546b5c55aabfc2e2c5caa0ac9b0003"
},
{
"url": "https://git.kernel.org/stable/c/777838c9b571674ef14dbddf671f372265879226",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/777838c9b571674ef14dbddf671f372265879226"
},
{
"url": "https://git.kernel.org/stable/c/dcba6bedb439581145d8aa6b0925209f23184ae1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dcba6bedb439581145d8aa6b0925209f23184ae1"
},
{
"url": "https://git.kernel.org/stable/c/a269c5701244db2722ae0fce5d1854f5d8f31224",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a269c5701244db2722ae0fce5d1854f5d8f31224"
},
{
"url": "https://git.kernel.org/stable/c/cb3ac233434dba130281db330c4b15665b2d2c4d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cb3ac233434dba130281db330c4b15665b2d2c4d"
},
{
"url": "https://git.kernel.org/stable/c/38e3825631b1f314b21e3ade00b5a4d737eb054e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/38e3825631b1f314b21e3ade00b5a4d737eb054e"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

92
2024/40xxx/CVE-2024-40933.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40933",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: temperature: mlx90635: Fix ERR_PTR dereference in mlx90635_probe()\n\nWhen devm_regmap_init_i2c() fails, regmap_ee could be error pointer,\ninstead of checking for IS_ERR(regmap_ee), regmap is checked which looks\nlike a copy paste error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "a1d1ba5e1c28",
"version_value": "5a5595ae8cc7"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.8",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/5a5595ae8cc7cdaa1a10b56a26ddbe3429245c6c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5a5595ae8cc7cdaa1a10b56a26ddbe3429245c6c"
},
{
"url": "https://git.kernel.org/stable/c/a23c14b062d8800a2192077d83273bbfe6c7552d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a23c14b062d8800a2192077d83273bbfe6c7552d"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

167
2024/40xxx/CVE-2024-40934.json
View File

@ -1,18 +1,177 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40934",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()\n\nFix a memory leak on logi_dj_recv_send_report() error path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "cf48a7ba5c09",
"version_value": "15122dc140d8"
},
{
"version_affected": "<",
"version_name": "e38a6f12685d",
"version_value": "caa9c9acb93d"
},
{
"version_affected": "<",
"version_name": "4fb28379b3c7",
"version_value": "a0503757947f"
},
{
"version_affected": "<",
"version_name": "6e5960954151",
"version_value": "789c99a1d7d2"
},
{
"version_affected": "<",
"version_name": "6f20d3261265",
"version_value": "f677ca8cfefe"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.6",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.279",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.221",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.162",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/15122dc140d82c51c216535c57b044c4587aae45",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/15122dc140d82c51c216535c57b044c4587aae45"
},
{
"url": "https://git.kernel.org/stable/c/caa9c9acb93db7ad7b74b157cf101579bac9596d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/caa9c9acb93db7ad7b74b157cf101579bac9596d"
},
{
"url": "https://git.kernel.org/stable/c/a0503757947f2e46e59c1962326b53b3208c8213",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a0503757947f2e46e59c1962326b53b3208c8213"
},
{
"url": "https://git.kernel.org/stable/c/789c99a1d7d2c8f6096d75fc2930505840ec9ea0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/789c99a1d7d2c8f6096d75fc2930505840ec9ea0"
},
{
"url": "https://git.kernel.org/stable/c/f677ca8cfefee2a729ca315f660cd4868abdf8de",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f677ca8cfefee2a729ca315f660cd4868abdf8de"
},
{
"url": "https://git.kernel.org/stable/c/1df2ead5dfad5f8f92467bd94889392d53100b98",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1df2ead5dfad5f8f92467bd94889392d53100b98"
},
{
"url": "https://git.kernel.org/stable/c/ce3af2ee95170b7d9e15fff6e500d67deab1e7b3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ce3af2ee95170b7d9e15fff6e500d67deab1e7b3"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

114
2024/40xxx/CVE-2024-40935.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40935",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: flush all requests after setting CACHEFILES_DEAD\n\nIn ondemand mode, when the daemon is processing an open request, if the\nkernel flags the cache as CACHEFILES_DEAD, the cachefiles_daemon_write()\nwill always return -EIO, so the daemon can't pass the copen to the kernel.\nThen the kernel process that is waiting for the copen triggers a hung_task.\n\nSince the DEAD state is irreversible, it can only be exited by closing\n/dev/cachefiles. Therefore, after calling cachefiles_io_error() to mark\nthe cache as CACHEFILES_DEAD, if in ondemand mode, flush all requests to\navoid the above hungtask. We may still be able to read some of the cached\ndata before closing the fd of /dev/cachefiles.\n\nNote that this relies on the patch that adds reference counting to the req,\notherwise it may UAF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "c8383054506c",
"version_value": "320ba9cbca78"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.19",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.19",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/320ba9cbca78be79c912143bbba1d1b35ca55cf0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/320ba9cbca78be79c912143bbba1d1b35ca55cf0"
},
{
"url": "https://git.kernel.org/stable/c/3bf0b8030296e9ee60d3d4c15849ad9ac0b47081",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3bf0b8030296e9ee60d3d4c15849ad9ac0b47081"
},
{
"url": "https://git.kernel.org/stable/c/e73fac95084839c5178d97e81c6a2051251bdc00",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e73fac95084839c5178d97e81c6a2051251bdc00"
},
{
"url": "https://git.kernel.org/stable/c/85e833cd7243bda7285492b0653c3abb1e2e757b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/85e833cd7243bda7285492b0653c3abb1e2e757b"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

103
2024/40xxx/CVE-2024-40936.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40936",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Fix memregion leaks in devm_cxl_add_region()\n\nMove the mode verification to __create_region() before allocating the\nmemregion to avoid the memregion leaks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6e099264185d",
"version_value": "d8316838aa06"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.3",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.3",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d8316838aa0686da63a8be4194b7a17b0103ae4a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d8316838aa0686da63a8be4194b7a17b0103ae4a"
},
{
"url": "https://git.kernel.org/stable/c/bbb5d8746381c82f7e0fb6171094d375b492f266",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bbb5d8746381c82f7e0fb6171094d375b492f266"
},
{
"url": "https://git.kernel.org/stable/c/49ba7b515c4c0719b866d16f068e62d16a8a3dd1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/49ba7b515c4c0719b866d16f068e62d16a8a3dd1"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

125
2024/40xxx/CVE-2024-40937.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40937",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Clear napi->skb before dev_kfree_skb_any()\n\ngve_rx_free_skb incorrectly leaves napi->skb referencing an skb after it\nis freed with dev_kfree_skb_any(). This can result in a subsequent call\nto napi_get_frags returning a dangling pointer.\n\nFix this by clearing napi->skb before the skb is freed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9b8dd5e5ea48",
"version_value": "75afd8724739"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.14",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.162",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/75afd8724739ee5ed8165acde5f6ac3988b485cc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/75afd8724739ee5ed8165acde5f6ac3988b485cc"
},
{
"url": "https://git.kernel.org/stable/c/d221284991118c0ab16480b53baecd857c0bc442",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d221284991118c0ab16480b53baecd857c0bc442"
},
{
"url": "https://git.kernel.org/stable/c/2ce5341c36993b776012601921d7688693f8c037",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2ce5341c36993b776012601921d7688693f8c037"
},
{
"url": "https://git.kernel.org/stable/c/a68184d5b420ea4fc7e6b7ceb52bbc66f90d3c50",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a68184d5b420ea4fc7e6b7ceb52bbc66f90d3c50"
},
{
"url": "https://git.kernel.org/stable/c/6f4d93b78ade0a4c2cafd587f7b429ce95abb02e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6f4d93b78ade0a4c2cafd587f7b429ce95abb02e"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

114
2024/40xxx/CVE-2024-40938.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40938",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Fix d_parent walk\n\nThe WARN_ON_ONCE() in collect_domain_accesses() can be triggered when\ntrying to link a root mount point. This cannot work in practice because\nthis directory is mounted, but the VFS check is done after the call to\nsecurity_path_link().\n\nDo not use source directory's d_parent when the source directory is the\nmount point.\n\n[mic: Fix commit message]"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "b91c3e4ea756",
"version_value": "b6e5e6964358"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.19",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.19",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b6e5e696435832b33e40775f060ef5c95f4fda1f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b6e5e696435832b33e40775f060ef5c95f4fda1f"
},
{
"url": "https://git.kernel.org/stable/c/cc30d05b34f9a087a6928d09b131f7b491e9ab11",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cc30d05b34f9a087a6928d09b131f7b491e9ab11"
},
{
"url": "https://git.kernel.org/stable/c/c7618c7b0b8c45bcef34410cc1d1e953eb17f8f6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c7618c7b0b8c45bcef34410cc1d1e953eb17f8f6"
},
{
"url": "https://git.kernel.org/stable/c/88da52ccd66e65f2e63a6c35c9dff55d448ef4dc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/88da52ccd66e65f2e63a6c35c9dff55d448ef4dc"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

114
2024/40xxx/CVE-2024-40939.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40939",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: iosm: Fix tainted pointer delete is case of region creation fail\n\nIn case of region creation fail in ipc_devlink_create_region(), previously\ncreated regions delete process starts from tainted pointer which actually\nholds error code value.\nFix this bug by decreasing region index before delete.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4dcd183fbd67",
"version_value": "fe394d59cdae"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.16",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.16",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/fe394d59cdae81389dbf995e87c83c1acd120597",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fe394d59cdae81389dbf995e87c83c1acd120597"
},
{
"url": "https://git.kernel.org/stable/c/040d9384870386eb5dc55472ac573ac7756b2050",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/040d9384870386eb5dc55472ac573ac7756b2050"
},
{
"url": "https://git.kernel.org/stable/c/37a438704d19bdbe246d51d3749b6b3a8fe65afd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/37a438704d19bdbe246d51d3749b6b3a8fe65afd"
},
{
"url": "https://git.kernel.org/stable/c/b0c9a26435413b81799047a7be53255640432547",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b0c9a26435413b81799047a7be53255640432547"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

98
2024/6xxx/CVE-2024-6743.json
View File

@ -1,17 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6743",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "AguardNet's Space Management System does not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AguardNet",
"product": {
"product_data": [
{
"product_name": "Space Management System",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "all",
"version_value": "2024-04-09-3302"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7932-a6d4d-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-7932-a6d4d-1.html"
},
{
"url": "https://www.twcert.org.tw/en/cp-139-7933-9a38d-2.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/en/cp-139-7933-9a38d-2.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TVN-202407009",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Update to 2024-04-09-3302 or later version.</span>\n\n<br>"
}
],
"value": "Update to 2024-04-09-3302 or later version."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

98
2024/6xxx/CVE-2024-6744.json
View File

@ -1,17 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6744",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Overflow vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the remote server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cellopoint",
"product": {
"product_data": [
{
"product_name": "Secure Email Gateway",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "all",
"version_value": "4.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7936-f6381-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-7936-f6381-1.html"
},
{
"url": "https://www.twcert.org.tw/en/cp-139-7937-acbb5-2.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/en/cp-139-7937-acbb5-2.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TVN-202407010",
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Install the patch Build_20240529 or later</span>\n\n<br>"
}
],
"value": "Install the patch Build_20240529 or later"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2024/6xxx/CVE-2024-6745.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6745",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/6xxx/CVE-2024-6746.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6746",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}