admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-05-17 12:00:35 +00:00
parent 5af09ad6b3
commit 2ed1378376
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
22 changed files with 2490 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
2023/52xxx/CVE-2023-52657.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-52657",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/amd/pm: resolve reboot exception for si oland\"\n\nThis reverts commit e490d60a2f76bff636c68ce4fe34c1b6c34bbd86.\n\nThis causes hangs on SI when DC is enabled and errors on driver\nreboot and power off cycles."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "e490d60a2f76",
"version_value": "2e443ed55fe3"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.4",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.4",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.81",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.21",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.9",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/2e443ed55fe3ffb08327b331a9f45e9382413c94",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2e443ed55fe3ffb08327b331a9f45e9382413c94"
},
{
"url": "https://git.kernel.org/stable/c/baac292852c0e347626fb5436916947188e5838f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/baac292852c0e347626fb5436916947188e5838f"
},
{
"url": "https://git.kernel.org/stable/c/c51468ac328d3922747be55507c117e47da813e6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c51468ac328d3922747be55507c117e47da813e6"
},
{
"url": "https://git.kernel.org/stable/c/955558030954b9637b41c97b730f9b38c92ac488",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/955558030954b9637b41c97b730f9b38c92ac488"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
}
}

114
2024/27xxx/CVE-2024-27402.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27402",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphonet/pep: fix racy skb_queue_empty() use\n\nThe receive queues are protected by their respective spin-lock, not\nthe socket lock. This could lead to skb_peek() unexpectedly\nreturning NULL or a pointer to an already dequeued socket buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9641458d3ec4",
"version_value": "9d5523e065b5"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.28",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.28",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.80",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.19",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.7",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/9d5523e065b568e79dfaa2ea1085a5bcf74baf78",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9d5523e065b568e79dfaa2ea1085a5bcf74baf78"
},
{
"url": "https://git.kernel.org/stable/c/0a9f558c72c47472c38c05fcb72c70abb9104277",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0a9f558c72c47472c38c05fcb72c70abb9104277"
},
{
"url": "https://git.kernel.org/stable/c/8ef4fcc7014b9f93619851d6b78d6cc2789a4c88",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8ef4fcc7014b9f93619851d6b78d6cc2789a4c88"
},
{
"url": "https://git.kernel.org/stable/c/7d2a894d7f487dcb894df023e9d3014cf5b93fe5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7d2a894d7f487dcb894df023e9d3014cf5b93fe5"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
}
}

125
2024/27xxx/CVE-2024-27403.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27403",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_flow_offload: reset dst in route object after setting up flow\n\ndst is transferred to the flow object, route object does not own it\nanymore. Reset dst in route object, otherwise if flow_offload_add()\nfails, error path releases dst twice, leading to a refcount underflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "a3c90f7a2323",
"version_value": "4c167af9f6b5"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.16",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.16",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.150",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.80",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.19",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.7",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/4c167af9f6b5ae4a5dbc243d5983c295ccc2e43c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4c167af9f6b5ae4a5dbc243d5983c295ccc2e43c"
},
{
"url": "https://git.kernel.org/stable/c/012df10717da02367aaf92c65f9c89db206c15f4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/012df10717da02367aaf92c65f9c89db206c15f4"
},
{
"url": "https://git.kernel.org/stable/c/558b00a30e05753a62ecc7e05e939ca8f0241148",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/558b00a30e05753a62ecc7e05e939ca8f0241148"
},
{
"url": "https://git.kernel.org/stable/c/670548c8db44d76e40e1dfc06812bca36a61e9ae",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/670548c8db44d76e40e1dfc06812bca36a61e9ae"
},
{
"url": "https://git.kernel.org/stable/c/9e0f0430389be7696396c62f037be4bf72cf93e3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9e0f0430389be7696396c62f037be4bf72cf93e3"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
}
}

114
2024/27xxx/CVE-2024-27404.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27404",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix data races on remote_id\n\nSimilar to the previous patch, address the data race on\nremote_id, adding the suitable ONCE annotations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "bedee0b56113",
"version_value": "e64148635509"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.0",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.0",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.81",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.19",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.7",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e64148635509bf13eea851986f5a0b150e5bd066",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e64148635509bf13eea851986f5a0b150e5bd066"
},
{
"url": "https://git.kernel.org/stable/c/2dba5774e8ed326a78ad4339d921a4291281ea6e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2dba5774e8ed326a78ad4339d921a4291281ea6e"
},
{
"url": "https://git.kernel.org/stable/c/987c3ed7297e5661bc7f448f06fc366e497ac9b2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/987c3ed7297e5661bc7f448f06fc366e497ac9b2"
},
{
"url": "https://git.kernel.org/stable/c/967d3c27127e71a10ff5c083583a038606431b61",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/967d3c27127e71a10ff5c083583a038606431b61"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
}
}

158
2024/27xxx/CVE-2024-27405.json
View File

@ -1,18 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27405",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs\n\nIt is observed sometimes when tethering is used over NCM with Windows 11\nas host, at some instances, the gadget_giveback has one byte appended at\nthe end of a proper NTB. When the NTB is parsed, unwrap call looks for\nany leftover bytes in SKB provided by u_ether and if there are any pending\nbytes, it treats them as a separate NTB and parses it. But in case the\nsecond NTB (as per unwrap call) is faulty/corrupt, all the datagrams that\nwere parsed properly in the first NTB and saved in rx_list are dropped.\n\nAdding a few custom traces showed the following:\n[002] d..1 7828.532866: dwc3_gadget_giveback: ep1out:\nreq 000000003868811a length 1025/16384 zsI ==> 0\n[002] d..1 7828.532867: ncm_unwrap_ntb: K: ncm_unwrap_ntb toprocess: 1025\n[002] d..1 7828.532867: ncm_unwrap_ntb: K: ncm_unwrap_ntb nth: 1751999342\n[002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb seq: 0xce67\n[002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb blk_len: 0x400\n[002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb ndp_len: 0x10\n[002] d..1 7828.532869: ncm_unwrap_ntb: K: Parsed NTB with 1 frames\n\nIn this case, the giveback is of 1025 bytes and block length is 1024.\nThe rest 1 byte (which is 0x00) won't be parsed resulting in drop of\nall datagrams in rx_list.\n\nSame is case with packets of size 2048:\n[002] d..1 7828.557948: dwc3_gadget_giveback: ep1out:\nreq 0000000011dfd96e length 2049/16384 zsI ==> 0\n[002] d..1 7828.557949: ncm_unwrap_ntb: K: ncm_unwrap_ntb nth: 1751999342\n[002] d..1 7828.557950: ncm_unwrap_ntb: K: ncm_unwrap_ntb blk_len: 0x800\n\nLecroy shows one byte coming in extra confirming that the byte is coming\nin from PC:\n\n Transfer 2959 - Bytes Transferred(1025) Timestamp((18.524 843 590)\n - Transaction 8391 - Data(1025 bytes) Timestamp(18.524 843 590)\n --- Packet 4063861\n Data(1024 bytes)\n Duration(2.117us) Idle(14.700ns) Timestamp(18.524 843 590)\n --- Packet 4063863\n Data(1 byte)\n Duration(66.160ns) Time(282.000ns) Timestamp(18.524 845 722)\n\nAccording to Windows driver, no ZLP is needed if wBlockLength is non-zero,\nbecause the non-zero wBlockLength has already told the function side the\nsize of transfer to be expected. However, there are in-market NCM devices\nthat rely on ZLP as long as the wBlockLength is multiple of wMaxPacketSize.\nTo deal with such devices, it pads an extra 0 at end so the transfer is no\nlonger multiple of wMaxPacketSize."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9f6ce4240a2b",
"version_value": "059285e04ebb"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.38",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.38",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.308",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.270",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.211",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.150",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.80",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.19",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.7",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/059285e04ebb273d32323fbad5431c5b94f77e48",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/059285e04ebb273d32323fbad5431c5b94f77e48"
},
{
"url": "https://git.kernel.org/stable/c/a31cf46d108dabce3df80b3e5c07661e24912151",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a31cf46d108dabce3df80b3e5c07661e24912151"
},
{
"url": "https://git.kernel.org/stable/c/57ca0e16f393bb21d69734e536e383a3a4c665fd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/57ca0e16f393bb21d69734e536e383a3a4c665fd"
},
{
"url": "https://git.kernel.org/stable/c/2cb66b62a5d64ccf09b0591ab86fb085fa491fc5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2cb66b62a5d64ccf09b0591ab86fb085fa491fc5"
},
{
"url": "https://git.kernel.org/stable/c/35b604a37ec70d68b19dafd10bbacf1db505c9ca",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/35b604a37ec70d68b19dafd10bbacf1db505c9ca"
},
{
"url": "https://git.kernel.org/stable/c/2b7ec68869d50ea998908af43b643bca7e54577e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2b7ec68869d50ea998908af43b643bca7e54577e"
},
{
"url": "https://git.kernel.org/stable/c/c7f43900bc723203d7554d299a2ce844054fab8e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c7f43900bc723203d7554d299a2ce844054fab8e"
},
{
"url": "https://git.kernel.org/stable/c/76c51146820c5dac629f21deafab0a7039bc3ccd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/76c51146820c5dac629f21deafab0a7039bc3ccd"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
}
}

103
2024/27xxx/CVE-2024-27406.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27406",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/Kconfig.debug: TEST_IOV_ITER depends on MMU\n\nTrying to run the iov_iter unit test on a nommu system such as the qemu\nkc705-nommu emulation results in a crash.\n\n KTAP version 1\n # Subtest: iov_iter\n # module: kunit_iov_iter\n 1..9\nBUG: failure at mm/nommu.c:318/vmap()!\nKernel panic - not syncing: BUG!\n\nThe test calls vmap() directly, but vmap() is not supported on nommu\nsystems, causing the crash. TEST_IOV_ITER therefore needs to depend on\nMMU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2d71340ff1d4",
"version_value": "e6316749d603"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.6",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.19",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.7",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e6316749d603fe9c4c91f6ec3694e06e4de632a3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e6316749d603fe9c4c91f6ec3694e06e4de632a3"
},
{
"url": "https://git.kernel.org/stable/c/9e6e541b97762d5b1143070067f7c68f39a408f8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9e6e541b97762d5b1143070067f7c68f39a408f8"
},
{
"url": "https://git.kernel.org/stable/c/1eb1e984379e2da04361763f66eec90dd75cf63e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1eb1e984379e2da04361763f66eec90dd75cf63e"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
}
}

93
2024/27xxx/CVE-2024-27407.json
View File

@ -1,18 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27407",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fixed overflow check in mi_enum_attr()"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "8c77398c7261"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6.19",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.7",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/8c77398c72618101d66480b94b34fe9087ee3d08",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8c77398c72618101d66480b94b34fe9087ee3d08"
},
{
"url": "https://git.kernel.org/stable/c/1c0a95d99b1b2b5d842e5abc7ef7eed1193b60d7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1c0a95d99b1b2b5d842e5abc7ef7eed1193b60d7"
},
{
"url": "https://git.kernel.org/stable/c/652cfeb43d6b9aba5c7c4902bed7a7340df131fb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/652cfeb43d6b9aba5c7c4902bed7a7340df131fb"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
}
}

103
2024/27xxx/CVE-2024-27408.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27408",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup\n\nThe Linked list element and pointer are not stored in the same memory as\nthe eDMA controller register. If the doorbell register is toggled before\nthe full write of the linked list a race condition error will occur.\nIn remote setup we can only use a readl to the memory to assure the full\nwrite has occurred."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7e4b8a4fbe2c",
"version_value": "d24fe6d5a1cf"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.3",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.3",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.21",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.9",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d24fe6d5a1cfdddb7a9ef56736ec501c4d0a5fd3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d24fe6d5a1cfdddb7a9ef56736ec501c4d0a5fd3"
},
{
"url": "https://git.kernel.org/stable/c/f396b4df27cfe01a99f4b41f584c49e56477be3a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f396b4df27cfe01a99f4b41f584c49e56477be3a"
},
{
"url": "https://git.kernel.org/stable/c/bbcc1c83f343e580c3aa1f2a8593343bf7b55bba",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bbcc1c83f343e580c3aa1f2a8593343bf7b55bba"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
}
}

103
2024/27xxx/CVE-2024-27409.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27409",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup\n\nThe Linked list element and pointer are not stored in the same memory as\nthe HDMA controller register. If the doorbell register is toggled before\nthe full write of the linked list a race condition error will occur.\nIn remote setup we can only use a readl to the memory to assure the full\nwrite has occurred."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "e74c39573d35",
"version_value": "227ef58a9b0c"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.5",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.5",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.21",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.9",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/227ef58a9b0c372efba422e8886a8015a1509eba",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/227ef58a9b0c372efba422e8886a8015a1509eba"
},
{
"url": "https://git.kernel.org/stable/c/17be6f5cb223f22e4733ed8fe8b2247cbb677716",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/17be6f5cb223f22e4733ed8fe8b2247cbb677716"
},
{
"url": "https://git.kernel.org/stable/c/712a92a48158e02155b4b6b21e03a817f78c9b7e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/712a92a48158e02155b4b6b21e03a817f78c9b7e"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
}
}

158
2024/27xxx/CVE-2024-27410.json
View File

@ -1,18 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27410",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: reject iftype change with mesh ID change\n\nIt's currently possible to change the mesh ID when the\ninterface isn't yet in mesh mode, at the same time as\nchanging it into mesh mode. This leads to an overwrite\nof data in the wdev->u union for the interface type it\ncurrently has, causing cfg80211_change_iface() to do\nwrong things when switching.\n\nWe could probably allow setting an interface to mesh\nwhile setting the mesh ID at the same time by doing a\ndifferent order of operations here, but realistically\nthere's no userspace that's going to do this, so just\ndisallow changes in iftype when setting mesh ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "29cbe68c516a",
"version_value": "d38d31bbbb9d"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.38",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.38",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.309",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.271",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.212",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.151",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.81",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.21",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.9",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d38d31bbbb9dc0d4d71a45431eafba03d0bc150d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d38d31bbbb9dc0d4d71a45431eafba03d0bc150d"
},
{
"url": "https://git.kernel.org/stable/c/0cfbb26ee5e7b3d6483a73883f9f6157bca22ec9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0cfbb26ee5e7b3d6483a73883f9f6157bca22ec9"
},
{
"url": "https://git.kernel.org/stable/c/99eb2159680af8786104dac80528acd5acd45980",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/99eb2159680af8786104dac80528acd5acd45980"
},
{
"url": "https://git.kernel.org/stable/c/063715c33b4c37587aeca2c83cf08ead0c542995",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/063715c33b4c37587aeca2c83cf08ead0c542995"
},
{
"url": "https://git.kernel.org/stable/c/930e826962d9f01dcd2220176134427358d112f2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/930e826962d9f01dcd2220176134427358d112f2"
},
{
"url": "https://git.kernel.org/stable/c/177d574be4b58f832354ab1ef5a297aa0c9aa2df",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/177d574be4b58f832354ab1ef5a297aa0c9aa2df"
},
{
"url": "https://git.kernel.org/stable/c/a2add961a5ed25cfd6a74f9ffb9e7ab6d6ded838",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a2add961a5ed25cfd6a74f9ffb9e7ab6d6ded838"
},
{
"url": "https://git.kernel.org/stable/c/f78c1375339a291cba492a70eaf12ec501d28a8e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f78c1375339a291cba492a70eaf12ec501d28a8e"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
}
}

72
2024/27xxx/CVE-2024-27411.json
View File

@ -1,18 +1,82 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27411",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: keep DMA buffers required for suspend/resume\n\nNouveau deallocates a few buffers post GPU init which are required for GPU suspend/resume to function correctly.\nThis is likely not as big an issue on systems where the NVGPU is the only GPU, but on multi-GPU set ups it leads to a regression where the kernel module errors and results in a system-wide rendering freeze.\n\nThis commit addresses that regression by moving the two buffers required for suspend and resume to be deallocated at driver unload instead of post init."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6190d4c08897",
"version_value": "be00e15b240e"
},
{
"version_affected": "<",
"version_name": "042b5f83841f",
"version_value": "f6ecfdad359a"
},
{
"version_affected": "<",
"version_name": "6.7.6",
"version_value": "6.7.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/be00e15b240ed71fc30c0576af7ab670c8271661",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/be00e15b240ed71fc30c0576af7ab670c8271661"
},
{
"url": "https://git.kernel.org/stable/c/f6ecfdad359a01c7fd8a3bcfde3ef0acdf107e6e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f6ecfdad359a01c7fd8a3bcfde3ef0acdf107e6e"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
}
}

183
2024/27xxx/CVE-2024-27412.json
View File

@ -1,18 +1,193 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27412",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: bq27xxx-i2c: Do not free non existing IRQ\n\nThe bq27xxx i2c-client may not have an IRQ, in which case\nclient->irq will be 0. bq27xxx_battery_i2c_probe() already has\nan if (client->irq) check wrapping the request_threaded_irq().\n\nBut bq27xxx_battery_i2c_remove() unconditionally calls\nfree_irq(client->irq) leading to:\n\n[ 190.310742] ------------[ cut here ]------------\n[ 190.310843] Trying to free already-free IRQ 0\n[ 190.310861] WARNING: CPU: 2 PID: 1304 at kernel/irq/manage.c:1893 free_irq+0x1b8/0x310\n\nFollowed by a backtrace when unbinding the driver. Add\nan if (client->irq) to bq27xxx_battery_i2c_remove() mirroring\nprobe() to fix this."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "76d2ed844def",
"version_value": "d4d813c0a14d"
},
{
"version_affected": "<",
"version_name": "dafe9136be7b",
"version_value": "7394abc8926a"
},
{
"version_affected": "<",
"version_name": "1da9a4b55a66",
"version_value": "d7acc4a569f5"
},
{
"version_affected": "<",
"version_name": "e01820a94aea",
"version_value": "e601ae81910c"
},
{
"version_affected": "<",
"version_name": "e65fee45687f",
"version_value": "cefe18e9ec84"
},
{
"version_affected": "<",
"version_name": "444ff00734f3",
"version_value": "fbca8bae1ba7"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.4",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.4",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.309",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.271",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.212",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.151",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.81",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.21",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.9",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d4d813c0a14d6bf52d810a55db06a2e7e3d98eaa",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d4d813c0a14d6bf52d810a55db06a2e7e3d98eaa"
},
{
"url": "https://git.kernel.org/stable/c/7394abc8926adee6a817bab10797e0adc898af77",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7394abc8926adee6a817bab10797e0adc898af77"
},
{
"url": "https://git.kernel.org/stable/c/d7acc4a569f5f4513120c85ea2b9f04909b7490f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d7acc4a569f5f4513120c85ea2b9f04909b7490f"
},
{
"url": "https://git.kernel.org/stable/c/e601ae81910ce6a3797876e190a2d8ef6cf828bc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e601ae81910ce6a3797876e190a2d8ef6cf828bc"
},
{
"url": "https://git.kernel.org/stable/c/cefe18e9ec84f8fe3e198ccebb815cc996eb9797",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cefe18e9ec84f8fe3e198ccebb815cc996eb9797"
},
{
"url": "https://git.kernel.org/stable/c/fbca8bae1ba79d443a58781b45e92a73a24ac8f8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fbca8bae1ba79d443a58781b45e92a73a24ac8f8"
},
{
"url": "https://git.kernel.org/stable/c/083686474e7c97b0f8b66df37fcb64e432e8b771",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/083686474e7c97b0f8b66df37fcb64e432e8b771"
},
{
"url": "https://git.kernel.org/stable/c/2df70149e73e79783bcbc7db4fa51ecef0e2022c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2df70149e73e79783bcbc7db4fa51ecef0e2022c"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
}
}

158
2024/27xxx/CVE-2024-27413.json
View File

@ -1,18 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27413",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi/capsule-loader: fix incorrect allocation size\n\ngcc-14 notices that the allocation with sizeof(void) on 32-bit architectures\nis not enough for a 64-bit phys_addr_t:\n\ndrivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open':\ndrivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size '4' for type 'phys_addr_t' {aka 'long long unsigned int'} with size '8' [-Werror=alloc-size]\n 295 | cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL);\n | ^\n\nUse the correct type instead here."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "f24c4d478013",
"version_value": "00cf21ac5260"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.15",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.15",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.309",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.271",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.212",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.151",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.81",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.21",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.9",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b"
},
{
"url": "https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd"
},
{
"url": "https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64"
},
{
"url": "https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050"
},
{
"url": "https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f"
},
{
"url": "https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492"
},
{
"url": "https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172"
},
{
"url": "https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
}
}

167
2024/27xxx/CVE-2024-27414.json
View File

@ -1,18 +1,177 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27414",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back\n\nIn the commit d73ef2d69c0d (\"rtnetlink: let rtnl_bridge_setlink checks\nIFLA_BRIDGE_MODE length\"), an adjustment was made to the old loop logic\nin the function `rtnl_bridge_setlink` to enable the loop to also check\nthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustment\nremoved the `break` statement and led to an error logic of the flags\nwriting back at the end of this function.\n\nif (have_flags)\n memcpy(nla_data(attr), &flags, sizeof(flags));\n // attr should point to IFLA_BRIDGE_FLAGS NLA !!!\n\nBefore the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.\nHowever, this is not necessarily true fow now as the updated loop will let\nthe attr point to the last NLA, even an invalid NLA which could cause\noverflow writes.\n\nThis patch introduces a new variable `br_flag` to save the NLA pointer\nthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentioned\nerror logic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ad46d4861ed3",
"version_value": "b9fbc44159df"
},
{
"version_affected": "<",
"version_name": "abb0172fa8dc",
"version_value": "882a51a10ecf"
},
{
"version_affected": "<",
"version_name": "047508edd602",
"version_value": "a1227b27fccc"
},
{
"version_affected": "<",
"version_name": "8dfac8071d58",
"version_value": "f2261eb994aa"
},
{
"version_affected": "<",
"version_name": "d73ef2d69c0d",
"version_value": "167d8642daa6"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.5",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.5",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.271",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.212",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.151",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.81",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.21",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.9",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b9fbc44159dfc3e9a7073032752d9e03f5194a6f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b9fbc44159dfc3e9a7073032752d9e03f5194a6f"
},
{
"url": "https://git.kernel.org/stable/c/882a51a10ecf24ce135d573afa0872aef02c5125",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/882a51a10ecf24ce135d573afa0872aef02c5125"
},
{
"url": "https://git.kernel.org/stable/c/a1227b27fcccc99dc44f912b479e01a17e2d7d31",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a1227b27fcccc99dc44f912b479e01a17e2d7d31"
},
{
"url": "https://git.kernel.org/stable/c/f2261eb994aa5757c1da046b78e3229a3ece0ad9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f2261eb994aa5757c1da046b78e3229a3ece0ad9"
},
{
"url": "https://git.kernel.org/stable/c/167d8642daa6a44b51de17f8ff0f584e1e762db7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/167d8642daa6a44b51de17f8ff0f584e1e762db7"
},
{
"url": "https://git.kernel.org/stable/c/831bc2728fb48a8957a824cba8c264b30dca1425",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/831bc2728fb48a8957a824cba8c264b30dca1425"
},
{
"url": "https://git.kernel.org/stable/c/743ad091fb46e622f1b690385bb15e3cd3daf874",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/743ad091fb46e622f1b690385bb15e3cd3daf874"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
}
}

125
2024/27xxx/CVE-2024-27415.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27415",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bridge: confirm multicast packets before passing them up the stack\n\nconntrack nf_confirm logic cannot handle cloned skbs referencing\nthe same nf_conn entry, which will happen for multicast (broadcast)\nframes on bridges.\n\n Example:\n macvlan0\n |\n br0\n / \\\n ethX ethY\n\n ethX (or Y) receives a L2 multicast or broadcast packet containing\n an IP packet, flow is not yet in conntrack table.\n\n 1. skb passes through bridge and fake-ip (br_netfilter)Prerouting.\n -> skb->_nfct now references a unconfirmed entry\n 2. skb is broad/mcast packet. bridge now passes clones out on each bridge\n interface.\n 3. skb gets passed up the stack.\n 4. In macvlan case, macvlan driver retains clone(s) of the mcast skb\n and schedules a work queue to send them out on the lower devices.\n\n The clone skb->_nfct is not a copy, it is the same entry as the\n original skb. The macvlan rx handler then returns RX_HANDLER_PASS.\n 5. Normal conntrack hooks (in NF_INET_LOCAL_IN) confirm the orig skb.\n\nThe Macvlan broadcast worker and normal confirm path will race.\n\nThis race will not happen if step 2 already confirmed a clone. In that\ncase later steps perform skb_clone() with skb->_nfct already confirmed (in\nhash table). This works fine.\n\nBut such confirmation won't happen when eb/ip/nftables rules dropped the\npackets before they reached the nf_confirm step in postrouting.\n\nPablo points out that nf_conntrack_bridge doesn't allow use of stateful\nnat, so we can safely discard the nf_conn entry and let inet call\nconntrack again.\n\nThis doesn't work for bridge netfilter: skb could have a nat\ntransformation. Also bridge nf prevents re-invocation of inet prerouting\nvia 'sabotage_in' hook.\n\nWork around this problem by explicit confirmation of the entry at LOCAL_IN\ntime, before upper layer has a chance to clone the unconfirmed entry.\n\nThe downside is that this disables NAT and conntrack helpers.\n\nAlternative fix would be to add locking to all code parts that deal with\nunconfirmed packets, but even if that could be done in a sane way this\nopens up other problems, for example:\n\n-m physdev --physdev-out eth0 -j SNAT --snat-to 1.2.3.4\n-m physdev --physdev-out eth1 -j SNAT --snat-to 1.2.3.5\n\nFor multicast case, only one of such conflicting mappings will be\ncreated, conntrack only handles 1:1 NAT mappings.\n\nUsers should set create a setup that explicitly marks such traffic\nNOTRACK (conntrack bypass) to avoid this, but we cannot auto-bypass\nthem, ruleset might have accept rules for untracked traffic already,\nso user-visible behaviour would change."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "7c3f28599652"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.12",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.151",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.81",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.21",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.9",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/7c3f28599652acf431a2211168de4a583f30b6d5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7c3f28599652acf431a2211168de4a583f30b6d5"
},
{
"url": "https://git.kernel.org/stable/c/2b1414d5e94e477edff1d2c79030f1d742625ea0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2b1414d5e94e477edff1d2c79030f1d742625ea0"
},
{
"url": "https://git.kernel.org/stable/c/80cd0487f630b5382734997c3e5e3003a77db315",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/80cd0487f630b5382734997c3e5e3003a77db315"
},
{
"url": "https://git.kernel.org/stable/c/cb734975b0ffa688ff6cc0eed463865bf07b6c01",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cb734975b0ffa688ff6cc0eed463865bf07b6c01"
},
{
"url": "https://git.kernel.org/stable/c/62e7151ae3eb465e0ab52a20c941ff33bb6332e9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/62e7151ae3eb465e0ab52a20c941ff33bb6332e9"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
}
}

183
2024/27xxx/CVE-2024-27416.json
View File

@ -1,18 +1,193 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27416",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST\n\nIf we received HCI_EV_IO_CAPA_REQUEST while\nHCI_OP_READ_REMOTE_EXT_FEATURES is yet to be responded assume the remote\ndoes support SSP since otherwise this event shouldn't be generated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ccb8618c972f",
"version_value": "afec8f772296"
},
{
"version_affected": "<",
"version_name": "1769ac55dbf3",
"version_value": "79820a7e1e05"
},
{
"version_affected": "<",
"version_name": "40a33a129d99",
"version_value": "df193568d612"
},
{
"version_affected": "<",
"version_name": "1ef071526848",
"version_value": "c3df637266df"
},
{
"version_affected": "<",
"version_name": "25e5d2883002",
"version_value": "30a5e812f78e"
},
{
"version_affected": "<",
"version_name": "c7f59461f5a7",
"version_value": "fba268ac36ab"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.6",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.309",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.271",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.212",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.151",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.81",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.21",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.9",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/afec8f772296dd8e5a2a6f83bbf99db1b9ca877f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/afec8f772296dd8e5a2a6f83bbf99db1b9ca877f"
},
{
"url": "https://git.kernel.org/stable/c/79820a7e1e057120c49be07cbe10643d0706b259",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/79820a7e1e057120c49be07cbe10643d0706b259"
},
{
"url": "https://git.kernel.org/stable/c/df193568d61234c81de7ed4d540c01975de60277",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/df193568d61234c81de7ed4d540c01975de60277"
},
{
"url": "https://git.kernel.org/stable/c/c3df637266df29edee85e94cab5fd7041e5753ba",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c3df637266df29edee85e94cab5fd7041e5753ba"
},
{
"url": "https://git.kernel.org/stable/c/30a5e812f78e3d1cced90e1ed750bf027599205f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/30a5e812f78e3d1cced90e1ed750bf027599205f"
},
{
"url": "https://git.kernel.org/stable/c/fba268ac36ab19f9763ff90d276cde0ce6cd5f31",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fba268ac36ab19f9763ff90d276cde0ce6cd5f31"
},
{
"url": "https://git.kernel.org/stable/c/8e2758cc25891d2b76717aaf89b40ed215de188c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8e2758cc25891d2b76717aaf89b40ed215de188c"
},
{
"url": "https://git.kernel.org/stable/c/7e74aa53a68bf60f6019bd5d9a9a1406ec4d4865",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7e74aa53a68bf60f6019bd5d9a9a1406ec4d4865"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
}
}

147
2024/27xxx/CVE-2024-27417.json
View File

@ -1,18 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27417",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix potential \"struct net\" leak in inet6_rtm_getaddr()\n\nIt seems that if userspace provides a correct IFA_TARGET_NETNSID value\nbut no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr()\nreturns -EINVAL with an elevated \"struct net\" refcount."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6ecf4c37eb3e",
"version_value": "9d4ffb5b9d87"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.20",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.20",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.271",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.212",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.151",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.81",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.21",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.9",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/9d4ffb5b9d879a75e4f7460e8b10e756b4dfb132",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9d4ffb5b9d879a75e4f7460e8b10e756b4dfb132"
},
{
"url": "https://git.kernel.org/stable/c/810fa7d5e5202fcfb22720304b755f1bdfd4c174",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/810fa7d5e5202fcfb22720304b755f1bdfd4c174"
},
{
"url": "https://git.kernel.org/stable/c/8a54834c03c30e549c33d5da0975f3e1454ec906",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8a54834c03c30e549c33d5da0975f3e1454ec906"
},
{
"url": "https://git.kernel.org/stable/c/1b0998fdd85776775d975d0024bca227597e836a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1b0998fdd85776775d975d0024bca227597e836a"
},
{
"url": "https://git.kernel.org/stable/c/44112bc5c74e64f28f5a9127dc34066c7a09bd0f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/44112bc5c74e64f28f5a9127dc34066c7a09bd0f"
},
{
"url": "https://git.kernel.org/stable/c/33a1b6bfef6def2068c8703403759024ce17053e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/33a1b6bfef6def2068c8703403759024ce17053e"
},
{
"url": "https://git.kernel.org/stable/c/10bfd453da64a057bcfd1a49fb6b271c48653cdb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/10bfd453da64a057bcfd1a49fb6b271c48653cdb"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
}
}

114
2024/27xxx/CVE-2024-27418.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27418",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: take ownership of skb in mctp_local_output\n\nCurrently, mctp_local_output only takes ownership of skb on success, and\nwe may leak an skb if mctp_local_output fails in specific states; the\nskb ownership isn't transferred until the actual output routing occurs.\n\nInstead, make mctp_local_output free the skb on all error paths up to\nthe route action, so it always consumes the passed skb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "833ef3b91de6",
"version_value": "a3c8fa54e904"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.15",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.81",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.21",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.9",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/a3c8fa54e904b0ddb52a08cc2d8ac239054f61fd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a3c8fa54e904b0ddb52a08cc2d8ac239054f61fd"
},
{
"url": "https://git.kernel.org/stable/c/cbebc55ceacef1fc0651e80e0103cc184552fc68",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cbebc55ceacef1fc0651e80e0103cc184552fc68"
},
{
"url": "https://git.kernel.org/stable/c/a639441c880ac479495e5ab37e3c29f21ae5771b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a639441c880ac479495e5ab37e3c29f21ae5771b"
},
{
"url": "https://git.kernel.org/stable/c/3773d65ae5154ed7df404b050fd7387a36ab5ef3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3773d65ae5154ed7df404b050fd7387a36ab5ef3"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
}
}

18
2024/35xxx/CVE-2024-35783.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35783",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

100
2024/5xxx/CVE-2024-5043.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5043",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. Affected by this issue is some unknown functionality of the file admin/setting.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264740. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in Emlog Pro 2.3.4 gefunden. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei admin/setting.php. Durch die Manipulation mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Emlog Pro",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.3.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.264740",
"refsource": "MISC",
"name": "https://vuldb.com/?id.264740"
},
{
"url": "https://vuldb.com/?ctiid.264740",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.264740"
},
{
"url": "https://vuldb.com/?submit.331854",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.331854"
},
{
"url": "https://github.com/ssteveez/emlog/blob/main/emlog%20pro%20version%202.3.4%20Admin%20side%20can%20upload%20arbitrary%20files%20and%20getshell.md",
"refsource": "MISC",
"name": "https://github.com/ssteveez/emlog/blob/main/emlog%20pro%20version%202.3.4%20Admin%20side%20can%20upload%20arbitrary%20files%20and%20getshell.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "bydsteve (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.7,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.7,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
}
]
}

100
2024/5xxx/CVE-2024-5044.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5044",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Emlog Pro 2.3.4. It has been classified as problematic. This affects an unknown part of the component Cookie Handler. The manipulation of the argument AuthCookie leads to improper authentication. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-264741 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in Emlog Pro 2.3.4 ausgemacht. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Cookie Handler. Durch Manipulation des Arguments AuthCookie mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Emlog Pro",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.3.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.264741",
"refsource": "MISC",
"name": "https://vuldb.com/?id.264741"
},
{
"url": "https://vuldb.com/?ctiid.264741",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.264741"
},
{
"url": "https://vuldb.com/?submit.331857",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.331857"
},
{
"url": "https://github.com/ssteveez/emlog/blob/main/emlog%20pro%20version%202.3.4%20has%20session(AuthCookie)%20persistence%20and%20any%20user%20login%20vulnerability.md",
"refsource": "MISC",
"name": "https://github.com/ssteveez/emlog/blob/main/emlog%20pro%20version%202.3.4%20has%20session(AuthCookie)%20persistence%20and%20any%20user%20login%20vulnerability.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "bydsteve (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.7,
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N"
}
]
}

18
2024/5xxx/CVE-2024-5061.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5061",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}