admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-02-26 02:02:50 +00:00
parent 117dc70dc4
commit 3482636079
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
4 changed files with 444 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
2022/49xxx/CVE-2022-49170.json
View File

@ -1,18 +1,125 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49170",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on curseg->alloc_type\n\nAs Wenqing Liu reported in bugzilla:\n\nhttps://bugzilla.kernel.org/show_bug.cgi?id=215657\n\n- Overview\nUBSAN: array-index-out-of-bounds in fs/f2fs/segment.c:3460:2 when mount and operate a corrupted image\n\n- Reproduce\ntested on kernel 5.17-rc4, 5.17-rc6\n\n1. mkdir test_crash\n2. cd test_crash\n3. unzip tmp2.zip\n4. mkdir mnt\n5. ./single_test.sh f2fs 2\n\n- Kernel dump\n[ 46.434454] loop0: detected capacity change from 0 to 131072\n[ 46.529839] F2FS-fs (loop0): Mounted with checkpoint version = 7548c2d9\n[ 46.738319] ================================================================================\n[ 46.738412] UBSAN: array-index-out-of-bounds in fs/f2fs/segment.c:3460:2\n[ 46.738475] index 231 is out of range for type 'unsigned int [2]'\n[ 46.738539] CPU: 2 PID: 939 Comm: umount Not tainted 5.17.0-rc6 #1\n[ 46.738547] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n[ 46.738551] Call Trace:\n[ 46.738556] <TASK>\n[ 46.738563] dump_stack_lvl+0x47/0x5c\n[ 46.738581] ubsan_epilogue+0x5/0x50\n[ 46.738592] __ubsan_handle_out_of_bounds+0x68/0x80\n[ 46.738604] f2fs_allocate_data_block+0xdff/0xe60 [f2fs]\n[ 46.738819] do_write_page+0xef/0x210 [f2fs]\n[ 46.738934] f2fs_do_write_node_page+0x3f/0x80 [f2fs]\n[ 46.739038] __write_node_page+0x2b7/0x920 [f2fs]\n[ 46.739162] f2fs_sync_node_pages+0x943/0xb00 [f2fs]\n[ 46.739293] f2fs_write_checkpoint+0x7bb/0x1030 [f2fs]\n[ 46.739405] kill_f2fs_super+0x125/0x150 [f2fs]\n[ 46.739507] deactivate_locked_super+0x60/0xc0\n[ 46.739517] deactivate_super+0x70/0xb0\n[ 46.739524] cleanup_mnt+0x11a/0x200\n[ 46.739532] __cleanup_mnt+0x16/0x20\n[ 46.739538] task_work_run+0x67/0xa0\n[ 46.739547] exit_to_user_mode_prepare+0x18c/0x1a0\n[ 46.739559] syscall_exit_to_user_mode+0x26/0x40\n[ 46.739568] do_syscall_64+0x46/0xb0\n[ 46.739584] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe root cause is we missed to do sanity check on curseg->alloc_type,\nresult in out-of-bound accessing on sbi->block_count[] array, fix it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "498b7088db71f9707359448cd6800bbb1882f4c3"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.10.110",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.33",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.16.19",
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.17.2",
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.18",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/498b7088db71f9707359448cd6800bbb1882f4c3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/498b7088db71f9707359448cd6800bbb1882f4c3"
},
{
"url": "https://git.kernel.org/stable/c/f68caedf264a95c0b02dfd0d9f92ac2637d5848a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f68caedf264a95c0b02dfd0d9f92ac2637d5848a"
},
{
"url": "https://git.kernel.org/stable/c/0748a0f7dcb9d9dddc80302d73ebcecef6782ef0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0748a0f7dcb9d9dddc80302d73ebcecef6782ef0"
},
{
"url": "https://git.kernel.org/stable/c/c12765e3f129b144421c80d3383df885f85ee290",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c12765e3f129b144421c80d3383df885f85ee290"
},
{
"url": "https://git.kernel.org/stable/c/f41ee8b91c00770d718be2ff4852a80017ae9ab3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f41ee8b91c00770d718be2ff4852a80017ae9ab3"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

159
2022/49xxx/CVE-2022-49171.json
View File

@ -1,18 +1,169 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49171",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: don't BUG if someone dirty pages without asking ext4 first\n\n[un]pin_user_pages_remote is dirtying pages without properly warning\nthe file system in advance. A related race was noted by Jan Kara in\n2018[1]; however, more recently instead of it being a very hard-to-hit\nrace, it could be reliably triggered by process_vm_writev(2) which was\ndiscovered by Syzbot[2].\n\nThis is technically a bug in mm/gup.c, but arguably ext4 is fragile in\nthat if some other kernel subsystem dirty pages without properly\nnotifying the file system using page_mkwrite(), ext4 will BUG, while\nother file systems will not BUG (although data will still be lost).\n\nSo instead of crashing with a BUG, issue a warning (since there may be\npotential data loss) and just mark the page as clean to avoid\nunprivileged denial of service attacks until the problem can be\nproperly fixed. More discussion and background can be found in the\nthread starting at [2].\n\n[1] https://lore.kernel.org/linux-mm/20180103100430.GE4911@quack2.suse.cz\n[2] https://lore.kernel.org/r/Yg0m6IjcNmfaSokM@google.com"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "5db60e76edf5680ff1f3a7221036fc44b308f146"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.9.311",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.276",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.238",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.189",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.110",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.33",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.16.19",
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.17.2",
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.18",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/5db60e76edf5680ff1f3a7221036fc44b308f146",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5db60e76edf5680ff1f3a7221036fc44b308f146"
},
{
"url": "https://git.kernel.org/stable/c/d666dfaa571465a19f014534a214c255ea33f301",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d666dfaa571465a19f014534a214c255ea33f301"
},
{
"url": "https://git.kernel.org/stable/c/0d3a6926f7e8be3c897fa46216ce13b119a9f56a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0d3a6926f7e8be3c897fa46216ce13b119a9f56a"
},
{
"url": "https://git.kernel.org/stable/c/5a016c053f426a73752c3b41b60b497b58694d48",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5a016c053f426a73752c3b41b60b497b58694d48"
},
{
"url": "https://git.kernel.org/stable/c/330d0e44fc5a47c27df958ecdd4693a3cb1d8b81",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/330d0e44fc5a47c27df958ecdd4693a3cb1d8b81"
},
{
"url": "https://git.kernel.org/stable/c/a0856764dc1276ad2dc7891288c2e9246bf11a37",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a0856764dc1276ad2dc7891288c2e9246bf11a37"
},
{
"url": "https://git.kernel.org/stable/c/343117559ef41e992e326f7a92da1a8f254dfa8c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/343117559ef41e992e326f7a92da1a8f254dfa8c"
},
{
"url": "https://git.kernel.org/stable/c/677c9d30e8487bee6c8e3b034070319d98f6e203",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/677c9d30e8487bee6c8e3b034070319d98f6e203"
},
{
"url": "https://git.kernel.org/stable/c/cc5095747edfb054ca2068d01af20be3fcc3634f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cc5095747edfb054ca2068d01af20be3fcc3634f"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

93
2022/49xxx/CVE-2022-49172.json
View File

@ -1,18 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49172",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Fix non-access data TLB cache flush faults\n\nWhen a page is not present, we get non-access data TLB faults from\nthe fdc and fic instructions in flush_user_dcache_range_asm and\nflush_user_icache_range_asm. When these occur, the cache line is\nnot invalidated and potentially we get memory corruption. The\nproblem was hidden by the nullification of the flush instructions.\n\nThese faults also affect performance. With pa8800/pa8900 processors,\nthere will be 32 faults per 4 KB page since the cache line is 128\nbytes. There will be more faults with earlier processors.\n\nThe problem is fixed by using flush_cache_pages(). It does the flush\nusing a tmp alias mapping.\n\nThe flush_cache_pages() call in flush_cache_range() flushed too\nlarge a range.\n\nV2: Remove unnecessary preempt_disable() and preempt_enable() calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "b3d6adb3a49d82e4e557c5fc16f50c9ff731da5d"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.16.19",
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.17.2",
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.18",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b3d6adb3a49d82e4e557c5fc16f50c9ff731da5d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b3d6adb3a49d82e4e557c5fc16f50c9ff731da5d"
},
{
"url": "https://git.kernel.org/stable/c/ddca4b82027e2a66333dd40fab21a4beff435c7e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ddca4b82027e2a66333dd40fab21a4beff435c7e"
},
{
"url": "https://git.kernel.org/stable/c/f839e5f1cef36ce268950c387129b1bfefdaebc9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f839e5f1cef36ce268950c387129b1bfefdaebc9"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

93
2022/49xxx/CVE-2022-49173.json
View File

@ -1,18 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49173",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fsi: Implement a timeout for polling status\n\nThe data transfer routines must poll the status register to\ndetermine when more data can be shifted in or out. If the hardware\ngets into a bad state, these polling loops may never exit. Prevent\nthis by returning an error if a timeout is exceeded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "d4982ceb137e6ecd2b466a6de639790a148cf19a"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.16.19",
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.17.2",
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.18",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d4982ceb137e6ecd2b466a6de639790a148cf19a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d4982ceb137e6ecd2b466a6de639790a148cf19a"
},
{
"url": "https://git.kernel.org/stable/c/dac1438f347d3b8cf892105c94e254f29c5764de",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dac1438f347d3b8cf892105c94e254f29c5764de"
},
{
"url": "https://git.kernel.org/stable/c/89b35e3f28514087d3f1e28e8f5634fbfd07c554",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/89b35e3f28514087d3f1e28e8f5634fbfd07c554"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}