admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-05-30 16:01:05 +00:00
parent ecc38cb5b4
commit 34da5aaf06
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
95 changed files with 3356 additions and 7179 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

147
2023/52xxx/CVE-2023-52882.json
View File

@ -1,18 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-52882",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change\n\nWhile PLL CPUX clock rate change when CPU is running from it works in\nvast majority of cases, now and then it causes instability. This leads\nto system crashes and other undefined behaviour. After a lot of testing\n(30+ hours) while also doing a lot of frequency switches, we can't\nobserve any instability issues anymore when doing reparenting to stable\nclock like 24 MHz oscillator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "524353ea480b",
"version_value": "fe11826ffa20"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.17",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.17",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.276",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/fe11826ffa200e1a7a826e745163cb2f47875f66",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fe11826ffa200e1a7a826e745163cb2f47875f66"
},
{
"url": "https://git.kernel.org/stable/c/bfc78b4628497eb6df09a6b5bba9dd31616ee175",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bfc78b4628497eb6df09a6b5bba9dd31616ee175"
},
{
"url": "https://git.kernel.org/stable/c/f1fa9a9816204ac4b118b2e613d3a7c981355019",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f1fa9a9816204ac4b118b2e613d3a7c981355019"
},
{
"url": "https://git.kernel.org/stable/c/70f64cb29014e4c4f1fabd3265feebd80590d069",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/70f64cb29014e4c4f1fabd3265feebd80590d069"
},
{
"url": "https://git.kernel.org/stable/c/0b82eb134d2942ecc669e2ab2be3f0a58d79428a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0b82eb134d2942ecc669e2ab2be3f0a58d79428a"
},
{
"url": "https://git.kernel.org/stable/c/9708e5081cfc4f085690294163389bcf82655f90",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9708e5081cfc4f085690294163389bcf82655f90"
},
{
"url": "https://git.kernel.org/stable/c/7e91ed763dc07437777bd012af7a2bd4493731ff",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7e91ed763dc07437777bd012af7a2bd4493731ff"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

56
2024/35xxx/CVE-2024-35345.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35345",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-35345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been discovered in the web application entitled Di\u00f1o Physics School Assistant version 2.3. The vulnerability impacts unidentified code within the file /classes/Users.php. Manipulating the argument id results in cross-site scripting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298533/vuln1-cross-site-scripting-xss",
"refsource": "MISC",
"name": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298533/vuln1-cross-site-scripting-xss"
}
]
}

56
2024/35xxx/CVE-2024-35358.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35358",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-35358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been discovered in the web application entitled Di\u00f1o Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=view_category. Manipulating the argument id can result in SQL injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298731/vuln14-blind-sql-injection-time-based",
"refsource": "MISC",
"name": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298731/vuln14-blind-sql-injection-time-based"
}
]
}

56
2024/35xxx/CVE-2024-35430.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35430",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-35430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In ZKTeco ZKBio CVSecurity v6.1.1 an authenticated user can bypass password checks while exporting data from the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35430.md",
"url": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35430.md"
}
]
}

56
2024/35xxx/CVE-2024-35504.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35504",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-35504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability in the login page of FineSoft v8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL:errorname parameter after a failed login attempt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/dabaizhizhu/123/issues/1",
"url": "https://github.com/dabaizhizhu/123/issues/1"
}
]
}

82
2024/36xxx/CVE-2024-36022.json
View File

@ -1,18 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36022",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Init zone device and drm client after mode-1 reset on reload\n\nIn passthrough environment, when amdgpu is reloaded after unload, mode-1\nis triggered after initializing the necessary IPs, That init does not\ninclude KFD, and KFD init waits until the reset is completed. KFD init\nis called in the reset handler, but in this case, the zone device and\ndrm client is not initialized, causing app to create kernel panic.\n\nv2: Removing the init KFD condition from amdgpu_amdkfd_drm_client_create.\nAs the previous version has the potential of creating DRM client twice.\n\nv3: v2 patch results in SDMA engine hung as DRM open causes VM clear to SDMA\nbefore SDMA init. Adding the condition to in drm client creation, on top of v1,\nto guard against drm client creation call multiple times."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "4f8154f77519"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8.6",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/4f8154f775197d0021b690c2945d6a4d8094c8f6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4f8154f775197d0021b690c2945d6a4d8094c8f6"
},
{
"url": "https://git.kernel.org/stable/c/f679fd6057fbf5ab34aaee28d58b7f81af0cbf48",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f679fd6057fbf5ab34aaee28d58b7f81af0cbf48"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

104
2024/36xxx/CVE-2024-36023.json
View File

@ -1,18 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36023",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nJulia Lawall reported this null pointer dereference, this should fix it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "2e2177f94c0e"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.86",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.27",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.6",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/2e2177f94c0e0bc41323d7b6975a5f4820ed347e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2e2177f94c0e0bc41323d7b6975a5f4820ed347e"
},
{
"url": "https://git.kernel.org/stable/c/214a6c4a28c11d67044e6cf3a0ab415050d9f03a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/214a6c4a28c11d67044e6cf3a0ab415050d9f03a"
},
{
"url": "https://git.kernel.org/stable/c/b972e8ac3f44f693127a2806031962d100dfc4d1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b972e8ac3f44f693127a2806031962d100dfc4d1"
},
{
"url": "https://git.kernel.org/stable/c/9bf93dcfc453fae192fe5d7874b89699e8f800ac",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9bf93dcfc453fae192fe5d7874b89699e8f800ac"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

82
2024/36xxx/CVE-2024-36024.json
View File

@ -1,18 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36024",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable idle reallow as part of command/gpint execution\n\n[Why]\nWorkaroud for a race condition where DMCUB is in the process of\ncommitting to IPS1 during the handshake causing us to miss the\ntransition into IPS2 and touch the INBOX1 RPTR causing a HW hang.\n\n[How]\nDisable the reallow to ensure that we have enough of a gap between entry\nand exit and we're not seeing back-to-back wake_and_executes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "2aac38744561"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8.6",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/2aac387445610d6dfd681f5214388e86f5677ef7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2aac387445610d6dfd681f5214388e86f5677ef7"
},
{
"url": "https://git.kernel.org/stable/c/6226a5aa77370329e01ee8abe50a95e60618ce97",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6226a5aa77370329e01ee8abe50a95e60618ce97"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

125
2024/36xxx/CVE-2024-36025.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36025",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix off by one in qla_edif_app_getstats()\n\nThe app_reply->elem[] array is allocated earlier in this function and it\nhas app_req.num_ports elements. Thus this > comparison needs to be >= to\nprevent memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7878f22a2e03",
"version_value": "8c820f7c8e9b"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.15",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.156",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.87",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.28",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.7",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/8c820f7c8e9b46238d277c575392fe9930207aab",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8c820f7c8e9b46238d277c575392fe9930207aab"
},
{
"url": "https://git.kernel.org/stable/c/9fc74e367be4247a5ac39bb8ec41eaa73fade510",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9fc74e367be4247a5ac39bb8ec41eaa73fade510"
},
{
"url": "https://git.kernel.org/stable/c/60b87b5ecbe07d70897d35947b0bb3e76ccd1b3a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/60b87b5ecbe07d70897d35947b0bb3e76ccd1b3a"
},
{
"url": "https://git.kernel.org/stable/c/ea8ac95c22c93acecb710209a7fd10b851afe817",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ea8ac95c22c93acecb710209a7fd10b851afe817"
},
{
"url": "https://git.kernel.org/stable/c/4406e4176f47177f5e51b4cc7e6a7a2ff3dbfbbd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4406e4176f47177f5e51b4cc7e6a7a2ff3dbfbbd"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

104
2024/36xxx/CVE-2024-36026.json
View File

@ -1,18 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36026",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11\n\nWhile doing multiple S4 stress tests, GC/RLC/PMFW get into\nan invalid state resulting into hard hangs.\n\nAdding a GFX reset as workaround just before sending the\nMP1_UNLOAD message avoids this failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "bd9b94055c3d"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.87",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.28",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.7",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/bd9b94055c3deb2398ee4490c1dfdf03f53efb8f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bd9b94055c3deb2398ee4490c1dfdf03f53efb8f"
},
{
"url": "https://git.kernel.org/stable/c/1e3b8874d55c0c28378beb9007494a7a9269a5f5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1e3b8874d55c0c28378beb9007494a7a9269a5f5"
},
{
"url": "https://git.kernel.org/stable/c/7521329e54931ede9e042bbf5f4f812b5bc4a01d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7521329e54931ede9e042bbf5f4f812b5bc4a01d"
},
{
"url": "https://git.kernel.org/stable/c/31729e8c21ecfd671458e02b6511eb68c2225113",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/31729e8c21ecfd671458e02b6511eb68c2225113"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

92
2024/36xxx/CVE-2024-36027.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36027",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer\n\nBtrfs clears the content of an extent buffer marked as\nEXTENT_BUFFER_ZONED_ZEROOUT before the bio submission. This mechanism is\nintroduced to prevent a write hole of an extent buffer, which is once\nallocated, marked dirty, but turns out unnecessary and cleaned up within\none transaction operation.\n\nCurrently, btrfs_clear_buffer_dirty() marks the extent buffer as\nEXTENT_BUFFER_ZONED_ZEROOUT, and skips the entry function. If this call\nhappens while the buffer is under IO (with the WRITEBACK flag set,\nwithout the DIRTY flag), we can add the ZEROOUT flag and clear the\nbuffer's content just before a bio submission. As a result:\n\n1) it can lead to adding faulty delayed reference item which leads to a\n FS corrupted (EUCLEAN) error, and\n\n2) it writes out cleared tree node on disk\n\nThe former issue is previously discussed in [1]. The corruption happens\nwhen it runs a delayed reference update. So, on-disk data is safe.\n\n[1] https://lore.kernel.org/linux-btrfs/3f4f2a0ff1a6c818050434288925bdcf3cd719e5.1709124777.git.naohiro.aota@wdc.com/\n\nThe latter one can reach on-disk data. But, as that node is already\nprocessed by btrfs_clear_buffer_dirty(), that will be invalidated in the\nnext transaction commit anyway. So, the chance of hitting the corruption\nis relatively small.\n\nAnyway, we should skip flagging ZEROOUT on a non-DIRTY extent buffer, to\nkeep the content under IO intact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "aa6313e6ff2b",
"version_value": "f4b994fccbb6"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.8",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.8",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f4b994fccbb6f294c4b31a6ca0114b09f7245043",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f4b994fccbb6f294c4b31a6ca0114b09f7245043"
},
{
"url": "https://git.kernel.org/stable/c/68879386180c0efd5a11e800b0525a01068c9457",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/68879386180c0efd5a11e800b0525a01068c9457"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

119
2024/36xxx/CVE-2024-36028.json
View File

@ -1,18 +1,129 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36028",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()\n\nWhen I did memory failure tests recently, below warning occurs:\n\nDEBUG_LOCKS_WARN_ON(1)\nWARNING: CPU: 8 PID: 1011 at kernel/locking/lockdep.c:232 __lock_acquire+0xccb/0x1ca0\nModules linked in: mce_inject hwpoison_inject\nCPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nRIP: 0010:__lock_acquire+0xccb/0x1ca0\nRSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082\nRAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0\nRBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb\nR10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10\nR13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004\nFS: 00007ff9f32aa740(0000) GS:ffffa1ce5fc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff9f3134ba0 CR3: 00000008484e4000 CR4: 00000000000006f0\nCall Trace:\n <TASK>\n lock_acquire+0xbe/0x2d0\n _raw_spin_lock_irqsave+0x3a/0x60\n hugepage_subpool_put_pages.part.0+0xe/0xc0\n free_huge_folio+0x253/0x3f0\n dissolve_free_huge_page+0x147/0x210\n __page_handle_poison+0x9/0x70\n memory_failure+0x4e6/0x8c0\n hard_offline_page_store+0x55/0xa0\n kernfs_fop_write_iter+0x12c/0x1d0\n vfs_write+0x380/0x540\n ksys_write+0x64/0xe0\n do_syscall_64+0xbc/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff9f3114887\nRSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887\nRDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001\nRBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c\nR13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00\n </TASK>\nKernel panic - not syncing: kernel: panic_on_warn set ...\nCPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nCall Trace:\n <TASK>\n panic+0x326/0x350\n check_panic_on_warn+0x4f/0x50\n __warn+0x98/0x190\n report_bug+0x18e/0x1a0\n handle_bug+0x3d/0x70\n exc_invalid_op+0x18/0x70\n asm_exc_invalid_op+0x1a/0x20\nRIP: 0010:__lock_acquire+0xccb/0x1ca0\nRSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082\nRAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0\nRBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb\nR10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10\nR13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004\n lock_acquire+0xbe/0x2d0\n _raw_spin_lock_irqsave+0x3a/0x60\n hugepage_subpool_put_pages.part.0+0xe/0xc0\n free_huge_folio+0x253/0x3f0\n dissolve_free_huge_page+0x147/0x210\n __page_handle_poison+0x9/0x70\n memory_failure+0x4e6/0x8c0\n hard_offline_page_store+0x55/0xa0\n kernfs_fop_write_iter+0x12c/0x1d0\n vfs_write+0x380/0x540\n ksys_write+0x64/0xe0\n do_syscall_64+0xbc/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff9f3114887\nRSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887\nRDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001\nRBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c\nR13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00\n </TASK>\n\nAfter git bisecting and digging into the code, I believe the root cause is\nthat _deferred_list field of folio is unioned with _hugetlb_subpool field.\nIn __update_and_free_hugetlb_folio(), folio->_deferred_\n---truncated---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1b4ce2952b4f",
"version_value": "2effe407f756"
},
{
"version_affected": "<",
"version_name": "32c877191e02",
"version_value": "7e0a32287741"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.5",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.5",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.9",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/2effe407f7563add41750fd7e03da4ea44b98099",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2effe407f7563add41750fd7e03da4ea44b98099"
},
{
"url": "https://git.kernel.org/stable/c/7e0a322877416e8c648819a8e441cf8c790b2cce",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7e0a322877416e8c648819a8e441cf8c790b2cce"
},
{
"url": "https://git.kernel.org/stable/c/9c9b32d46afab2d911897914181c488954012300",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9c9b32d46afab2d911897914181c488954012300"
},
{
"url": "https://git.kernel.org/stable/c/52ccdde16b6540abe43b6f8d8e1e1ec90b0983af",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/52ccdde16b6540abe43b6f8d8e1e1ec90b0983af"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

125
2024/36xxx/CVE-2024-36029.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36029",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: sdhci-msm: pervent access to suspended controller\n\nGeneric sdhci code registers LED device and uses host->runtime_suspended\nflag to protect access to it. The sdhci-msm driver doesn't set this flag,\nwhich causes a crash when LED is accessed while controller is runtime\nsuspended. Fix this by setting the flag correctly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "67e6db113c90",
"version_value": "1200481cd606"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.10",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.10",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.158",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.90",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.30",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.9",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/1200481cd6069d16ce20133bcd86f5825e26a045",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1200481cd6069d16ce20133bcd86f5825e26a045"
},
{
"url": "https://git.kernel.org/stable/c/a957ea5aa3d3518067a1ba32c6127322ad348d20",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a957ea5aa3d3518067a1ba32c6127322ad348d20"
},
{
"url": "https://git.kernel.org/stable/c/56b99a52229d7f8cd1f53d899f57aa7eb4b199af",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/56b99a52229d7f8cd1f53d899f57aa7eb4b199af"
},
{
"url": "https://git.kernel.org/stable/c/f653b04a818c490b045c97834d559911479aa1c5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f653b04a818c490b045c97834d559911479aa1c5"
},
{
"url": "https://git.kernel.org/stable/c/f8def10f73a516b771051a2f70f2f0446902cb4f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f8def10f73a516b771051a2f70f2f0446902cb4f"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

92
2024/36xxx/CVE-2024-36030.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36030",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: fix the double free in rvu_npc_freemem()\n\nClang static checker(scan-build) warning\uff1a\ndrivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c:line 2184, column 2\nAttempt to free released memory.\n\nnpc_mcam_rsrcs_deinit() has released 'mcam->counters.bmap'. Deleted this\nredundant kfree() to fix this double free problem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "dd7842878633",
"version_value": "f5aa87a2c0a7"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.8",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.9",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f5aa87a2c0a72132ffc793fb0a5375b2a65d520a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f5aa87a2c0a72132ffc793fb0a5375b2a65d520a"
},
{
"url": "https://git.kernel.org/stable/c/6e965eba43e9724f3e603d7b7cc83e53b23d155e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6e965eba43e9724f3e603d7b7cc83e53b23d155e"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

167
2024/36xxx/CVE-2024-36031.json
View File

@ -1,18 +1,177 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36031",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkeys: Fix overwrite of key expiration on instantiation\n\nThe expiry time of a key is unconditionally overwritten during\ninstantiation, defaulting to turn it permanent. This causes a problem\nfor DNS resolution as the expiration set by user-space is overwritten to\nTIME64_MAX, disabling further DNS updates. Fix this by restoring the\ncondition that key_set_expiry is only called when the pre-parser sets a\nspecific expiry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "97be1e865e70",
"version_value": "ad2011ea7879"
},
{
"version_affected": "<",
"version_name": "2552b32b0b34",
"version_value": "ed79b93f725c"
},
{
"version_affected": "<",
"version_name": "791d5409cdb9",
"version_value": "e4519a016650"
},
{
"version_affected": "<",
"version_name": "afc360e8a125",
"version_value": "25777f3f4e1f"
},
{
"version_affected": "<",
"version_name": "39299bdd2546",
"version_value": "939a08bcd433"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.7",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.1",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/ad2011ea787928b2accb5134f1e423b11fe80a8a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ad2011ea787928b2accb5134f1e423b11fe80a8a"
},
{
"url": "https://git.kernel.org/stable/c/ed79b93f725cd0da39a265dc23d77add1527b9be",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ed79b93f725cd0da39a265dc23d77add1527b9be"
},
{
"url": "https://git.kernel.org/stable/c/e4519a016650e952ad9eb27937f8c447d5a4e06d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e4519a016650e952ad9eb27937f8c447d5a4e06d"
},
{
"url": "https://git.kernel.org/stable/c/25777f3f4e1f371d16a594925f31e37ce07b6ec7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/25777f3f4e1f371d16a594925f31e37ce07b6ec7"
},
{
"url": "https://git.kernel.org/stable/c/939a08bcd4334bad4b201e60bd0ae1f278d71d41",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/939a08bcd4334bad4b201e60bd0ae1f278d71d41"
},
{
"url": "https://git.kernel.org/stable/c/cc219cb8afbc40ec100c0de941047bb29373126a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cc219cb8afbc40ec100c0de941047bb29373126a"
},
{
"url": "https://git.kernel.org/stable/c/9da27fb65a14c18efd4473e2e82b76b53ba60252",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9da27fb65a14c18efd4473e2e82b76b53ba60252"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

114
2024/36xxx/CVE-2024-36032.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36032",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: fix info leak when fetching fw build id\n\nAdd the missing sanity checks and move the 255-byte build-id buffer off\nthe stack to avoid leaking stack data through debugfs in case the\nbuild-info reply is malformed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "c0187b0bd3e9",
"version_value": "57062aa13e87"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.12",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/57062aa13e87b1a78a4a8f6cb5fab6ba24f5f488",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/57062aa13e87b1a78a4a8f6cb5fab6ba24f5f488"
},
{
"url": "https://git.kernel.org/stable/c/6b63e0ef4d3ce0080395e5091fba2023f246c45a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6b63e0ef4d3ce0080395e5091fba2023f246c45a"
},
{
"url": "https://git.kernel.org/stable/c/a571044cc0a0c944e7c12237b6768aeedd7480e1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a571044cc0a0c944e7c12237b6768aeedd7480e1"
},
{
"url": "https://git.kernel.org/stable/c/cda0d6a198e2a7ec6f176c36173a57bdd8af7af2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cda0d6a198e2a7ec6f176c36173a57bdd8af7af2"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

112
2024/36xxx/CVE-2024-36033.json
View File

@ -1,18 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36033",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: fix info leak when fetching board id\n\nAdd the missing sanity check when fetching the board id to avoid leaking\nslab data when later requesting the firmware."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ad643241d455",
"version_value": "bcccdc947d2c"
},
{
"version_affected": "<",
"version_name": "a381ee26d7c7",
"version_value": "ba307abed5e0"
},
{
"version_affected": "<",
"version_name": "a7f8dedb4be2",
"version_value": "f30c37cb4549"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.7",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/bcccdc947d2ca5972b1e92d0dea10803ddc08ceb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bcccdc947d2ca5972b1e92d0dea10803ddc08ceb"
},
{
"url": "https://git.kernel.org/stable/c/ba307abed5e09759845c735ba036f8c12f55b209",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ba307abed5e09759845c735ba036f8c12f55b209"
},
{
"url": "https://git.kernel.org/stable/c/f30c37cb4549baf8377434892d520fe7769bdba7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f30c37cb4549baf8377434892d520fe7769bdba7"
},
{
"url": "https://git.kernel.org/stable/c/0adcf6be1445ed50bfd4a451a7a782568f270197",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0adcf6be1445ed50bfd4a451a7a782568f270197"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

135
2024/36xxx/CVE-2024-36880.json Normal file
View File

@ -0,0 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-36880",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: add missing firmware sanity checks\n\nAdd the missing sanity checks when parsing the firmware files before\ndownloading them to avoid accessing and corrupting memory beyond the\nvmalloced buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "83e81961ff7e",
"version_value": "ed53949cc92e"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.3",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.3",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/ed53949cc92e28aaa3463d246942bda1fbb7f307",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ed53949cc92e28aaa3463d246942bda1fbb7f307"
},
{
"url": "https://git.kernel.org/stable/c/1caceadfb50432dbf6d808796cb6c34ebb6d662c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1caceadfb50432dbf6d808796cb6c34ebb6d662c"
},
{
"url": "https://git.kernel.org/stable/c/427281f9498ed614f9aabc80e46ec077c487da6d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/427281f9498ed614f9aabc80e46ec077c487da6d"
},
{
"url": "https://git.kernel.org/stable/c/02f05ed44b71152d5e11d29be28aed91c0489b4e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/02f05ed44b71152d5e11d29be28aed91c0489b4e"
},
{
"url": "https://git.kernel.org/stable/c/2e4edfa1e2bd821a317e7d006517dcf2f3fac68d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2e4edfa1e2bd821a317e7d006517dcf2f3fac68d"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

113
2024/36xxx/CVE-2024-36881.json Normal file
View File

@ -0,0 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-36881",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/userfaultfd: reset ptes when close() for wr-protected ones\n\nUserfaultfd unregister includes a step to remove wr-protect bits from all\nthe relevant pgtable entries, but that only covered an explicit\nUFFDIO_UNREGISTER ioctl, not a close() on the userfaultfd itself. Cover\nthat too. This fixes a WARN trace.\n\nThe only user visible side effect is the user can observe leftover\nwr-protect bits even if the user close()ed on an userfaultfd when\nreleasing the last reference of it. However hopefully that should be\nharmless, and nothing bad should happen even if so.\n\nThis change is now more important after the recent page-table-check\npatch we merged in mm-unstable (446dd9ad37d0 (\"mm/page_table_check:\nsupport userfault wr-protect entries\")), as we'll do sanity check on\nuffd-wp bits without vma context. So it's better if we can 100%\nguarantee no uffd-wp bit leftovers, to make sure each report will be\nvalid."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "f369b07c8614",
"version_value": "377f3a9a3d03"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.0",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.0",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/377f3a9a3d032a52325a5b110379a25dd1ab1931",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/377f3a9a3d032a52325a5b110379a25dd1ab1931"
},
{
"url": "https://git.kernel.org/stable/c/8d8b68a5b0c9fb23d37df06bb273ead38fd5a29d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8d8b68a5b0c9fb23d37df06bb273ead38fd5a29d"
},
{
"url": "https://git.kernel.org/stable/c/c88033efe9a391e72ba6b5df4b01d6e628f4e734",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c88033efe9a391e72ba6b5df4b01d6e628f4e734"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

124
2024/36xxx/CVE-2024-36882.json Normal file
View File

@ -0,0 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-36882",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: use memalloc_nofs_save() in page_cache_ra_order()\n\nSee commit f2c817bed58d (\"mm: use memalloc_nofs_save in readahead path\"),\nensure that page_cache_ra_order() do not attempt to reclaim file-backed\npages too, or it leads to a deadlock, found issue when test ext4 large\nfolio.\n\n INFO: task DataXceiver for:7494 blocked for more than 120 seconds.\n \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:DataXceiver for state:D stack:0 pid:7494 ppid:1 flags:0x00000200\n Call trace:\n __switch_to+0x14c/0x240\n __schedule+0x82c/0xdd0\n schedule+0x58/0xf0\n io_schedule+0x24/0xa0\n __folio_lock+0x130/0x300\n migrate_pages_batch+0x378/0x918\n migrate_pages+0x350/0x700\n compact_zone+0x63c/0xb38\n compact_zone_order+0xc0/0x118\n try_to_compact_pages+0xb0/0x280\n __alloc_pages_direct_compact+0x98/0x248\n __alloc_pages+0x510/0x1110\n alloc_pages+0x9c/0x130\n folio_alloc+0x20/0x78\n filemap_alloc_folio+0x8c/0x1b0\n page_cache_ra_order+0x174/0x308\n ondemand_readahead+0x1c8/0x2b8\n page_cache_async_ra+0x68/0xb8\n filemap_readahead.isra.0+0x64/0xa8\n filemap_get_pages+0x3fc/0x5b0\n filemap_splice_read+0xf4/0x280\n ext4_file_splice_read+0x2c/0x48 [ext4]\n vfs_splice_read.part.0+0xa8/0x118\n splice_direct_to_actor+0xbc/0x288\n do_splice_direct+0x9c/0x108\n do_sendfile+0x328/0x468\n __arm64_sys_sendfile64+0x8c/0x148\n invoke_syscall+0x4c/0x118\n el0_svc_common.constprop.0+0xc8/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x4c/0x1f8\n el0t_64_sync_handler+0xc0/0xc8\n el0t_64_sync+0x188/0x190"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "793917d997df",
"version_value": "7629ef6dda15"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.18",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.18",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/7629ef6dda1564098aadeef38e5fbd11ee8627c4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7629ef6dda1564098aadeef38e5fbd11ee8627c4"
},
{
"url": "https://git.kernel.org/stable/c/468971c3f4b8187f25334503b68050a0e1370147",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/468971c3f4b8187f25334503b68050a0e1370147"
},
{
"url": "https://git.kernel.org/stable/c/cf6a1d16c6df3c30b03f0c6a92a2ba7f86dffb45",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cf6a1d16c6df3c30b03f0c6a92a2ba7f86dffb45"
},
{
"url": "https://git.kernel.org/stable/c/30153e4466647a17eebfced13eede5cbe4290e69",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/30153e4466647a17eebfced13eede5cbe4290e69"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

168
2024/36xxx/CVE-2024-36883.json Normal file
View File

@ -0,0 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-36883",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix out-of-bounds access in ops_init\n\nnet_alloc_generic is called by net_alloc, which is called without any\nlocking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It\nis read twice, first to allocate an array, then to set s.len, which is\nlater used to limit the bounds of the array access.\n\nIt is possible that the array is allocated and another thread is\nregistering a new pernet ops, increments max_gen_ptrs, which is then used\nto set s.len with a larger than allocated length for the variable array.\n\nFix it by reading max_gen_ptrs only once in net_alloc_generic. If\nmax_gen_ptrs is later incremented, it will be caught in net_assign_generic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "073862ba5d24",
"version_value": "3cdc34d76c4f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.3",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.3",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.314",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.276",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/3cdc34d76c4f777579e28ad373979d36c030cfd3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3cdc34d76c4f777579e28ad373979d36c030cfd3"
},
{
"url": "https://git.kernel.org/stable/c/7b0e64583eab8c1d896b47e5dd0bf2e7d86ec41f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7b0e64583eab8c1d896b47e5dd0bf2e7d86ec41f"
},
{
"url": "https://git.kernel.org/stable/c/0c3248bc708a7797be573214065cf908ff1f54c7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0c3248bc708a7797be573214065cf908ff1f54c7"
},
{
"url": "https://git.kernel.org/stable/c/9518b79bfd2fbf99fa9b7e8e36bcb1825e7ba030",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9518b79bfd2fbf99fa9b7e8e36bcb1825e7ba030"
},
{
"url": "https://git.kernel.org/stable/c/2d60ff5874aefd006717ca5e22ac1e25eac29c42",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2d60ff5874aefd006717ca5e22ac1e25eac29c42"
},
{
"url": "https://git.kernel.org/stable/c/b6dbfd5bcc267a95a0bf1bf96af46243f96ec6cd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b6dbfd5bcc267a95a0bf1bf96af46243f96ec6cd"
},
{
"url": "https://git.kernel.org/stable/c/f4f94587e1bf87cb40ec33955a9d90148dd026ab",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f4f94587e1bf87cb40ec33955a9d90148dd026ab"
},
{
"url": "https://git.kernel.org/stable/c/a26ff37e624d12e28077e5b24d2b264f62764ad6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a26ff37e624d12e28077e5b24d2b264f62764ad6"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

102
2024/36xxx/CVE-2024-36884.json Normal file
View File

@ -0,0 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-36884",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault()\n\nThis was missed because of the function pointer indirection.\n\nnvidia_smmu_context_fault() is also installed as a irq function, and the\n'void *' was changed to a struct arm_smmu_domain. Since the iommu_domain\nis embedded at a non-zero offset this causes nvidia_smmu_context_fault()\nto miscompute the offset. Fixup the types.\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000120\n Mem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n user pgtable: 4k pages, 48-bit VAs, pgdp=0000000107c9f000\n [0000000000000120] pgd=0000000000000000, p4d=0000000000000000\n Internal error: Oops: 0000000096000004 [#1] SMP\n Modules linked in:\n CPU: 1 PID: 47 Comm: kworker/u25:0 Not tainted 6.9.0-0.rc7.58.eln136.aarch64 #1\n Hardware name: Unknown NVIDIA Jetson Orin NX/NVIDIA Jetson Orin NX, BIOS 3.1-32827747 03/19/2023\n Workqueue: events_unbound deferred_probe_work_func\n pstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : nvidia_smmu_context_fault+0x1c/0x158\n lr : __free_irq+0x1d4/0x2e8\n sp : ffff80008044b6f0\n x29: ffff80008044b6f0 x28: ffff000080a60b18 x27: ffffd32b5172e970\n x26: 0000000000000000 x25: ffff0000802f5aac x24: ffff0000802f5a30\n x23: ffff0000802f5b60 x22: 0000000000000057 x21: 0000000000000000\n x20: ffff0000802f5a00 x19: ffff000087d4cd80 x18: ffffffffffffffff\n x17: 6234362066666666 x16: 6630303078302d30 x15: ffff00008156d888\n x14: 0000000000000000 x13: ffff0000801db910 x12: ffff00008156d6d0\n x11: 0000000000000003 x10: ffff0000801db918 x9 : ffffd32b50f94d9c\n x8 : 1fffe0001032fda1 x7 : ffff00008197ed00 x6 : 000000000000000f\n x5 : 000000000000010e x4 : 000000000000010e x3 : 0000000000000000\n x2 : ffffd32b51720cd8 x1 : ffff000087e6f700 x0 : 0000000000000057\n Call trace:\n nvidia_smmu_context_fault+0x1c/0x158\n __free_irq+0x1d4/0x2e8\n free_irq+0x3c/0x80\n devm_free_irq+0x64/0xa8\n arm_smmu_domain_free+0xc4/0x158\n iommu_domain_free+0x44/0xa0\n iommu_deinit_device+0xd0/0xf8\n __iommu_group_remove_device+0xcc/0xe0\n iommu_bus_notifier+0x64/0xa8\n notifier_call_chain+0x78/0x148\n blocking_notifier_call_chain+0x4c/0x90\n bus_notify+0x44/0x70\n device_del+0x264/0x3e8\n pci_remove_bus_device+0x84/0x120\n pci_remove_root_bus+0x5c/0xc0\n dw_pcie_host_deinit+0x38/0xe0\n tegra_pcie_config_rp+0xc0/0x1f0\n tegra_pcie_dw_probe+0x34c/0x700\n platform_probe+0x70/0xe8\n really_probe+0xc8/0x3a0\n __driver_probe_device+0x84/0x160\n driver_probe_device+0x44/0x130\n __device_attach_driver+0xc4/0x170\n bus_for_each_drv+0x90/0x100\n __device_attach+0xa8/0x1c8\n device_initial_probe+0x1c/0x30\n bus_probe_device+0xb0/0xc0\n deferred_probe_work_func+0xbc/0x120\n process_one_work+0x194/0x490\n worker_thread+0x284/0x3b0\n kthread+0xf4/0x108\n ret_from_fork+0x10/0x20\n Code: a9b97bfd 910003fd a9025bf5 f85a0035 (b94122a1)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "e0976331ad11",
"version_value": "e83de8f05b99"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.8",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e83de8f05b998e227b48cdeea54cba4c9d66d3aa",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e83de8f05b998e227b48cdeea54cba4c9d66d3aa"
},
{
"url": "https://git.kernel.org/stable/c/65ade5653f5ab5a21635e51d0c65e95f490f5b6f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/65ade5653f5ab5a21635e51d0c65e95f490f5b6f"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

18
2024/36xxx/CVE-2024-36885.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36885",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

158
2024/36xxx/CVE-2024-36886.json
View File

@ -1,168 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36886",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix UAF in error path\n\nSam Page (sam4k) working with Trend Micro Zero Day Initiative reported\na UAF in the tipc_buf_append() error path:\n\nBUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0\nlinux/net/core/skbuff.c:1183\nRead of size 8 at addr ffff88804d2a7c80 by task poc/8034\n\nCPU: 1 PID: 8034 Comm: poc Not tainted 6.8.2 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.0-debian-1.16.0-5 04/01/2014\nCall Trace:\n <IRQ>\n __dump_stack linux/lib/dump_stack.c:88\n dump_stack_lvl+0xd9/0x1b0 linux/lib/dump_stack.c:106\n print_address_description linux/mm/kasan/report.c:377\n print_report+0xc4/0x620 linux/mm/kasan/report.c:488\n kasan_report+0xda/0x110 linux/mm/kasan/report.c:601\n kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skbuff.c:1183\n skb_release_data+0x5af/0x880 linux/net/core/skbuff.c:1026\n skb_release_all linux/net/core/skbuff.c:1094\n __kfree_skb linux/net/core/skbuff.c:1108\n kfree_skb_reason+0x12d/0x210 linux/net/core/skbuff.c:1144\n kfree_skb linux/./include/linux/skbuff.h:1244\n tipc_buf_append+0x425/0xb50 linux/net/tipc/msg.c:186\n tipc_link_input+0x224/0x7c0 linux/net/tipc/link.c:1324\n tipc_link_rcv+0x76e/0x2d70 linux/net/tipc/link.c:1824\n tipc_rcv+0x45f/0x10f0 linux/net/tipc/node.c:2159\n tipc_udp_recv+0x73b/0x8f0 linux/net/tipc/udp_media.c:390\n udp_queue_rcv_one_skb+0xad2/0x1850 linux/net/ipv4/udp.c:2108\n udp_queue_rcv_skb+0x131/0xb00 linux/net/ipv4/udp.c:2186\n udp_unicast_rcv_skb+0x165/0x3b0 linux/net/ipv4/udp.c:2346\n __udp4_lib_rcv+0x2594/0x3400 linux/net/ipv4/udp.c:2422\n ip_protocol_deliver_rcu+0x30c/0x4e0 linux/net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x2e4/0x520 linux/net/ipv4/ip_input.c:233\n NF_HOOK linux/./include/linux/netfilter.h:314\n NF_HOOK linux/./include/linux/netfilter.h:308\n ip_local_deliver+0x18e/0x1f0 linux/net/ipv4/ip_input.c:254\n dst_input linux/./include/net/dst.h:461\n ip_rcv_finish linux/net/ipv4/ip_input.c:449\n NF_HOOK linux/./include/linux/netfilter.h:314\n NF_HOOK linux/./include/linux/netfilter.h:308\n ip_rcv+0x2c5/0x5d0 linux/net/ipv4/ip_input.c:569\n __netif_receive_skb_one_core+0x199/0x1e0 linux/net/core/dev.c:5534\n __netif_receive_skb+0x1f/0x1c0 linux/net/core/dev.c:5648\n process_backlog+0x101/0x6b0 linux/net/core/dev.c:5976\n __napi_poll.constprop.0+0xba/0x550 linux/net/core/dev.c:6576\n napi_poll linux/net/core/dev.c:6645\n net_rx_action+0x95a/0xe90 linux/net/core/dev.c:6781\n __do_softirq+0x21f/0x8e7 linux/kernel/softirq.c:553\n do_softirq linux/kernel/softirq.c:454\n do_softirq+0xb2/0xf0 linux/kernel/softirq.c:441\n </IRQ>\n <TASK>\n __local_bh_enable_ip+0x100/0x120 linux/kernel/softirq.c:381\n local_bh_enable linux/./include/linux/bottom_half.h:33\n rcu_read_unlock_bh linux/./include/linux/rcupdate.h:851\n __dev_queue_xmit+0x871/0x3ee0 linux/net/core/dev.c:4378\n dev_queue_xmit linux/./include/linux/netdevice.h:3169\n neigh_hh_output linux/./include/net/neighbour.h:526\n neigh_output linux/./include/net/neighbour.h:540\n ip_finish_output2+0x169f/0x2550 linux/net/ipv4/ip_output.c:235\n __ip_finish_output linux/net/ipv4/ip_output.c:313\n __ip_finish_output+0x49e/0x950 linux/net/ipv4/ip_output.c:295\n ip_finish_output+0x31/0x310 linux/net/ipv4/ip_output.c:323\n NF_HOOK_COND linux/./include/linux/netfilter.h:303\n ip_output+0x13b/0x2a0 linux/net/ipv4/ip_output.c:433\n dst_output linux/./include/net/dst.h:451\n ip_local_out linux/net/ipv4/ip_output.c:129\n ip_send_skb+0x3e5/0x560 linux/net/ipv4/ip_output.c:1492\n udp_send_skb+0x73f/0x1530 linux/net/ipv4/udp.c:963\n udp_sendmsg+0x1a36/0x2b40 linux/net/ipv4/udp.c:1250\n inet_sendmsg+0x105/0x140 linux/net/ipv4/af_inet.c:850\n sock_sendmsg_nosec linux/net/socket.c:730\n __sock_sendmsg linux/net/socket.c:745\n __sys_sendto+0x42c/0x4e0 linux/net/socket.c:2191\n __do_sys_sendto linux/net/socket.c:2203\n __se_sys_sendto linux/net/socket.c:2199\n __x64_sys_sendto+0xe0/0x1c0 linux/net/socket.c:2199\n do_syscall_x64 linux/arch/x86/entry/common.c:52\n do_syscall_\n---truncated---"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1149557d64c9",
"version_value": "e19ec8ab0e25"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.1",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.314",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.276",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e19ec8ab0e25bc4803d7cc91c84e84532e2781bd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e19ec8ab0e25bc4803d7cc91c84e84532e2781bd"
},
{
"url": "https://git.kernel.org/stable/c/93bc2d6d16f2c3178736ba6b845b30475856dc40",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/93bc2d6d16f2c3178736ba6b845b30475856dc40"
},
{
"url": "https://git.kernel.org/stable/c/367766ff9e407f8a68409b7ce4dc4d5a72afeab1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/367766ff9e407f8a68409b7ce4dc4d5a72afeab1"
},
{
"url": "https://git.kernel.org/stable/c/66116556076f0b96bc1aa9844008c743c8c67684",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/66116556076f0b96bc1aa9844008c743c8c67684"
},
{
"url": "https://git.kernel.org/stable/c/21ea04aad8a0839b4ec27ef1691ca480620e8e14",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/21ea04aad8a0839b4ec27ef1691ca480620e8e14"
},
{
"url": "https://git.kernel.org/stable/c/ffd4917c1edb3c3ff334fce3704fbe9c39f35682",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ffd4917c1edb3c3ff334fce3704fbe9c39f35682"
},
{
"url": "https://git.kernel.org/stable/c/a0fbb26f8247e326a320e2cb4395bfb234332c90",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a0fbb26f8247e326a320e2cb4395bfb234332c90"
},
{
"url": "https://git.kernel.org/stable/c/080cbb890286cd794f1ee788bbc5463e2deb7c2b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/080cbb890286cd794f1ee788bbc5463e2deb7c2b"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

87
2024/36xxx/CVE-2024-36887.json
View File

@ -1,97 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36887",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ne1000e: change usleep_range to udelay in PHY mdic access\n\nThis is a partial revert of commit 6dbdd4de0362 (\"e1000e: Workaround\nfor sporadic MDI error on Meteor Lake systems\"). The referenced commit\nused usleep_range inside the PHY access routines, which are sometimes\ncalled from an atomic context. This can lead to a kernel panic in some\nscenarios, such as cable disconnection and reconnection on vPro systems.\n\nSolve this by changing the usleep_range calls back to udelay."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1d16cd91cd31",
"version_value": "f8a139656c95"
},
{
"version_affected": "<",
"version_name": "0a4e3c2d976a",
"version_value": "950d5226cd6b"
},
{
"version_affected": "<",
"version_name": "6dbdd4de0362",
"version_value": "387f295cb215"
},
{
"version_affected": "<",
"version_name": "6.6.26",
"version_value": "6.6.31"
},
{
"version_affected": "<",
"version_name": "6.8.5",
"version_value": "6.8.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f8a139656c95db893a543159873c57a470d7376d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f8a139656c95db893a543159873c57a470d7376d"
},
{
"url": "https://git.kernel.org/stable/c/950d5226cd6bb83ba720961a8d4d5cf79e6afd57",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/950d5226cd6bb83ba720961a8d4d5cf79e6afd57"
},
{
"url": "https://git.kernel.org/stable/c/387f295cb2150ed164905b648d76dfcbd3621778",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/387f295cb2150ed164905b648d76dfcbd3621778"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

103
2024/36xxx/CVE-2024-36888.json
View File

@ -1,113 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36888",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nworkqueue: Fix selection of wake_cpu in kick_pool()\n\nWith cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following\nkernel oops was observed:\n\nsmp: Bringing up secondary CPUs ...\nsmp: Brought up 1 node, 8 CPUs\nUnable to handle kernel pointer dereference in virtual kernel address space\nFailing address: 0000000000000000 TEID: 0000000000000803\n[..]\n Call Trace:\narch_vcpu_is_preempted+0x12/0x80\nselect_idle_sibling+0x42/0x560\nselect_task_rq_fair+0x29a/0x3b0\ntry_to_wake_up+0x38e/0x6e0\nkick_pool+0xa4/0x198\n__queue_work.part.0+0x2bc/0x3a8\ncall_timer_fn+0x36/0x160\n__run_timers+0x1e2/0x328\n__run_timer_base+0x5a/0x88\nrun_timer_softirq+0x40/0x78\n__do_softirq+0x118/0x388\nirq_exit_rcu+0xc0/0xd8\ndo_ext_irq+0xae/0x168\next_int_handler+0xbe/0xf0\npsw_idle_exit+0x0/0xc\ndefault_idle_call+0x3c/0x110\ndo_idle+0xd4/0x158\ncpu_startup_entry+0x40/0x48\nrest_init+0xc6/0xc8\nstart_kernel+0x3c4/0x5e0\nstartup_continue+0x3c/0x50\n\nThe crash is caused by calling arch_vcpu_is_preempted() for an offline\nCPU. To avoid this, select the cpu with cpumask_any_and_distribute()\nto mask __pod_cpumask with cpu_online_mask. In case no cpu is left in\nthe pool, skip the assignment.\n\ntj: This doesn't fully fix the bug as CPUs can still go down between picking\nthe target CPU and the wake call. Fixing that likely requires adding\ncpu_online() test to either the sched or s390 arch code. However, regardless\nof how that is fixed, workqueue shouldn't be picking a CPU which isn't\nonline as that would result in unpredictable and worse behavior."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8639ecebc9b1",
"version_value": "c57824d4fe07"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.6",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/c57824d4fe07c2131f8c48687cbd5ee2be60c767",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c57824d4fe07c2131f8c48687cbd5ee2be60c767"
},
{
"url": "https://git.kernel.org/stable/c/6d559e70b3eb6623935cbe7f94c1912c1099777b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6d559e70b3eb6623935cbe7f94c1912c1099777b"
},
{
"url": "https://git.kernel.org/stable/c/57a01eafdcf78f6da34fad9ff075ed5dfdd9f420",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/57a01eafdcf78f6da34fad9ff075ed5dfdd9f420"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

136
2024/36xxx/CVE-2024-36889.json
View File

@ -1,146 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36889",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: ensure snd_nxt is properly initialized on connect\n\nChristoph reported a splat hinting at a corrupted snd_una:\n\n WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 __mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005\n Modules linked in:\n CPU: 1 PID: 38 Comm: kworker/1:1 Not tainted 6.9.0-rc1-gbbeac67456c9 #59\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014\n Workqueue: events mptcp_worker\n RIP: 0010:__mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005\n Code: be 06 01 00 00 bf 06 01 00 00 e8 a8 12 e7 fe e9 00 fe ff ff e8\n \t8e 1a e7 fe 0f b7 ab 3e 02 00 00 e9 d3 fd ff ff e8 7d 1a e7 fe\n \t<0f> 0b 4c 8b bb e0 05 00 00 e9 74 fc ff ff e8 6a 1a e7 fe 0f 0b e9\n RSP: 0018:ffffc9000013fd48 EFLAGS: 00010293\n RAX: 0000000000000000 RBX: ffff8881029bd280 RCX: ffffffff82382fe4\n RDX: ffff8881003cbd00 RSI: ffffffff823833c3 RDI: 0000000000000001\n RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888138ba8000\n R13: 0000000000000106 R14: ffff8881029bd908 R15: ffff888126560000\n FS: 0000000000000000(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f604a5dae38 CR3: 0000000101dac002 CR4: 0000000000170ef0\n Call Trace:\n <TASK>\n __mptcp_clean_una_wakeup net/mptcp/protocol.c:1055 [inline]\n mptcp_clean_una_wakeup net/mptcp/protocol.c:1062 [inline]\n __mptcp_retrans+0x7f/0x7e0 net/mptcp/protocol.c:2615\n mptcp_worker+0x434/0x740 net/mptcp/protocol.c:2767\n process_one_work+0x1e0/0x560 kernel/workqueue.c:3254\n process_scheduled_works kernel/workqueue.c:3335 [inline]\n worker_thread+0x3c7/0x640 kernel/workqueue.c:3416\n kthread+0x121/0x170 kernel/kthread.c:388\n ret_from_fork+0x44/0x50 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243\n </TASK>\n\nWhen fallback to TCP happens early on a client socket, snd_nxt\nis not yet initialized and any incoming ack will copy such value\ninto snd_una. If the mptcp worker (dumbly) tries mptcp-level\nre-injection after such ack, that would unconditionally trigger a send\nbuffer cleanup using 'bad' snd_una values.\n\nWe could easily disable re-injection for fallback sockets, but such\ndumb behavior already helped catching a few subtle issues and a very\nlow to zero impact in practice.\n\nInstead address the issue always initializing snd_nxt (and write_seq,\nfor consistency) at connect time."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8fd738049ac3",
"version_value": "99951b62bf20"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.9",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.9",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.218",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/99951b62bf20cec9247f633a3bea898338b9e5b4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/99951b62bf20cec9247f633a3bea898338b9e5b4"
},
{
"url": "https://git.kernel.org/stable/c/dc941fec0719d0471a5902424d6b2a17df233193",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dc941fec0719d0471a5902424d6b2a17df233193"
},
{
"url": "https://git.kernel.org/stable/c/39ca83ed73db9edcc6d70c0dc7a73085a4725012",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/39ca83ed73db9edcc6d70c0dc7a73085a4725012"
},
{
"url": "https://git.kernel.org/stable/c/aa0c07c1f20e05b30019bff083ec43665536f06f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/aa0c07c1f20e05b30019bff083ec43665536f06f"
},
{
"url": "https://git.kernel.org/stable/c/592f69b41766d366dbb8ff4ef5a67c4396527bbe",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/592f69b41766d366dbb8ff4ef5a67c4396527bbe"
},
{
"url": "https://git.kernel.org/stable/c/fb7a0d334894206ae35f023a82cad5a290fd7386",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fb7a0d334894206ae35f023a82cad5a290fd7386"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

119
2024/36xxx/CVE-2024-36890.json
View File

@ -1,129 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36890",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slab: make __free(kfree) accept error pointers\n\nCurrently, if an automatically freed allocation is an error pointer that\nwill lead to a crash. An example of this is in wm831x_gpio_dbg_show().\n\n 171\tchar *label __free(kfree) = gpiochip_dup_line_label(chip, i);\n 172\tif (IS_ERR(label)) {\n 173\t\tdev_err(wm831x->dev, \"Failed to duplicate label\\n\");\n 174\t\tcontinue;\n 175 }\n\nThe auto clean up function should check for error pointers as well,\notherwise we're going to keep hitting issues like this."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3c6cc62ce126",
"version_value": "9f6eb0ab4f95"
},
{
"version_affected": "<",
"version_name": "54da6a092431",
"version_value": "ac6cf3ce9b7d"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.5",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.5",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/9f6eb0ab4f95240589ee85fd9886a944cd3645b2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9f6eb0ab4f95240589ee85fd9886a944cd3645b2"
},
{
"url": "https://git.kernel.org/stable/c/ac6cf3ce9b7d12acb7b528248df5f87caa25fcdc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ac6cf3ce9b7d12acb7b528248df5f87caa25fcdc"
},
{
"url": "https://git.kernel.org/stable/c/79cbe0be6c0317b215ddd8bd3e32f0afdac48543",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/79cbe0be6c0317b215ddd8bd3e32f0afdac48543"
},
{
"url": "https://git.kernel.org/stable/c/cd7eb8f83fcf258f71e293f7fc52a70be8ed0128",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cd7eb8f83fcf258f71e293f7fc52a70be8ed0128"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

103
2024/36xxx/CVE-2024-36891.json
View File

@ -1,113 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36891",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmaple_tree: fix mas_empty_area_rev() null pointer dereference\n\nCurrently the code calls mas_start() followed by mas_data_end() if the\nmaple state is MA_START, but mas_start() may return with the maple state\nnode == NULL. This will lead to a null pointer dereference when checking\ninformation in the NULL node, which is done in mas_data_end().\n\nAvoid setting the offset if there is no node by waiting until after the\nmaple state is checked for an empty or single entry state.\n\nA user could trigger the events to cause a kernel oops by unmapping all\nvmas to produce an empty maple tree, then mapping a vma that would cause\nthe scenario described above."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "54a611b60590",
"version_value": "6c9c7c1e63b1"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.1",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/6c9c7c1e63b198a8b979ad963eb21410f10ccb00",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6c9c7c1e63b198a8b979ad963eb21410f10ccb00"
},
{
"url": "https://git.kernel.org/stable/c/f3956791cf526540addd3295e4c1e0f0442486cc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f3956791cf526540addd3295e4c1e0f0442486cc"
},
{
"url": "https://git.kernel.org/stable/c/955a923d2809803980ff574270f81510112be9cf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/955a923d2809803980ff574270f81510112be9cf"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

92
2024/36xxx/CVE-2024-36892.json
View File

@ -1,102 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36892",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: avoid zeroing outside-object freepointer for single free\n\nCommit 284f17ac13fe (\"mm/slub: handle bulk and single object freeing\nseparately\") splits single and bulk object freeing in two functions\nslab_free() and slab_free_bulk() which leads slab_free() to call\nslab_free_hook() directly instead of slab_free_freelist_hook().\n\nIf `init_on_free` is set, slab_free_hook() zeroes the object.\nAfterward, if `slub_debug=F` and `CONFIG_SLAB_FREELIST_HARDENED` are\nset, the do_slab_free() slowpath executes freelist consistency\nchecks and try to decode a zeroed freepointer which leads to a\n\"Freepointer corrupt\" detection in check_object().\n\nDuring bulk free, slab_free_freelist_hook() isn't affected as it always\nsets it objects freepointer using set_freepointer() to maintain its\nreconstructed freelist after `init_on_free`.\n\nFor single free, object's freepointer thus needs to be avoided when\nstored outside the object if `init_on_free` is set. The freepointer left\nas is, check_object() may later detect an invalid pointer value due to\nobjects overflow.\n\nTo reproduce, set `slub_debug=FU init_on_free=1 log_level=7` on the\ncommand line of a kernel build with `CONFIG_SLAB_FREELIST_HARDENED=y`.\n\ndmesg sample log:\n[ 10.708715] =============================================================================\n[ 10.710323] BUG kmalloc-rnd-05-32 (Tainted: G B T ): Freepointer corrupt\n[ 10.712695] -----------------------------------------------------------------------------\n[ 10.712695]\n[ 10.712695] Slab 0xffffd8bdc400d580 objects=32 used=4 fp=0xffff9d9a80356f80 flags=0x200000000000a00(workingset|slab|node=0|zone=2)\n[ 10.716698] Object 0xffff9d9a80356600 @offset=1536 fp=0x7ee4f480ce0ecd7c\n[ 10.716698]\n[ 10.716698] Bytes b4 ffff9d9a803565f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n[ 10.720703] Object ffff9d9a80356600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n[ 10.720703] Object ffff9d9a80356610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n[ 10.724696] Padding ffff9d9a8035666c: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n[ 10.724696] Padding ffff9d9a8035667c: 00 00 00 00 ....\n[ 10.724696] FIX kmalloc-rnd-05-32: Object at 0xffff9d9a80356600 not freed"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "284f17ac13fe",
"version_value": "56900355485f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.8",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/56900355485f6e82114b18c812edd57fd7970dcb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/56900355485f6e82114b18c812edd57fd7970dcb"
},
{
"url": "https://git.kernel.org/stable/c/8f828aa48812ced28aa39cb3cfe55ef2444d03dd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8f828aa48812ced28aa39cb3cfe55ef2444d03dd"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

119
2024/36xxx/CVE-2024-36893.json
View File

@ -1,129 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36893",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: Check for port partner validity before consuming it\n\ntypec_register_partner() does not guarantee partner registration\nto always succeed. In the event of failure, port->partner is set\nto the error value or NULL. Given that port->partner validity is\nnot checked, this results in the following crash:\n\nUnable to handle kernel NULL pointer dereference at virtual address xx\n pc : run_state_machine+0x1bc8/0x1c08\n lr : run_state_machine+0x1b90/0x1c08\n..\n Call trace:\n run_state_machine+0x1bc8/0x1c08\n tcpm_state_machine_work+0x94/0xe4\n kthread_worker_fn+0x118/0x328\n kthread+0x1d0/0x23c\n ret_from_fork+0x10/0x20\n\nTo prevent the crash, check for port->partner validity before\nderefencing it in all the call sites."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9b7cd3fe01f0",
"version_value": "d56d2ca03cc2"
},
{
"version_affected": "<",
"version_name": "c97cd0b4b54e",
"version_value": "789326cafbd1"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.6",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d56d2ca03cc22123fd7626967d096d8661324e57",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d56d2ca03cc22123fd7626967d096d8661324e57"
},
{
"url": "https://git.kernel.org/stable/c/789326cafbd1f67f424436b6bc8bdb887a364637",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/789326cafbd1f67f424436b6bc8bdb887a364637"
},
{
"url": "https://git.kernel.org/stable/c/fc2b655cb6dd2b381f1f284989721002e39b6b77",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fc2b655cb6dd2b381f1f284989721002e39b6b77"
},
{
"url": "https://git.kernel.org/stable/c/ae11f04b452b5205536e1c02d31f8045eba249dd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ae11f04b452b5205536e1c02d31f8045eba249dd"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

103
2024/36xxx/CVE-2024-36894.json
View File

@ -1,113 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36894",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete\n\nFFS based applications can utilize the aio_cancel() callback to dequeue\npending USB requests submitted to the UDC. There is a scenario where the\nFFS application issues an AIO cancel call, while the UDC is handling a\nsoft disconnect. For a DWC3 based implementation, the callstack looks\nlike the following:\n\n DWC3 Gadget FFS Application\ndwc3_gadget_soft_disconnect() ...\n --> dwc3_stop_active_transfers()\n --> dwc3_gadget_giveback(-ESHUTDOWN)\n --> ffs_epfile_async_io_complete() ffs_aio_cancel()\n --> usb_ep_free_request() --> usb_ep_dequeue()\n\nThere is currently no locking implemented between the AIO completion\nhandler and AIO cancel, so the issue occurs if the completion routine is\nrunning in parallel to an AIO cancel call coming from the FFS application.\nAs the completion call frees the USB request (io_data->req) the FFS\napplication is also referencing it for the usb_ep_dequeue() call. This can\nlead to accessing a stale/hanging pointer.\n\ncommit b566d38857fc (\"usb: gadget: f_fs: use io_data->status consistently\")\nrelocated the usb_ep_free_request() into ffs_epfile_async_io_complete().\nHowever, in order to properly implement locking to mitigate this issue, the\nspinlock can't be added to ffs_epfile_async_io_complete(), as\nusb_ep_dequeue() (if successfully dequeuing a USB request) will call the\nfunction driver's completion handler in the same context. Hence, leading\ninto a deadlock.\n\nFix this issue by moving the usb_ep_free_request() back to\nffs_user_copy_worker(), and ensuring that it explicitly sets io_data->req\nto NULL after freeing it within the ffs->eps_lock. This resolves the race\ncondition above, as the ffs_aio_cancel() routine will not continue\nattempting to dequeue a request that has already been freed, or the\nffs_user_copy_work() not freeing the USB request until the AIO cancel is\ndone referencing it.\n\nThis fix depends on\n commit b566d38857fc (\"usb: gadget: f_fs: use io_data->status\n consistently\")"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2e4c7553cd6f",
"version_value": "73c05ad46bb4"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.15",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.15",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/73c05ad46bb4fbbdb346004651576d1c8dbcffbb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/73c05ad46bb4fbbdb346004651576d1c8dbcffbb"
},
{
"url": "https://git.kernel.org/stable/c/d7461830823242702f5d84084bcccb25159003f4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d7461830823242702f5d84084bcccb25159003f4"
},
{
"url": "https://git.kernel.org/stable/c/24729b307eefcd7c476065cd7351c1a018082c19",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/24729b307eefcd7c476065cd7351c1a018082c19"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

103
2024/36xxx/CVE-2024-36895.json
View File

@ -1,113 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36895",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: use correct buffer size when parsing configfs lists\n\nThis commit fixes uvc gadget support on 32-bit platforms.\n\nCommit 0df28607c5cb (\"usb: gadget: uvc: Generalise helper functions for\nreuse\") introduced a helper function __uvcg_iter_item_entries() to aid\nwith parsing lists of items on configfs attributes stores. This function\nis a generalization of another very similar function, which used a\nstack-allocated temporary buffer of fixed size for each item in the list\nand used the sizeof() operator to check for potential buffer overruns.\nThe new function was changed to allocate the now variably sized temp\nbuffer on heap, but wasn't properly updated to also check for max buffer\nsize using the computed size instead of sizeof() operator.\n\nAs a result, the maximum item size was 7 (plus null terminator) on\n64-bit platforms, and 3 on 32-bit ones. While 7 is accidentally just\nbarely enough, 3 is definitely too small for some of UVC configfs\nattributes. For example, dwFrameInteval, specified in 100ns units,\nusually has 6-digit item values, e.g. 166666 for 60fps."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0df28607c5cb",
"version_value": "7a54e5052bde"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.3",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.3",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/7a54e5052bde582fd0e7677334fe7a5be92e242c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7a54e5052bde582fd0e7677334fe7a5be92e242c"
},
{
"url": "https://git.kernel.org/stable/c/a422089ce42ced73713e5032aad29a9a7cbe9528",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a422089ce42ced73713e5032aad29a9a7cbe9528"
},
{
"url": "https://git.kernel.org/stable/c/650ae71c80749fc7cb8858c8049f532eaec64410",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/650ae71c80749fc7cb8858c8049f532eaec64410"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

114
2024/36xxx/CVE-2024-36896.json
View File

@ -1,124 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36896",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Fix access violation during port device removal\n\nTesting with KASAN and syzkaller revealed a bug in port.c:disable_store():\nusb_hub_to_struct_hub() can return NULL if the hub that the port belongs to\nis concurrently removed, but the function does not check for this\npossibility before dereferencing the returned value.\n\nIt turns out that the first dereference is unnecessary, since hub->intfdev\nis the parent of the port device, so it can be changed easily. Adding a\ncheck for hub == NULL prevents further problems.\n\nThe same bug exists in the disable_show() routine, and it can be fixed the\nsame way."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "f061f43d7418",
"version_value": "5f1d68ef5dda"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.0",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.0",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/5f1d68ef5ddac27c6b997adccd1c339cef1e6848",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5f1d68ef5ddac27c6b997adccd1c339cef1e6848"
},
{
"url": "https://git.kernel.org/stable/c/63533549ff53d24daf47c443dbd43c308afc3434",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/63533549ff53d24daf47c443dbd43c308afc3434"
},
{
"url": "https://git.kernel.org/stable/c/6119ef6517ce501fc548154691abdaf1f954a277",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6119ef6517ce501fc548154691abdaf1f954a277"
},
{
"url": "https://git.kernel.org/stable/c/a4b46d450c49f32e9d4247b421e58083fde304ce",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a4b46d450c49f32e9d4247b421e58083fde304ce"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

115
2024/36xxx/CVE-2024-36897.json
View File

@ -1,125 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36897",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Atom Integrated System Info v2_2 for DCN35\n\nNew request from KMD/VBIOS in order to support new UMA carveout\nmodel. This fixes a null dereference from accessing\nCtx->dc_bios->integrated_info while it was NULL.\n\nDAL parses through the BIOS and extracts the necessary\nintegrated_info but was missing a case for the new BIOS\nversion 2.3."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "3c7013a87124"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/3c7013a87124bab54216d9b99f77e8b6de6fbc1a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3c7013a87124bab54216d9b99f77e8b6de6fbc1a"
},
{
"url": "https://git.kernel.org/stable/c/02f5300f6827206f6e48a77f51e6264993695e5c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/02f5300f6827206f6e48a77f51e6264993695e5c"
},
{
"url": "https://git.kernel.org/stable/c/7e3030774431eb093165a31baff040d35446fb8b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7e3030774431eb093165a31baff040d35446fb8b"
},
{
"url": "https://git.kernel.org/stable/c/c2797ec16d9072327e7578d09ee05bcab52fffd0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c2797ec16d9072327e7578d09ee05bcab52fffd0"
},
{
"url": "https://git.kernel.org/stable/c/9a35d205f466501dcfe5625ca313d944d0ac2d60",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9a35d205f466501dcfe5625ca313d944d0ac2d60"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

114
2024/36xxx/CVE-2024-36898.json
View File

@ -1,124 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36898",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: cdev: fix uninitialised kfifo\n\nIf a line is requested with debounce, and that results in debouncing\nin software, and the line is subsequently reconfigured to enable edge\ndetection then the allocation of the kfifo to contain edge events is\noverlooked. This results in events being written to and read from an\nuninitialised kfifo. Read events are returned to userspace.\n\nInitialise the kfifo in the case where the software debounce is\nalready active."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "65cff7046406",
"version_value": "1a51e24404d7"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.10",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.10",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/1a51e24404d77bb3307c1e39eee0d8e86febb1a5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1a51e24404d77bb3307c1e39eee0d8e86febb1a5"
},
{
"url": "https://git.kernel.org/stable/c/883e4bbf06eb5fb7482679e4edb201093e9f55a2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/883e4bbf06eb5fb7482679e4edb201093e9f55a2"
},
{
"url": "https://git.kernel.org/stable/c/bd7139a70ee8d8ea872b223e043730cf6f5e2b0e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bd7139a70ee8d8ea872b223e043730cf6f5e2b0e"
},
{
"url": "https://git.kernel.org/stable/c/ee0166b637a5e376118e9659e5b4148080f1d27e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ee0166b637a5e376118e9659e5b4148080f1d27e"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

103
2024/36xxx/CVE-2024-36899.json
View File

@ -1,113 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36899",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: cdev: Fix use after free in lineinfo_changed_notify\n\nThe use-after-free issue occurs as follows: when the GPIO chip device file\nis being closed by invoking gpio_chrdev_release(), watched_lines is freed\nby bitmap_free(), but the unregistration of lineinfo_changed_nb notifier\nchain failed due to waiting write rwsem. Additionally, one of the GPIO\nchip's lines is also in the release process and holds the notifier chain's\nread rwsem. Consequently, a race condition leads to the use-after-free of\nwatched_lines.\n\nHere is the typical stack when issue happened:\n\n[free]\ngpio_chrdev_release()\n --> bitmap_free(cdev->watched_lines) <-- freed\n --> blocking_notifier_chain_unregister()\n --> down_write(&nh->rwsem) <-- waiting rwsem\n --> __down_write_common()\n --> rwsem_down_write_slowpath()\n --> schedule_preempt_disabled()\n --> schedule()\n\n[use]\nst54spi_gpio_dev_release()\n --> gpio_free()\n --> gpiod_free()\n --> gpiod_free_commit()\n --> gpiod_line_state_notify()\n --> blocking_notifier_call_chain()\n --> down_read(&nh->rwsem); <-- held rwsem\n --> notifier_call_chain()\n --> lineinfo_changed_notify()\n --> test_bit(xxxx, cdev->watched_lines) <-- use after free\n\nThe side effect of the use-after-free issue is that a GPIO line event is\nbeing generated for userspace where it shouldn't. However, since the chrdev\nis being closed, userspace won't have the chance to read that event anyway.\n\nTo fix the issue, call the bitmap_free() function after the unregistration\nof lineinfo_changed_nb notifier chain."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "51c1064e82e7",
"version_value": "95ca7c90eaf5"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.7",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/95ca7c90eaf5ea8a8460536535101e3e81160e2a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/95ca7c90eaf5ea8a8460536535101e3e81160e2a"
},
{
"url": "https://git.kernel.org/stable/c/ca710b5f40b8b16fdcad50bebd47f50e4c62d239",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ca710b5f40b8b16fdcad50bebd47f50e4c62d239"
},
{
"url": "https://git.kernel.org/stable/c/02f6b0e1ec7e0e7d059dddc893645816552039da",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/02f6b0e1ec7e0e7d059dddc893645816552039da"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

114
2024/36xxx/CVE-2024-36900.json
View File

@ -1,124 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36900",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when devlink reload during initialization\n\nThe devlink reload process will access the hardware resources,\nbut the register operation is done before the hardware is initialized.\nSo, processing the devlink reload during initialization may lead to kernel\ncrash.\n\nThis patch fixes this by registering the devlink after\nhardware initialization."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "cd6242991d2e",
"version_value": "72ede790f5a0"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.15",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/72ede790f5a03c3957487400a1b72ebce293a2e7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/72ede790f5a03c3957487400a1b72ebce293a2e7"
},
{
"url": "https://git.kernel.org/stable/c/5c623fe0534806b627054da09b6f51b7b2f7b9cd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5c623fe0534806b627054da09b6f51b7b2f7b9cd"
},
{
"url": "https://git.kernel.org/stable/c/c98bc78ce0909ccc92005e2cb6609ec6c7942f69",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c98bc78ce0909ccc92005e2cb6609ec6c7942f69"
},
{
"url": "https://git.kernel.org/stable/c/35d92abfbad88cf947c010baf34b075e40566095",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/35d92abfbad88cf947c010baf34b075e40566095"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

114
2024/36xxx/CVE-2024-36901.json
View File

@ -1,124 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36901",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent NULL dereference in ip6_output()\n\nAccording to syzbot, there is a chance that ip6_dst_idev()\nreturns NULL in ip6_output(). Most places in IPv6 stack\ndeal with a NULL idev just fine, but not here.\n\nsyzbot reported:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc00000000bc: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x00000000000005e0-0x00000000000005e7]\nCPU: 0 PID: 9775 Comm: syz-executor.4 Not tainted 6.9.0-rc5-syzkaller-00157-g6a30653b604a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\n RIP: 0010:ip6_output+0x231/0x3f0 net/ipv6/ip6_output.c:237\nCode: 3c 1e 00 49 89 df 74 08 4c 89 ef e8 19 58 db f7 48 8b 44 24 20 49 89 45 00 49 89 c5 48 8d 9d e0 05 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 4c 8b 74 24 28 0f 85 61 01 00 00 8b 1b 31 ff\nRSP: 0018:ffffc9000927f0d8 EFLAGS: 00010202\nRAX: 00000000000000bc RBX: 00000000000005e0 RCX: 0000000000040000\nRDX: ffffc900131f9000 RSI: 0000000000004f47 RDI: 0000000000004f48\nRBP: 0000000000000000 R08: ffffffff8a1f0b9a R09: 1ffffffff1f51fad\nR10: dffffc0000000000 R11: fffffbfff1f51fae R12: ffff8880293ec8c0\nR13: ffff88805d7fc000 R14: 1ffff1100527d91a R15: dffffc0000000000\nFS: 00007f135c6856c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000080 CR3: 0000000064096000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip6_xmit+0xefe/0x17f0 net/ipv6/ip6_output.c:358\n sctp_v6_xmit+0x9f2/0x13f0 net/sctp/ipv6.c:248\n sctp_packet_transmit+0x26ad/0x2ca0 net/sctp/output.c:653\n sctp_packet_singleton+0x22c/0x320 net/sctp/outqueue.c:783\n sctp_outq_flush_ctrl net/sctp/outqueue.c:914 [inline]\n sctp_outq_flush+0x6d5/0x3e20 net/sctp/outqueue.c:1212\n sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline]\n sctp_do_sm+0x59cc/0x60c0 net/sctp/sm_sideeffect.c:1169\n sctp_primitive_ASSOCIATE+0x95/0xc0 net/sctp/primitive.c:73\n __sctp_connect+0x9cd/0xe30 net/sctp/socket.c:1234\n sctp_connect net/sctp/socket.c:4819 [inline]\n sctp_inet_connect+0x149/0x1f0 net/sctp/socket.c:4834\n __sys_connect_file net/socket.c:2048 [inline]\n __sys_connect+0x2df/0x310 net/socket.c:2065\n __do_sys_connect net/socket.c:2075 [inline]\n __se_sys_connect net/socket.c:2072 [inline]\n __x64_sys_connect+0x7a/0x90 net/socket.c:2072\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "778d80be5269",
"version_value": "ea0cb87402f7"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.27",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.27",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/ea0cb87402f774b0e1214ffba0f57028b27cf155",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ea0cb87402f774b0e1214ffba0f57028b27cf155"
},
{
"url": "https://git.kernel.org/stable/c/e31b25cc2066d3f2b6c38579253882008d4469b0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e31b25cc2066d3f2b6c38579253882008d4469b0"
},
{
"url": "https://git.kernel.org/stable/c/55f7eb4001ef2a3b48cf039cf263f9ed0ec5a488",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/55f7eb4001ef2a3b48cf039cf263f9ed0ec5a488"
},
{
"url": "https://git.kernel.org/stable/c/4db783d68b9b39a411a96096c10828ff5dfada7a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4db783d68b9b39a411a96096c10828ff5dfada7a"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

158
2024/36xxx/CVE-2024-36902.json
View File

@ -1,168 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36902",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()\n\nsyzbot is able to trigger the following crash [1],\ncaused by unsafe ip6_dst_idev() use.\n\nIndeed ip6_dst_idev() can return NULL, and must always be checked.\n\n[1]\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 0 PID: 31648 Comm: syz-executor.0 Not tainted 6.9.0-rc4-next-20240417-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\n RIP: 0010:__fib6_rule_action net/ipv6/fib6_rules.c:237 [inline]\n RIP: 0010:fib6_rule_action+0x241/0x7b0 net/ipv6/fib6_rules.c:267\nCode: 02 00 00 49 8d 9f d8 00 00 00 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 f9 32 bf f7 48 8b 1b 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 e0 32 bf f7 4c 8b 03 48 89 ef 4c\nRSP: 0018:ffffc9000fc1f2f0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 1a772f98c8186700\nRDX: 0000000000000003 RSI: ffffffff8bcac4e0 RDI: ffffffff8c1f9760\nRBP: ffff8880673fb980 R08: ffffffff8fac15ef R09: 1ffffffff1f582bd\nR10: dffffc0000000000 R11: fffffbfff1f582be R12: dffffc0000000000\nR13: 0000000000000080 R14: ffff888076509000 R15: ffff88807a029a00\nFS: 00007f55e82ca6c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b31d23000 CR3: 0000000022b66000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n fib_rules_lookup+0x62c/0xdb0 net/core/fib_rules.c:317\n fib6_rule_lookup+0x1fd/0x790 net/ipv6/fib6_rules.c:108\n ip6_route_output_flags_noref net/ipv6/route.c:2637 [inline]\n ip6_route_output_flags+0x38e/0x610 net/ipv6/route.c:2649\n ip6_route_output include/net/ip6_route.h:93 [inline]\n ip6_dst_lookup_tail+0x189/0x11a0 net/ipv6/ip6_output.c:1120\n ip6_dst_lookup_flow+0xb9/0x180 net/ipv6/ip6_output.c:1250\n sctp_v6_get_dst+0x792/0x1e20 net/sctp/ipv6.c:326\n sctp_transport_route+0x12c/0x2e0 net/sctp/transport.c:455\n sctp_assoc_add_peer+0x614/0x15c0 net/sctp/associola.c:662\n sctp_connect_new_asoc+0x31d/0x6c0 net/sctp/socket.c:1099\n __sctp_connect+0x66d/0xe30 net/sctp/socket.c:1197\n sctp_connect net/sctp/socket.c:4819 [inline]\n sctp_inet_connect+0x149/0x1f0 net/sctp/socket.c:4834\n __sys_connect_file net/socket.c:2048 [inline]\n __sys_connect+0x2df/0x310 net/socket.c:2065\n __do_sys_connect net/socket.c:2075 [inline]\n __se_sys_connect net/socket.c:2072 [inline]\n __x64_sys_connect+0x7a/0x90 net/socket.c:2072\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5e5f3f0f8013",
"version_value": "4a5a573387da"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.26",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.26",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.314",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.276",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/4a5a573387da6a6b23a4cc62147453ff1bc32afa",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4a5a573387da6a6b23a4cc62147453ff1bc32afa"
},
{
"url": "https://git.kernel.org/stable/c/ddec23f206a944c73bcc2724358b85388837daff",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ddec23f206a944c73bcc2724358b85388837daff"
},
{
"url": "https://git.kernel.org/stable/c/674c951ab8a23f7aff9b4c3f2f865901bc76a290",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/674c951ab8a23f7aff9b4c3f2f865901bc76a290"
},
{
"url": "https://git.kernel.org/stable/c/35297fc68de36826087e976f86a5b1f94fd0bf95",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/35297fc68de36826087e976f86a5b1f94fd0bf95"
},
{
"url": "https://git.kernel.org/stable/c/7e3242c139c38e60844638e394c2877b16b396b0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7e3242c139c38e60844638e394c2877b16b396b0"
},
{
"url": "https://git.kernel.org/stable/c/8745a8d74ba17dafe72b6ab461fa6c007d879747",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8745a8d74ba17dafe72b6ab461fa6c007d879747"
},
{
"url": "https://git.kernel.org/stable/c/1876881c9a49613b5249fb400cbf53412d90cb09",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1876881c9a49613b5249fb400cbf53412d90cb09"
},
{
"url": "https://git.kernel.org/stable/c/d101291b2681e5ab938554e3e323f7a7ee33e3aa",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d101291b2681e5ab938554e3e323f7a7ee33e3aa"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

103
2024/36xxx/CVE-2024-36903.json
View File

@ -1,113 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36903",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix potential uninit-value access in __ip6_make_skb()\n\nAs it was done in commit fc1092f51567 (\"ipv4: Fix uninit-value access in\n__ip_make_skb()\") for IPv4, check FLOWI_FLAG_KNOWN_NH on fl6->flowi6_flags\ninstead of testing HDRINCL on the socket to avoid a race condition which\ncauses uninit-value access."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ea30388baebc",
"version_value": "68c8ba16ab71"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.3",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.3",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/68c8ba16ab712eb709c6bab80ff151079d11d97a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/68c8ba16ab712eb709c6bab80ff151079d11d97a"
},
{
"url": "https://git.kernel.org/stable/c/2367bf254f3a27ecc6e229afd7a8b0a1395f7be3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2367bf254f3a27ecc6e229afd7a8b0a1395f7be3"
},
{
"url": "https://git.kernel.org/stable/c/4e13d3a9c25b7080f8a619f961e943fe08c2672c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4e13d3a9c25b7080f8a619f961e943fe08c2672c"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

158
2024/36xxx/CVE-2024-36904.json
View File

@ -1,168 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36904",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Use refcount_inc_not_zero() in tcp_twsk_unique().\n\nAnderson Nascimento reported a use-after-free splat in tcp_twsk_unique()\nwith nice analysis.\n\nSince commit ec94c2696f0b (\"tcp/dccp: avoid one atomic operation for\ntimewait hashdance\"), inet_twsk_hashdance() sets TIME-WAIT socket's\nsk_refcnt after putting it into ehash and releasing the bucket lock.\n\nThus, there is a small race window where other threads could try to\nreuse the port during connect() and call sock_hold() in tcp_twsk_unique()\nfor the TIME-WAIT socket with zero refcnt.\n\nIf that happens, the refcnt taken by tcp_twsk_unique() is overwritten\nand sock_put() will cause underflow, triggering a real use-after-free\nsomewhere else.\n\nTo avoid the use-after-free, we need to use refcount_inc_not_zero() in\ntcp_twsk_unique() and give up on reusing the port if it returns false.\n\n[0]:\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 0 PID: 1039313 at lib/refcount.c:25 refcount_warn_saturate+0xe5/0x110\nCPU: 0 PID: 1039313 Comm: trigger Not tainted 6.8.6-200.fc39.x86_64 #1\nHardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.21805430.B64.2305221830 05/22/2023\nRIP: 0010:refcount_warn_saturate+0xe5/0x110\nCode: 42 8e ff 0f 0b c3 cc cc cc cc 80 3d aa 13 ea 01 00 0f 85 5e ff ff ff 48 c7 c7 f8 8e b7 82 c6 05 96 13 ea 01 01 e8 7b 42 8e ff <0f> 0b c3 cc cc cc cc 48 c7 c7 50 8f b7 82 c6 05 7a 13 ea 01 01 e8\nRSP: 0018:ffffc90006b43b60 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff888009bb3ef0 RCX: 0000000000000027\nRDX: ffff88807be218c8 RSI: 0000000000000001 RDI: ffff88807be218c0\nRBP: 0000000000069d70 R08: 0000000000000000 R09: ffffc90006b439f0\nR10: ffffc90006b439e8 R11: 0000000000000003 R12: ffff8880029ede84\nR13: 0000000000004e20 R14: ffffffff84356dc0 R15: ffff888009bb3ef0\nFS: 00007f62c10926c0(0000) GS:ffff88807be00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020ccb000 CR3: 000000004628c005 CR4: 0000000000f70ef0\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? refcount_warn_saturate+0xe5/0x110\n ? __warn+0x81/0x130\n ? refcount_warn_saturate+0xe5/0x110\n ? report_bug+0x171/0x1a0\n ? refcount_warn_saturate+0xe5/0x110\n ? handle_bug+0x3c/0x80\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? refcount_warn_saturate+0xe5/0x110\n tcp_twsk_unique+0x186/0x190\n __inet_check_established+0x176/0x2d0\n __inet_hash_connect+0x74/0x7d0\n ? __pfx___inet_check_established+0x10/0x10\n tcp_v4_connect+0x278/0x530\n __inet_stream_connect+0x10f/0x3d0\n inet_stream_connect+0x3a/0x60\n __sys_connect+0xa8/0xd0\n __x64_sys_connect+0x18/0x20\n do_syscall_64+0x83/0x170\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7f62c11a885d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a3 45 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007f62c1091e58 EFLAGS: 00000296 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 0000000020ccb004 RCX: 00007f62c11a885d\nRDX: 0000000000000010 RSI: 0000000020ccb000 RDI: 0000000000000003\nRBP: 00007f62c1091e90 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000296 R12: 00007f62c10926c0\nR13: ffffffffffffff88 R14: 0000000000000000 R15: 00007ffe237885b0\n </TASK>"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ec94c2696f0b",
"version_value": "84546cc1aeeb"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.16",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.16",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.314",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.276",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/84546cc1aeeb4df3e444b18a4293c9823f974be9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/84546cc1aeeb4df3e444b18a4293c9823f974be9"
},
{
"url": "https://git.kernel.org/stable/c/1796ca9c6f5bd50554214053af5f47d112818ee3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1796ca9c6f5bd50554214053af5f47d112818ee3"
},
{
"url": "https://git.kernel.org/stable/c/1d9cf07810c30ef7948879567d10fd1f01121d34",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1d9cf07810c30ef7948879567d10fd1f01121d34"
},
{
"url": "https://git.kernel.org/stable/c/27b0284d8be182a81feb65581ab6a724dfd596e8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/27b0284d8be182a81feb65581ab6a724dfd596e8"
},
{
"url": "https://git.kernel.org/stable/c/13ed7cdf079686ccd3618335205700c03f6fb446",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/13ed7cdf079686ccd3618335205700c03f6fb446"
},
{
"url": "https://git.kernel.org/stable/c/6e48faad92be13166184d21506e4e54c79c13adc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6e48faad92be13166184d21506e4e54c79c13adc"
},
{
"url": "https://git.kernel.org/stable/c/517e32ea0a8c72202d0d8aa8df50a7cd3d6fdefc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/517e32ea0a8c72202d0d8aa8df50a7cd3d6fdefc"
},
{
"url": "https://git.kernel.org/stable/c/f2db7230f73a80dbb179deab78f88a7947f0ab7e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f2db7230f73a80dbb179deab78f88a7947f0ab7e"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

158
2024/36xxx/CVE-2024-36905.json
View File

@ -1,168 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36905",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets\n\nTCP_SYN_RECV state is really special, it is only used by\ncross-syn connections, mostly used by fuzzers.\n\nIn the following crash [1], syzbot managed to trigger a divide\nby zero in tcp_rcv_space_adjust()\n\nA socket makes the following state transitions,\nwithout ever calling tcp_init_transfer(),\nmeaning tcp_init_buffer_space() is also not called.\n\n TCP_CLOSE\nconnect()\n TCP_SYN_SENT\n TCP_SYN_RECV\nshutdown() -> tcp_shutdown(sk, SEND_SHUTDOWN)\n TCP_FIN_WAIT1\n\nTo fix this issue, change tcp_shutdown() to not\nperform a TCP_SYN_RECV -> TCP_FIN_WAIT1 transition,\nwhich makes no sense anyway.\n\nWhen tcp_rcv_state_process() later changes socket state\nfrom TCP_SYN_RECV to TCP_ESTABLISH, then look at\nsk->sk_shutdown to finally enter TCP_FIN_WAIT1 state,\nand send a FIN packet from a sane socket state.\n\nThis means tcp_send_fin() can now be called from BH\ncontext, and must use GFP_ATOMIC allocations.\n\n[1]\ndivide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 1 PID: 5084 Comm: syz-executor358 Not tainted 6.9.0-rc6-syzkaller-00022-g98369dccd2f8 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\n RIP: 0010:tcp_rcv_space_adjust+0x2df/0x890 net/ipv4/tcp_input.c:767\nCode: e3 04 4c 01 eb 48 8b 44 24 38 0f b6 04 10 84 c0 49 89 d5 0f 85 a5 03 00 00 41 8b 8e c8 09 00 00 89 e8 29 c8 48 0f af c3 31 d2 <48> f7 f1 48 8d 1c 43 49 8d 96 76 08 00 00 48 89 d0 48 c1 e8 03 48\nRSP: 0018:ffffc900031ef3f0 EFLAGS: 00010246\nRAX: 0c677a10441f8f42 RBX: 000000004fb95e7e RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 0000000027d4b11f R08: ffffffff89e535a4 R09: 1ffffffff25e6ab7\nR10: dffffc0000000000 R11: ffffffff8135e920 R12: ffff88802a9f8d30\nR13: dffffc0000000000 R14: ffff88802a9f8d00 R15: 1ffff1100553f2da\nFS: 00005555775c0380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1155bf2304 CR3: 000000002b9f2000 CR4: 0000000000350ef0\nCall Trace:\n <TASK>\n tcp_recvmsg_locked+0x106d/0x25a0 net/ipv4/tcp.c:2513\n tcp_recvmsg+0x25d/0x920 net/ipv4/tcp.c:2578\n inet6_recvmsg+0x16a/0x730 net/ipv6/af_inet6.c:680\n sock_recvmsg_nosec net/socket.c:1046 [inline]\n sock_recvmsg+0x109/0x280 net/socket.c:1068\n ____sys_recvmsg+0x1db/0x470 net/socket.c:2803\n ___sys_recvmsg net/socket.c:2845 [inline]\n do_recvmmsg+0x474/0xae0 net/socket.c:2939\n __sys_recvmmsg net/socket.c:3018 [inline]\n __do_sys_recvmmsg net/socket.c:3041 [inline]\n __se_sys_recvmmsg net/socket.c:3034 [inline]\n __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3034\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7faeb6363db9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffcc1997168 EFLAGS: 00000246 ORIG_RAX: 000000000000012b\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faeb6363db9\nRDX: 0000000000000001 RSI: 0000000020000bc0 RDI: 0000000000000005\nRBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000001c\nR10: 0000000000000122 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "34e41a031fd7"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.12",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.314",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.276",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/34e41a031fd7523bf1cd00a2adca2370aebea270",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/34e41a031fd7523bf1cd00a2adca2370aebea270"
},
{
"url": "https://git.kernel.org/stable/c/ed5e279b69e007ce6c0fe82a5a534c1b19783214",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ed5e279b69e007ce6c0fe82a5a534c1b19783214"
},
{
"url": "https://git.kernel.org/stable/c/413c33b9f3bc36fdf719690a78824db9f88a9485",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/413c33b9f3bc36fdf719690a78824db9f88a9485"
},
{
"url": "https://git.kernel.org/stable/c/2552c9d9440f8e7a2ed0660911ff00f25b90a0a4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2552c9d9440f8e7a2ed0660911ff00f25b90a0a4"
},
{
"url": "https://git.kernel.org/stable/c/3fe4ef0568a48369b1891395d13ac593b1ba41b1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3fe4ef0568a48369b1891395d13ac593b1ba41b1"
},
{
"url": "https://git.kernel.org/stable/c/f47d0d32fa94e815fdd78b8b88684873e67939f4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f47d0d32fa94e815fdd78b8b88684873e67939f4"
},
{
"url": "https://git.kernel.org/stable/c/cbf232ba11bc86a5281b4f00e1151349ef4d45cf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cbf232ba11bc86a5281b4f00e1151349ef4d45cf"
},
{
"url": "https://git.kernel.org/stable/c/94062790aedb505bdda209b10bea47b294d6394f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/94062790aedb505bdda209b10bea47b294d6394f"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

125
2024/36xxx/CVE-2024-36906.json
View File

@ -1,135 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36906",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: 9381/1: kasan: clear stale stack poison\n\nWe found below OOB crash:\n\n[ 33.452494] ==================================================================\n[ 33.453513] BUG: KASAN: stack-out-of-bounds in refresh_cpu_vm_stats.constprop.0+0xcc/0x2ec\n[ 33.454660] Write of size 164 at addr c1d03d30 by task swapper/0/0\n[ 33.455515]\n[ 33.455767] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G O 6.1.25-mainline #1\n[ 33.456880] Hardware name: Generic DT based system\n[ 33.457555] unwind_backtrace from show_stack+0x18/0x1c\n[ 33.458326] show_stack from dump_stack_lvl+0x40/0x4c\n[ 33.459072] dump_stack_lvl from print_report+0x158/0x4a4\n[ 33.459863] print_report from kasan_report+0x9c/0x148\n[ 33.460616] kasan_report from kasan_check_range+0x94/0x1a0\n[ 33.461424] kasan_check_range from memset+0x20/0x3c\n[ 33.462157] memset from refresh_cpu_vm_stats.constprop.0+0xcc/0x2ec\n[ 33.463064] refresh_cpu_vm_stats.constprop.0 from tick_nohz_idle_stop_tick+0x180/0x53c\n[ 33.464181] tick_nohz_idle_stop_tick from do_idle+0x264/0x354\n[ 33.465029] do_idle from cpu_startup_entry+0x20/0x24\n[ 33.465769] cpu_startup_entry from rest_init+0xf0/0xf4\n[ 33.466528] rest_init from arch_post_acpi_subsys_init+0x0/0x18\n[ 33.467397]\n[ 33.467644] The buggy address belongs to stack of task swapper/0/0\n[ 33.468493] and is located at offset 112 in frame:\n[ 33.469172] refresh_cpu_vm_stats.constprop.0+0x0/0x2ec\n[ 33.469917]\n[ 33.470165] This frame has 2 objects:\n[ 33.470696] [32, 76) 'global_zone_diff'\n[ 33.470729] [112, 276) 'global_node_diff'\n[ 33.471294]\n[ 33.472095] The buggy address belongs to the physical page:\n[ 33.472862] page:3cd72da8 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x41d03\n[ 33.473944] flags: 0x1000(reserved|zone=0)\n[ 33.474565] raw: 00001000 ed741470 ed741470 00000000 00000000 00000000 ffffffff 00000001\n[ 33.475656] raw: 00000000\n[ 33.476050] page dumped because: kasan: bad access detected\n[ 33.476816]\n[ 33.477061] Memory state around the buggy address:\n[ 33.477732] c1d03c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 33.478630] c1d03c80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00\n[ 33.479526] >c1d03d00: 00 04 f2 f2 f2 f2 00 00 00 00 00 00 f1 f1 f1 f1\n[ 33.480415] ^\n[ 33.481195] c1d03d80: 00 00 00 00 00 00 00 00 00 00 04 f3 f3 f3 f3 f3\n[ 33.482088] c1d03e00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00\n[ 33.482978] ==================================================================\n\nWe find the root cause of this OOB is that arm does not clear stale stack\npoison in the case of cpuidle.\n\nThis patch refer to arch/arm64/kernel/sleep.S to resolve this issue.\n\nFrom cited commit [1] that explain the problem\n\nFunctions which the compiler has instrumented for KASAN place poison on\nthe stack shadow upon entry and remove this poison prior to returning.\n\nIn the case of cpuidle, CPUs exit the kernel a number of levels deep in\nC code. Any instrumented functions on this critical path will leave\nportions of the stack shadow poisoned.\n\nIf CPUs lose context and return to the kernel via a cold path, we\nrestore a prior context saved in __cpu_suspend_enter are forgotten, and\nwe never remove the poison they placed in the stack shadow area by\nfunctions calls between this and the actual exit of the kernel.\n\nThus, (depending on stackframe layout) subsequent calls to instrumented\nfunctions may hit this stale poison, resulting in (spurious) KASAN\nsplats to the console.\n\nTo avoid this, clear any stale poison from the idle thread for a CPU\nprior to bringing a CPU online.\n\nFrom cited commit [2]\n\nExtend to check for CONFIG_KASAN_STACK\n\n[1] commit 0d97e6d8024c (\"arm64: kasan: clear stale stack poison\")\n[2] commit d56a9ef84bd0 (\"kasan, arm64: unpoison stack only with CONFIG_KASAN_STACK\")"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5615f69bc209",
"version_value": "20ac71bee028"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.11",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.11",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/20ac71bee028ffbae4fc14ed679b23b4d3e95726",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/20ac71bee028ffbae4fc14ed679b23b4d3e95726"
},
{
"url": "https://git.kernel.org/stable/c/ad702338fe423cb1e79745787090317256a98dab",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ad702338fe423cb1e79745787090317256a98dab"
},
{
"url": "https://git.kernel.org/stable/c/ee0ce7573e5083031960faf602c9db693ab5b477",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ee0ce7573e5083031960faf602c9db693ab5b477"
},
{
"url": "https://git.kernel.org/stable/c/b26f353786d365e658cebc9a9ace88e04fc2325e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b26f353786d365e658cebc9a9ace88e04fc2325e"
},
{
"url": "https://git.kernel.org/stable/c/c4238686f9093b98bd6245a348bcf059cdce23af",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c4238686f9093b98bd6245a348bcf059cdce23af"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

83
2024/36xxx/CVE-2024-36907.json
View File

@ -1,93 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36907",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: add a missing rpc_stat for TCP TLS\n\nCommit 1548036ef120 (\"nfs: make the rpc_stat per net namespace\") added\nfunctionality to specify rpc_stats function but missed adding it to the\nTCP TLS functionality. As the result, mounting with xprtsec=tls lead to\nthe following kernel oops.\n\n[ 128.984192] Unable to handle kernel NULL pointer dereference at\nvirtual address 000000000000001c\n[ 128.985058] Mem abort info:\n[ 128.985372] ESR = 0x0000000096000004\n[ 128.985709] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 128.986176] SET = 0, FnV = 0\n[ 128.986521] EA = 0, S1PTW = 0\n[ 128.986804] FSC = 0x04: level 0 translation fault\n[ 128.987229] Data abort info:\n[ 128.987597] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 128.988169] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 128.988811] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 128.989302] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000106c84000\n[ 128.990048] [000000000000001c] pgd=0000000000000000, p4d=0000000000000000\n[ 128.990736] Internal error: Oops: 0000000096000004 [#1] SMP\n[ 128.991168] Modules linked in: nfs_layout_nfsv41_files\nrpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace netfs\nuinput dm_mod nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib\nnft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct\nnft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill\nip_set nf_tables nfnetlink qrtr vsock_loopback\nvmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock\nsunrpc vfat fat uvcvideo videobuf2_vmalloc videobuf2_memops uvc\nvideobuf2_v4l2 videodev videobuf2_common mc vmw_vmci xfs libcrc32c\ne1000e crct10dif_ce ghash_ce sha2_ce vmwgfx nvme sha256_arm64\nnvme_core sr_mod cdrom sha1_ce drm_ttm_helper ttm drm_kms_helper drm\nsg fuse\n[ 128.996466] CPU: 0 PID: 179 Comm: kworker/u4:26 Kdump: loaded Not\ntainted 6.8.0-rc6+ #12\n[ 128.997226] Hardware name: VMware, Inc. VMware20,1/VBSA, BIOS\nVMW201.00V.21805430.BA64.2305221830 05/22/2023\n[ 128.998084] Workqueue: xprtiod xs_tcp_tls_setup_socket [sunrpc]\n[ 128.998701] pstate: 81400005 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[ 128.999384] pc : call_start+0x74/0x138 [sunrpc]\n[ 128.999809] lr : __rpc_execute+0xb8/0x3e0 [sunrpc]\n[ 129.000244] sp : ffff8000832b3a00\n[ 129.000508] x29: ffff8000832b3a00 x28: ffff800081ac79c0 x27: ffff800081ac7000\n[ 129.001111] x26: 0000000004248060 x25: 0000000000000000 x24: ffff800081596008\n[ 129.001757] x23: ffff80007b087240 x22: ffff00009a509d30 x21: 0000000000000000\n[ 129.002345] x20: ffff000090075600 x19: ffff00009a509d00 x18: ffffffffffffffff\n[ 129.002912] x17: 733d4d4554535953 x16: 42555300312d746e x15: ffff8000832b3a88\n[ 129.003464] x14: ffffffffffffffff x13: ffff8000832b3a7d x12: 0000000000000008\n[ 129.004021] x11: 0101010101010101 x10: ffff8000150cb560 x9 : ffff80007b087c00\n[ 129.004577] x8 : ffff00009a509de0 x7 : 0000000000000000 x6 : 00000000be8c4ee3\n[ 129.005026] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff000094d56680\n[ 129.005425] x2 : ffff80007b0637f8 x1 : ffff000090075600 x0 : ffff00009a509d00\n[ 129.005824] Call trace:\n[ 129.005967] call_start+0x74/0x138 [sunrpc]\n[ 129.006233] __rpc_execute+0xb8/0x3e0 [sunrpc]\n[ 129.006506] rpc_execute+0x160/0x1d8 [sunrpc]\n[ 129.006778] rpc_run_task+0x148/0x1f8 [sunrpc]\n[ 129.007204] tls_probe+0x80/0xd0 [sunrpc]\n[ 129.007460] rpc_ping+0x28/0x80 [sunrpc]\n[ 129.007715] rpc_create_xprt+0x134/0x1a0 [sunrpc]\n[ 129.007999] rpc_create+0x128/0x2a0 [sunrpc]\n[ 129.008264] xs_tcp_tls_setup_socket+0xdc/0x508 [sunrpc]\n[ 129.008583] process_one_work+0x174/0x3c8\n[ 129.008813] worker_thread+0x2c8/0x3e0\n[ 129.009033] kthread+0x100/0x110\n[ 129.009225] ret_from_fork+0x10/0x20\n[ 129.009432] Code: f0ffffc2 911fe042 aa1403e1 aa1303e0 (b9401c83)"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "260333221cf0",
"version_value": "9b332c72299f"
},
{
"version_affected": "<",
"version_name": "e9f9ceb3cca1",
"version_value": "024f7744bd09"
},
{
"version_affected": "<",
"version_name": "1548036ef120",
"version_value": "8e088a20dbe3"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/9b332c72299f2ac284ab3d7c0301969b933e4ca1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9b332c72299f2ac284ab3d7c0301969b933e4ca1"
},
{
"url": "https://git.kernel.org/stable/c/024f7744bd09cb2a47a0a96b9c8ad08109de99cc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/024f7744bd09cb2a47a0a96b9c8ad08109de99cc"
},
{
"url": "https://git.kernel.org/stable/c/8e088a20dbe33919695a8082c0b32deb62d23b4a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8e088a20dbe33919695a8082c0b32deb62d23b4a"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

93
2024/36xxx/CVE-2024-36908.json
View File

@ -1,103 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36908",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: do not WARN if iocg was already offlined\n\nIn iocg_pay_debt(), warn is triggered if 'active_list' is empty, which\nis intended to confirm iocg is active when it has debt. However, warn\ncan be triggered during a blkcg or disk removal, if iocg_waitq_timer_fn()\nis run at that time:\n\n WARNING: CPU: 0 PID: 2344971 at block/blk-iocost.c:1402 iocg_pay_debt+0x14c/0x190\n Call trace:\n iocg_pay_debt+0x14c/0x190\n iocg_kick_waitq+0x438/0x4c0\n iocg_waitq_timer_fn+0xd8/0x130\n __run_hrtimer+0x144/0x45c\n __hrtimer_run_queues+0x16c/0x244\n hrtimer_interrupt+0x2cc/0x7b0\n\nThe warn in this situation is meaningless. Since this iocg is being\nremoved, the state of the 'active_list' is irrelevant, and 'waitq_timer'\nis canceled after removing 'active_list' in ioc_pd_free(), which ensures\niocg is freed after iocg_waitq_timer_fn() returns.\n\nTherefore, add the check if iocg was already offlined to avoid warn\nwhen removing a blkcg or disk."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "1c172ac7afe4"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/1c172ac7afe4442964f4153b2c78fe4e005d9d67",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1c172ac7afe4442964f4153b2c78fe4e005d9d67"
},
{
"url": "https://git.kernel.org/stable/c/14b3275f93d4a0d8ddc02195bc4e9869b7a3700e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/14b3275f93d4a0d8ddc02195bc4e9869b7a3700e"
},
{
"url": "https://git.kernel.org/stable/c/01bc4fda9ea0a6b52f12326486f07a4910666cf6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/01bc4fda9ea0a6b52f12326486f07a4910666cf6"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

104
2024/36xxx/CVE-2024-36909.json
View File

@ -1,114 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36909",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nThe VMBus ring buffer code could free decrypted/shared pages if\nset_memory_decrypted() fails. Check the decrypted field in the struct\nvmbus_gpadl for the ring buffers to decide whether to free the memory."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "2f622008bf78"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/2f622008bf784a9f5dd17baa19223cc2ac30a039",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2f622008bf784a9f5dd17baa19223cc2ac30a039"
},
{
"url": "https://git.kernel.org/stable/c/82f9e213b124a7d2bb5b16ea35d570260ef467e0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/82f9e213b124a7d2bb5b16ea35d570260ef467e0"
},
{
"url": "https://git.kernel.org/stable/c/a9212a4e2963a7fbe3864ba33dc551d4ad8d0abb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a9212a4e2963a7fbe3864ba33dc551d4ad8d0abb"
},
{
"url": "https://git.kernel.org/stable/c/30d18df6567be09c1433e81993e35e3da573ac48",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/30d18df6567be09c1433e81993e35e3da573ac48"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

104
2024/36xxx/CVE-2024-36910.json
View File

@ -1,114 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36910",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Don't free decrypted memory\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nThe VMBus device UIO driver could free decrypted/shared pages if\nset_memory_decrypted() fails. Check the decrypted field in the gpadl\nto decide whether to free the memory."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "dabf12bf9943"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/dabf12bf994318d939f70d47cfda30e47abb2c54",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dabf12bf994318d939f70d47cfda30e47abb2c54"
},
{
"url": "https://git.kernel.org/stable/c/6466a0f6d235c8a18c602cb587160d7e49876db9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6466a0f6d235c8a18c602cb587160d7e49876db9"
},
{
"url": "https://git.kernel.org/stable/c/fe2c58602354fbd60680dc42ac3a0b772cda7d23",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fe2c58602354fbd60680dc42ac3a0b772cda7d23"
},
{
"url": "https://git.kernel.org/stable/c/3d788b2fbe6a1a1a9e3db09742b90809d51638b7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3d788b2fbe6a1a1a9e3db09742b90809d51638b7"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

93
2024/36xxx/CVE-2024-36911.json
View File

@ -1,103 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36911",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhv_netvsc: Don't free decrypted memory\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nThe netvsc driver could free decrypted/shared pages if\nset_memory_decrypted() fails. Check the decrypted field in the gpadl\nto decide whether to free the memory."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "a56fe6113263"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/a56fe611326332bf6b7126e5559590c57dcebad4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a56fe611326332bf6b7126e5559590c57dcebad4"
},
{
"url": "https://git.kernel.org/stable/c/4aaed9dbe8acd2b6114458f0498a617283d6275b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4aaed9dbe8acd2b6114458f0498a617283d6275b"
},
{
"url": "https://git.kernel.org/stable/c/bbf9ac34677b57506a13682b31a2a718934c0e31",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bbf9ac34677b57506a13682b31a2a718934c0e31"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

104
2024/36xxx/CVE-2024-36912.json
View File

@ -1,114 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36912",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Track decrypted status in vmbus_gpadl\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nIn order to make sure callers of vmbus_establish_gpadl() and\nvmbus_teardown_gpadl() don't return decrypted/shared pages to\nallocators, add a field in struct vmbus_gpadl to keep track of the\ndecryption status of the buffers. This will allow the callers to\nknow if they should free or leak the pages."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "1999644d9519"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/1999644d95194d4a58d3e80ad04ce19220a01a81",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1999644d95194d4a58d3e80ad04ce19220a01a81"
},
{
"url": "https://git.kernel.org/stable/c/8e62341f5c45b27519b7d193bcc32ada416ad9d8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8e62341f5c45b27519b7d193bcc32ada416ad9d8"
},
{
"url": "https://git.kernel.org/stable/c/bfae56be077ba14311509e70706a13458f87ea99",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bfae56be077ba14311509e70706a13458f87ea99"
},
{
"url": "https://git.kernel.org/stable/c/211f514ebf1ef5de37b1cf6df9d28a56cfd242ca",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/211f514ebf1ef5de37b1cf6df9d28a56cfd242ca"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

93
2024/36xxx/CVE-2024-36913.json
View File

@ -1,103 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36913",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Leak pages if set_memory_encrypted() fails\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nVMBus code could free decrypted pages if set_memory_encrypted()/decrypted()\nfails. Leak the pages if this happens."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "6123a4e8e25b"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/6123a4e8e25bd40cf44db14694abac00e6b664e6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6123a4e8e25bd40cf44db14694abac00e6b664e6"
},
{
"url": "https://git.kernel.org/stable/c/e813a0fc2e597146e9cebea61ced9c796d4e308f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e813a0fc2e597146e9cebea61ced9c796d4e308f"
},
{
"url": "https://git.kernel.org/stable/c/03f5a999adba062456c8c818a683beb1b498983a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/03f5a999adba062456c8c818a683beb1b498983a"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

93
2024/36xxx/CVE-2024-36914.json
View File

@ -1,103 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36914",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip on writeback when it's not applicable\n\n[WHY]\ndynamic memory safety error detector (KASAN) catches and generates error\nmessages \"BUG: KASAN: slab-out-of-bounds\" as writeback connector does not\nsupport certain features which are not initialized.\n\n[HOW]\nSkip them when connector type is DRM_MODE_CONNECTOR_WRITEBACK."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "951a498fa993"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/951a498fa993c5501994ec2df97c9297b02488c7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/951a498fa993c5501994ec2df97c9297b02488c7"
},
{
"url": "https://git.kernel.org/stable/c/e9baa7110e9f3756bd5a812af376c288d9be894d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e9baa7110e9f3756bd5a812af376c288d9be894d"
},
{
"url": "https://git.kernel.org/stable/c/ecedd99a9369fb5cde601ae9abd58bca2739f1ae",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ecedd99a9369fb5cde601ae9abd58bca2739f1ae"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

82
2024/36xxx/CVE-2024-36915.json
View File

@ -1,92 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36915",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: llcp: fix nfc_llcp_setsockopt() unsafe copies\n\nsyzbot reported unsafe calls to copy_from_sockptr() [1]\n\nUse copy_safe_from_sockptr() instead.\n\n[1]\n\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]\n BUG: KASAN: slab-out-of-bounds in nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255\nRead of size 4 at addr ffff88801caa1ec3 by task syz-executor459/5078\n\nCPU: 0 PID: 5078 Comm: syz-executor459 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n copy_from_sockptr include/linux/sockptr.h:55 [inline]\n nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255\n do_sock_setsockopt+0x3b1/0x720 net/socket.c:2311\n __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfd/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\nRIP: 0033:0x7f7fac07fd89\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff660eb788 EFLAGS: 00000246 ORIG_RAX: 0000000000000036\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7fac07fd89\nRDX: 0000000000000000 RSI: 0000000000000118 RDI: 0000000000000004\nRBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000000\nR10: 0000000020000a80 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "29dc0ea979d4"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/29dc0ea979d433dd3c26abc8fa971550bdc05107",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/29dc0ea979d433dd3c26abc8fa971550bdc05107"
},
{
"url": "https://git.kernel.org/stable/c/7a87441c9651ba37842f4809224aca13a554a26f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7a87441c9651ba37842f4809224aca13a554a26f"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

126
2024/36xxx/CVE-2024-36916.json
View File

@ -1,136 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36916",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: avoid out of bounds shift\n\nUBSAN catches undefined behavior in blk-iocost, where sometimes\niocg->delay is shifted right by a number that is too large,\nresulting in undefined behavior on some architectures.\n\n[ 186.556576] ------------[ cut here ]------------\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23\nshift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long')\nCPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1\nHardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020\nCall Trace:\n <IRQ>\n dump_stack_lvl+0x8f/0xe0\n __ubsan_handle_shift_out_of_bounds+0x22c/0x280\n iocg_kick_delay+0x30b/0x310\n ioc_timer_fn+0x2fb/0x1f80\n __run_timer_base+0x1b6/0x250\n...\n\nAvoid that undefined behavior by simply taking the\n\"delay = 0\" branch if the shift is too large.\n\nI am not sure what the symptoms of an undefined value\ndelay will be, but I suspect it could be more than a\nlittle annoying to debug."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "62accf6c1d7b"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5"
},
{
"url": "https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1"
},
{
"url": "https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca"
},
{
"url": "https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86"
},
{
"url": "https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b"
},
{
"url": "https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

104
2024/36xxx/CVE-2024-36917.json
View File

@ -1,114 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36917",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix overflow in blk_ioctl_discard()\n\nThere is no check for overflow of 'start + len' in blk_ioctl_discard().\nHung task occurs if submit an discard ioctl with the following param:\n start = 0x80000000000ff000, len = 0x8000000000fff000;\nAdd the overflow validation now."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "8a26198186e9"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/8a26198186e97ee5fc4b42fde82629cff8c75cd6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8a26198186e97ee5fc4b42fde82629cff8c75cd6"
},
{
"url": "https://git.kernel.org/stable/c/e1d38cde2b7b0fbd1c48082e7a98c37d750af59b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e1d38cde2b7b0fbd1c48082e7a98c37d750af59b"
},
{
"url": "https://git.kernel.org/stable/c/507d526a98c355e6f3fb2c47aacad44a69784bee",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/507d526a98c355e6f3fb2c47aacad44a69784bee"
},
{
"url": "https://git.kernel.org/stable/c/22d24a544b0d49bbcbd61c8c0eaf77d3c9297155",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/22d24a544b0d49bbcbd61c8c0eaf77d3c9297155"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

104
2024/36xxx/CVE-2024-36918.json
View File

@ -1,114 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36918",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check bloom filter map value size\n\nThis patch adds a missing check to bloom filter creating, rejecting\nvalues above KMALLOC_MAX_SIZE. This brings the bloom map in line with\nmany other map types.\n\nThe lack of this protection can cause kernel crashes for value sizes\nthat overflow int's. Such a crash was caught by syzkaller. The next\npatch adds more guard-rails at a lower level."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "fa6995eeb62e"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3"
},
{
"url": "https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c"
},
{
"url": "https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d"
},
{
"url": "https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

148
2024/36xxx/CVE-2024-36919.json
View File

@ -1,158 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36919",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload\n\nThe session resources are used by FW and driver when session is offloaded,\nonce session is uploaded these resources are not used. The lock is not\nrequired as these fields won't be used any longer. The offload and upload\ncalls are sequential, hence lock is not required.\n\nThis will suppress following BUG_ON():\n\n[ 449.843143] ------------[ cut here ]------------\n[ 449.848302] kernel BUG at mm/vmalloc.c:2727!\n[ 449.853072] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[ 449.858712] CPU: 5 PID: 1996 Comm: kworker/u24:2 Not tainted 5.14.0-118.el9.x86_64 #1\nRebooting.\n[ 449.867454] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.3.4 11/08/2016\n[ 449.876966] Workqueue: fc_rport_eq fc_rport_work [libfc]\n[ 449.882910] RIP: 0010:vunmap+0x2e/0x30\n[ 449.887098] Code: 00 65 8b 05 14 a2 f0 4a a9 00 ff ff 00 75 1b 55 48 89 fd e8 34 36 79 00 48 85 ed 74 0b 48 89 ef 31 f6 5d e9 14 fc ff ff 5d c3 <0f> 0b 0f 1f 44 00 00 41 57 41 56 49 89 ce 41 55 49 89 fd 41 54 41\n[ 449.908054] RSP: 0018:ffffb83d878b3d68 EFLAGS: 00010206\n[ 449.913887] RAX: 0000000080000201 RBX: ffff8f4355133550 RCX: 000000000d400005\n[ 449.921843] RDX: 0000000000000001 RSI: 0000000000001000 RDI: ffffb83da53f5000\n[ 449.929808] RBP: ffff8f4ac6675800 R08: ffffb83d878b3d30 R09: 00000000000efbdf\n[ 449.937774] R10: 0000000000000003 R11: ffff8f434573e000 R12: 0000000000001000\n[ 449.945736] R13: 0000000000001000 R14: ffffb83da53f5000 R15: ffff8f43d4ea3ae0\n[ 449.953701] FS: 0000000000000000(0000) GS:ffff8f529fc80000(0000) knlGS:0000000000000000\n[ 449.962732] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 449.969138] CR2: 00007f8cf993e150 CR3: 0000000efbe10003 CR4: 00000000003706e0\n[ 449.977102] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 449.985065] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 449.993028] Call Trace:\n[ 449.995756] __iommu_dma_free+0x96/0x100\n[ 450.000139] bnx2fc_free_session_resc+0x67/0x240 [bnx2fc]\n[ 450.006171] bnx2fc_upload_session+0xce/0x100 [bnx2fc]\n[ 450.011910] bnx2fc_rport_event_handler+0x9f/0x240 [bnx2fc]\n[ 450.018136] fc_rport_work+0x103/0x5b0 [libfc]\n[ 450.023103] process_one_work+0x1e8/0x3c0\n[ 450.027581] worker_thread+0x50/0x3b0\n[ 450.031669] ? rescuer_thread+0x370/0x370\n[ 450.036143] kthread+0x149/0x170\n[ 450.039744] ? set_kthread_struct+0x40/0x40\n[ 450.044411] ret_from_fork+0x22/0x30\n[ 450.048404] Modules linked in: vfat msdos fat xfs nfs_layout_nfsv41_files rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver dm_service_time qedf qed crc8 bnx2fc libfcoe libfc scsi_transport_fc intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp dcdbas rapl intel_cstate intel_uncore mei_me pcspkr mei ipmi_ssif lpc_ich ipmi_si fuse zram ext4 mbcache jbd2 loop nfsv3 nfs_acl nfs lockd grace fscache netfs irdma ice sd_mod t10_pi sg ib_uverbs ib_core 8021q garp mrp stp llc mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt mxm_wmi fb_sys_fops cec crct10dif_pclmul ahci crc32_pclmul bnx2x drm ghash_clmulni_intel libahci rfkill i40e libata megaraid_sas mdio wmi sunrpc lrw dm_crypt dm_round_robin dm_multipath dm_snapshot dm_bufio dm_mirror dm_region_hash dm_log dm_zero dm_mod linear raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx raid6_pq libcrc32c crc32c_intel raid1 raid0 iscsi_ibft squashfs be2iscsi bnx2i cnic uio cxgb4i cxgb4 tls\n[ 450.048497] libcxgbi libcxgb qla4xxx iscsi_boot_sysfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi edd ipmi_devintf ipmi_msghandler\n[ 450.159753] ---[ end trace 712de2c57c64abc8 ]---"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "468f3e3c1507"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.19.314",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.276",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/468f3e3c15076338367b0945b041105b67cf31e3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/468f3e3c15076338367b0945b041105b67cf31e3"
},
{
"url": "https://git.kernel.org/stable/c/acd370c1fb86b7302c1cbb354a7c1cd9953768eb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/acd370c1fb86b7302c1cbb354a7c1cd9953768eb"
},
{
"url": "https://git.kernel.org/stable/c/ad498539dda0816aadef384ec117bfea304c75c3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ad498539dda0816aadef384ec117bfea304c75c3"
},
{
"url": "https://git.kernel.org/stable/c/93aa5ccc44781bdfef1bf0bc4c2c292d45251312",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/93aa5ccc44781bdfef1bf0bc4c2c292d45251312"
},
{
"url": "https://git.kernel.org/stable/c/1150606d47d711d5bfdf329a1a96ed7027085936",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1150606d47d711d5bfdf329a1a96ed7027085936"
},
{
"url": "https://git.kernel.org/stable/c/c885ab23206b1f1ba0731ffe7c9455c6a91db256",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c885ab23206b1f1ba0731ffe7c9455c6a91db256"
},
{
"url": "https://git.kernel.org/stable/c/ea50941cd8c9f0b12f38b73d3b1bfeca660dd342",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ea50941cd8c9f0b12f38b73d3b1bfeca660dd342"
},
{
"url": "https://git.kernel.org/stable/c/c214ed2a4dda35b308b0b28eed804d7ae66401f9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c214ed2a4dda35b308b0b28eed804d7ae66401f9"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

104
2024/36xxx/CVE-2024-36920.json
View File

@ -1,114 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36920",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Avoid memcpy field-spanning write WARNING\n\nWhen the \"storcli2 show\" command is executed for eHBA-9600, mpi3mr driver\nprints this WARNING message:\n\n memcpy: detected field-spanning write (size 128) of single field \"bsg_reply_buf->reply_buf\" at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 (size 1)\n WARNING: CPU: 0 PID: 12760 at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 mpi3mr_bsg_request+0x6b12/0x7f10 [mpi3mr]\n\nThe cause of the WARN is 128 bytes memcpy to the 1 byte size array \"__u8\nreplay_buf[1]\" in the struct mpi3mr_bsg_in_reply_buf. The array is intended\nto be a flexible length array, so the WARN is a false positive.\n\nTo suppress the WARN, remove the constant number '1' from the array\ndeclaration and clarify that it has flexible length. Also, adjust the\nmemory allocation size to match the change."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "5f0266044dc6"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/5f0266044dc611563539705bff0b3e1545fbb6aa",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5f0266044dc611563539705bff0b3e1545fbb6aa"
},
{
"url": "https://git.kernel.org/stable/c/f09318244c6cafd10aca741b9c01e0a2c362d43a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f09318244c6cafd10aca741b9c01e0a2c362d43a"
},
{
"url": "https://git.kernel.org/stable/c/4d2772324f43cf5674ac3dbe3f74a7e656396716",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4d2772324f43cf5674ac3dbe3f74a7e656396716"
},
{
"url": "https://git.kernel.org/stable/c/429846b4b6ce9853e0d803a2357bb2e55083adf0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/429846b4b6ce9853e0d803a2357bb2e55083adf0"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

93
2024/36xxx/CVE-2024-36921.json
View File

@ -1,103 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36921",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: guard against invalid STA ID on removal\n\nGuard against invalid station IDs in iwl_mvm_mld_rm_sta_id as that would\nresult in out-of-bounds array accesses. This prevents issues should the\ndriver get into a bad state during error handling."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "94f80a8ec15e"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/94f80a8ec15e238b78521f20f8afaed60521a294",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/94f80a8ec15e238b78521f20f8afaed60521a294"
},
{
"url": "https://git.kernel.org/stable/c/fab21d220017daa5fd8a3d788ff25ccfecfaae2f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fab21d220017daa5fd8a3d788ff25ccfecfaae2f"
},
{
"url": "https://git.kernel.org/stable/c/17f64517bf5c26af56b6c3566273aad6646c3c4f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/17f64517bf5c26af56b6c3566273aad6646c3c4f"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

93
2024/36xxx/CVE-2024-36922.json
View File

@ -1,103 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36922",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: read txq->read_ptr under lock\n\nIf we read txq->read_ptr without lock, we can read the same\nvalue twice, then obtain the lock, and reclaim from there\nto two different places, but crucially reclaim the same\nentry twice, resulting in the WARN_ONCE() a little later.\nFix that by reading txq->read_ptr under lock."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "b83db8e756de"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b83db8e756dec68a950ed2f056248b1704b3deaa",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b83db8e756dec68a950ed2f056248b1704b3deaa"
},
{
"url": "https://git.kernel.org/stable/c/43d07103df670484cdd26f9588eabef80f69db89",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/43d07103df670484cdd26f9588eabef80f69db89"
},
{
"url": "https://git.kernel.org/stable/c/c2ace6300600c634553657785dfe5ea0ed688ac2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c2ace6300600c634553657785dfe5ea0ed688ac2"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

82
2024/36xxx/CVE-2024-36923.json
View File

@ -1,92 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36923",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: fix uninitialized values during inode evict\n\nIf an iget fails due to not being able to retrieve information\nfrom the server then the inode structure is only partially\ninitialized. When the inode gets evicted, references to\nuninitialized structures (like fscache cookies) were being\nmade.\n\nThis patch checks for a bad_inode before doing anything other\nthan clearing the inode from the cache. Since the inode is\nbad, it shouldn't have any state associated with it that needs\nto be written back (and there really isn't a way to complete\nthose anyways)."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "1b4cb6e91f19"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/1b4cb6e91f19b81217ad98142ee53a1ab25893fd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1b4cb6e91f19b81217ad98142ee53a1ab25893fd"
},
{
"url": "https://git.kernel.org/stable/c/6630036b7c228f57c7893ee0403e92c2db2cd21d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6630036b7c228f57c7893ee0403e92c2db2cd21d"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

104
2024/36xxx/CVE-2024-36924.json
View File

@ -1,114 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36924",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()\n\nlpfc_worker_wake_up() calls the lpfc_work_done() routine, which takes the\nhbalock. Thus, lpfc_worker_wake_up() should not be called while holding the\nhbalock to avoid potential deadlock."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "6503c3939850"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/6503c39398506cadda9f4c81695a9655ca5fb4fd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6503c39398506cadda9f4c81695a9655ca5fb4fd"
},
{
"url": "https://git.kernel.org/stable/c/e8bf2c05e8ad68e90f9d5889a9e4ef3f6fe00683",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e8bf2c05e8ad68e90f9d5889a9e4ef3f6fe00683"
},
{
"url": "https://git.kernel.org/stable/c/ee833d7e62de2b84ed1332d501b67f12e7e5678f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ee833d7e62de2b84ed1332d501b67f12e7e5678f"
},
{
"url": "https://git.kernel.org/stable/c/ded20192dff31c91cef2a04f7e20e60e9bb887d3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ded20192dff31c91cef2a04f7e20e60e9bb887d3"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

103
2024/36xxx/CVE-2024-36925.json
View File

@ -1,113 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36925",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nswiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y\n\nUsing restricted DMA pools (CONFIG_DMA_RESTRICTED_POOL=y) in conjunction\nwith dynamic SWIOTLB (CONFIG_SWIOTLB_DYNAMIC=y) leads to the following\ncrash when initialising the restricted pools at boot-time:\n\n | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n | Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n | pc : rmem_swiotlb_device_init+0xfc/0x1ec\n | lr : rmem_swiotlb_device_init+0xf0/0x1ec\n | Call trace:\n | rmem_swiotlb_device_init+0xfc/0x1ec\n | of_reserved_mem_device_init_by_idx+0x18c/0x238\n | of_dma_configure_id+0x31c/0x33c\n | platform_dma_configure+0x34/0x80\n\nfaddr2line reveals that the crash is in the list validation code:\n\n include/linux/list.h:83\n include/linux/rculist.h:79\n include/linux/rculist.h:106\n kernel/dma/swiotlb.c:306\n kernel/dma/swiotlb.c:1695\n\nbecause add_mem_pool() is trying to list_add_rcu() to a NULL\n'mem->pools'.\n\nFix the crash by initialising the 'mem->pools' list_head in\nrmem_swiotlb_device_init() before calling add_mem_pool()."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1aaa736815eb",
"version_value": "f2a6b3ed20f2"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.6",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f2a6b3ed20f2dea4cb645abc6a73c4595662adca",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f2a6b3ed20f2dea4cb645abc6a73c4595662adca"
},
{
"url": "https://git.kernel.org/stable/c/f62e0fefcdfe2c05ccb1aa80521a69524eea9c84",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f62e0fefcdfe2c05ccb1aa80521a69524eea9c84"
},
{
"url": "https://git.kernel.org/stable/c/75961ffb5cb3e5196f19cae7683f35cc88b50800",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/75961ffb5cb3e5196f19cae7683f35cc88b50800"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

114
2024/36xxx/CVE-2024-36926.json
View File

@ -1,124 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36926",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: LPAR panics during boot up with a frozen PE\n\nAt the time of LPAR boot up, partition firmware provides Open Firmware\nproperty ibm,dma-window for the PE. This property is provided on the PCI\nbus the PE is attached to.\n\nThere are execptions where the partition firmware might not provide this\nproperty for the PE at the time of LPAR boot up. One of the scenario is\nwhere the firmware has frozen the PE due to some error condition. This\nPE is frozen for 24 hours or unless the whole system is reinitialized.\n\nWithin this time frame, if the LPAR is booted, the frozen PE will be\npresented to the LPAR but ibm,dma-window property could be missing.\n\nToday, under these circumstances, the LPAR oopses with NULL pointer\ndereference, when configuring the PCI bus the PE is attached to.\n\n BUG: Kernel NULL pointer dereference on read at 0x000000c8\n Faulting instruction address: 0xc0000000001024c0\n Oops: Kernel access of bad area, sig: 7 [#1]\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n Modules linked in:\n Supported: Yes\n CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.4.0-150600.9-default #1\n Hardware name: IBM,9043-MRX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NM1060_023) hv:phyp pSeries\n NIP: c0000000001024c0 LR: c0000000001024b0 CTR: c000000000102450\n REGS: c0000000037db5c0 TRAP: 0300 Not tainted (6.4.0-150600.9-default)\n MSR: 8000000002009033 <SF,VEC,EE,ME,IR,DR,RI,LE> CR: 28000822 XER: 00000000\n CFAR: c00000000010254c DAR: 00000000000000c8 DSISR: 00080000 IRQMASK: 0\n ...\n NIP [c0000000001024c0] pci_dma_bus_setup_pSeriesLP+0x70/0x2a0\n LR [c0000000001024b0] pci_dma_bus_setup_pSeriesLP+0x60/0x2a0\n Call Trace:\n pci_dma_bus_setup_pSeriesLP+0x60/0x2a0 (unreliable)\n pcibios_setup_bus_self+0x1c0/0x370\n __of_scan_bus+0x2f8/0x330\n pcibios_scan_phb+0x280/0x3d0\n pcibios_init+0x88/0x12c\n do_one_initcall+0x60/0x320\n kernel_init_freeable+0x344/0x3e4\n kernel_init+0x34/0x1d0\n ret_from_kernel_user_thread+0x14/0x1c"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "b1fc44eaa9ba",
"version_value": "7fb5793c53f8"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.0",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.0",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/7fb5793c53f8c024e3eae9f0d44eb659aed833c4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7fb5793c53f8c024e3eae9f0d44eb659aed833c4"
},
{
"url": "https://git.kernel.org/stable/c/802b13b79ab1fef66c6852fc745cf197dca0cb15",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/802b13b79ab1fef66c6852fc745cf197dca0cb15"
},
{
"url": "https://git.kernel.org/stable/c/2bed905a72485a2b79a001bd7e66c750942d2155",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2bed905a72485a2b79a001bd7e66c750942d2155"
},
{
"url": "https://git.kernel.org/stable/c/49a940dbdc3107fecd5e6d3063dc07128177e058",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/49a940dbdc3107fecd5e6d3063dc07128177e058"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

103
2024/36xxx/CVE-2024-36927.json
View File

@ -1,113 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36927",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: Fix uninit-value access in __ip_make_skb()\n\nKMSAN reported uninit-value access in __ip_make_skb() [1]. __ip_make_skb()\ntests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a\nrace condition. If calling setsockopt(2) with IP_HDRINCL changes HDRINCL\nwhile __ip_make_skb() is running, the function will access icmphdr in the\nskb even if it is not included. This causes the issue reported by KMSAN.\n\nCheck FLOWI_FLAG_KNOWN_NH on fl4->flowi4_flags instead of testing HDRINCL\non the socket.\n\nAlso, fl4->fl4_icmp_type and fl4->fl4_icmp_code are not initialized. These\nare union in struct flowi4 and are implicitly initialized by\nflowi4_init_output(), but we should not rely on specific union layout.\n\nInitialize these explicitly in raw_sendmsg().\n\n[1]\nBUG: KMSAN: uninit-value in __ip_make_skb+0x2b74/0x2d20 net/ipv4/ip_output.c:1481\n __ip_make_skb+0x2b74/0x2d20 net/ipv4/ip_output.c:1481\n ip_finish_skb include/net/ip.h:243 [inline]\n ip_push_pending_frames+0x4c/0x5c0 net/ipv4/ip_output.c:1508\n raw_sendmsg+0x2381/0x2690 net/ipv4/raw.c:654\n inet_sendmsg+0x27b/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x274/0x3c0 net/socket.c:745\n __sys_sendto+0x62c/0x7b0 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x130/0x200 net/socket.c:2199\n do_syscall_64+0xd8/0x1f0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3804 [inline]\n slab_alloc_node mm/slub.c:3845 [inline]\n kmem_cache_alloc_node+0x5f6/0xc50 mm/slub.c:3888\n kmalloc_reserve+0x13c/0x4a0 net/core/skbuff.c:577\n __alloc_skb+0x35a/0x7c0 net/core/skbuff.c:668\n alloc_skb include/linux/skbuff.h:1318 [inline]\n __ip_append_data+0x49ab/0x68c0 net/ipv4/ip_output.c:1128\n ip_append_data+0x1e7/0x260 net/ipv4/ip_output.c:1365\n raw_sendmsg+0x22b1/0x2690 net/ipv4/raw.c:648\n inet_sendmsg+0x27b/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x274/0x3c0 net/socket.c:745\n __sys_sendto+0x62c/0x7b0 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x130/0x200 net/socket.c:2199\n do_syscall_64+0xd8/0x1f0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nCPU: 1 PID: 15709 Comm: syz-executor.7 Not tainted 6.8.0-11567-gb3603fcb79b1 #25\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "99e5acae193e",
"version_value": "5db08343ddb1"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.4",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.4",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/5db08343ddb1b239320612036c398e4e1bb52818",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5db08343ddb1b239320612036c398e4e1bb52818"
},
{
"url": "https://git.kernel.org/stable/c/f5c603ad4e6fcf42f84053e882ebe20184bb309e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f5c603ad4e6fcf42f84053e882ebe20184bb309e"
},
{
"url": "https://git.kernel.org/stable/c/fc1092f51567277509563800a3c56732070b6aa4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fc1092f51567277509563800a3c56732070b6aa4"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

135
2024/36xxx/CVE-2024-36928.json
View File

@ -1,145 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36928",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/qeth: Fix kernel panic after setting hsuid\n\nSymptom:\nWhen the hsuid attribute is set for the first time on an IQD Layer3\ndevice while the corresponding network interface is already UP,\nthe kernel will try to execute a napi function pointer that is NULL.\n\nExample:\n---------------------------------------------------------------------------\n[ 2057.572696] illegal operation: 0001 ilc:1 [#1] SMP\n[ 2057.572702] Modules linked in: af_iucv qeth_l3 zfcp scsi_transport_fc sunrpc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6\nnft_reject nft_ct nf_tables_set nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink ghash_s390 prng xts aes_s390 des_s390 de\ns_generic sha3_512_s390 sha3_256_s390 sha512_s390 vfio_ccw vfio_mdev mdev vfio_iommu_type1 eadm_sch vfio ext4 mbcache jbd2 qeth_l2 bridge stp llc dasd_eckd_mod qeth dasd_mod\n qdio ccwgroup pkey zcrypt\n[ 2057.572739] CPU: 6 PID: 60182 Comm: stress_client Kdump: loaded Not tainted 4.18.0-541.el8.s390x #1\n[ 2057.572742] Hardware name: IBM 3931 A01 704 (LPAR)\n[ 2057.572744] Krnl PSW : 0704f00180000000 0000000000000002 (0x2)\n[ 2057.572748] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:3 PM:0 RI:0 EA:3\n[ 2057.572751] Krnl GPRS: 0000000000000004 0000000000000000 00000000a3b008d8 0000000000000000\n[ 2057.572754] 00000000a3b008d8 cb923a29c779abc5 0000000000000000 00000000814cfd80\n[ 2057.572756] 000000000000012c 0000000000000000 00000000a3b008d8 00000000a3b008d8\n[ 2057.572758] 00000000bab6d500 00000000814cfd80 0000000091317e46 00000000814cfc68\n[ 2057.572762] Krnl Code:#0000000000000000: 0000 illegal\n >0000000000000002: 0000 illegal\n 0000000000000004: 0000 illegal\n 0000000000000006: 0000 illegal\n 0000000000000008: 0000 illegal\n 000000000000000a: 0000 illegal\n 000000000000000c: 0000 illegal\n 000000000000000e: 0000 illegal\n[ 2057.572800] Call Trace:\n[ 2057.572801] ([<00000000ec639700>] 0xec639700)\n[ 2057.572803] [<00000000913183e2>] net_rx_action+0x2ba/0x398\n[ 2057.572809] [<0000000091515f76>] __do_softirq+0x11e/0x3a0\n[ 2057.572813] [<0000000090ce160c>] do_softirq_own_stack+0x3c/0x58\n[ 2057.572817] ([<0000000090d2cbd6>] do_softirq.part.1+0x56/0x60)\n[ 2057.572822] [<0000000090d2cc60>] __local_bh_enable_ip+0x80/0x98\n[ 2057.572825] [<0000000091314706>] __dev_queue_xmit+0x2be/0xd70\n[ 2057.572827] [<000003ff803dd6d6>] afiucv_hs_send+0x24e/0x300 [af_iucv]\n[ 2057.572830] [<000003ff803dd88a>] iucv_send_ctrl+0x102/0x138 [af_iucv]\n[ 2057.572833] [<000003ff803de72a>] iucv_sock_connect+0x37a/0x468 [af_iucv]\n[ 2057.572835] [<00000000912e7e90>] __sys_connect+0xa0/0xd8\n[ 2057.572839] [<00000000912e9580>] sys_socketcall+0x228/0x348\n[ 2057.572841] [<0000000091514e1a>] system_call+0x2a6/0x2c8\n[ 2057.572843] Last Breaking-Event-Address:\n[ 2057.572844] [<0000000091317e44>] __napi_poll+0x4c/0x1d8\n[ 2057.572846]\n[ 2057.572847] Kernel panic - not syncing: Fatal exception in interrupt\n-------------------------------------------------------------------------------------------\n\nAnalysis:\nThere is one napi structure per out_q: card->qdio.out_qs[i].napi\nThe napi.poll functions are set during qeth_open().\n\nSince\ncommit 1cfef80d4c2b (\"s390/qeth: Don't call dev_close/dev_open (DOWN/UP)\")\nqeth_set_offline()/qeth_set_online() no longer call dev_close()/\ndev_open(). So if qeth_free_qdio_queues() cleared\ncard->qdio.out_qs[i].napi.poll while the network interface was UP and the\ncard was offline, they are not set again.\n\nReproduction:\nchzdev -e $devno layer2=0\nip link set dev $network_interface up\necho 0 > /sys/bus/ccw\n---truncated---"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "64e3affee288",
"version_value": "8792b557eb50"
},
{
"version_affected": "<",
"version_name": "86818409f989",
"version_value": "10cb803aff3b"
},
{
"version_affected": "<",
"version_name": "1cfef80d4c2b",
"version_value": "e28dd1e1bf3e"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.5",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.5",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/8792b557eb50b986f2496156d486d0c7c85a1524",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8792b557eb50b986f2496156d486d0c7c85a1524"
},
{
"url": "https://git.kernel.org/stable/c/10cb803aff3b11fe0bd5f274fc1c231a43e88df6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/10cb803aff3b11fe0bd5f274fc1c231a43e88df6"
},
{
"url": "https://git.kernel.org/stable/c/e28dd1e1bf3ebb52cdb877fb359e8978a51576e3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e28dd1e1bf3ebb52cdb877fb359e8978a51576e3"
},
{
"url": "https://git.kernel.org/stable/c/eae0aec245712c52a3ce9c05575b541a9eef5282",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/eae0aec245712c52a3ce9c05575b541a9eef5282"
},
{
"url": "https://git.kernel.org/stable/c/8a2e4d37afb8500b276e5ee903dee06f50ab0494",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8a2e4d37afb8500b276e5ee903dee06f50ab0494"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

136
2024/36xxx/CVE-2024-36929.json
View File

@ -1,146 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36929",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: core: reject skb_copy(_expand) for fraglist GSO skbs\n\nSKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become\ninvalid. Return NULL if such an skb is passed to skb_copy or\nskb_copy_expand, in order to prevent a crash on a potential later\ncall to skb_gso_segment."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3a1296a38d0c",
"version_value": "faa83a7797f0"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.6",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/faa83a7797f06cefed86731ba4baa3b4dfdc06c1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/faa83a7797f06cefed86731ba4baa3b4dfdc06c1"
},
{
"url": "https://git.kernel.org/stable/c/c7af99cc21923a9650533c9d77265c8dd683a533",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c7af99cc21923a9650533c9d77265c8dd683a533"
},
{
"url": "https://git.kernel.org/stable/c/989bf6fd1e1d058e73a364dce1a0c53d33373f62",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/989bf6fd1e1d058e73a364dce1a0c53d33373f62"
},
{
"url": "https://git.kernel.org/stable/c/cfe34d86ef9765c388f145039006bb79b6c81ac6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cfe34d86ef9765c388f145039006bb79b6c81ac6"
},
{
"url": "https://git.kernel.org/stable/c/aea5e2669c2863fdd8679c40ee310b3bcaa85aec",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/aea5e2669c2863fdd8679c40ee310b3bcaa85aec"
},
{
"url": "https://git.kernel.org/stable/c/d091e579b864fa790dd6a0cd537a22c383126681",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d091e579b864fa790dd6a0cd537a22c383126681"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

114
2024/36xxx/CVE-2024-36930.json
View File

@ -1,124 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36930",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fix null pointer dereference within spi_sync\n\nIf spi_sync() is called with the non-empty queue and the same spi_message\nis then reused, the complete callback for the message remains set while\nthe context is cleared, leading to a null pointer dereference when the\ncallback is invoked from spi_finalize_current_message().\n\nWith function inlining disabled, the call stack might look like this:\n\n _raw_spin_lock_irqsave from complete_with_flags+0x18/0x58\n complete_with_flags from spi_complete+0x8/0xc\n spi_complete from spi_finalize_current_message+0xec/0x184\n spi_finalize_current_message from spi_transfer_one_message+0x2a8/0x474\n spi_transfer_one_message from __spi_pump_transfer_message+0x104/0x230\n __spi_pump_transfer_message from __spi_transfer_message_noqueue+0x30/0xc4\n __spi_transfer_message_noqueue from __spi_sync+0x204/0x248\n __spi_sync from spi_sync+0x24/0x3c\n spi_sync from mcp251xfd_regmap_crc_read+0x124/0x28c [mcp251xfd]\n mcp251xfd_regmap_crc_read [mcp251xfd] from _regmap_raw_read+0xf8/0x154\n _regmap_raw_read from _regmap_bus_read+0x44/0x70\n _regmap_bus_read from _regmap_read+0x60/0xd8\n _regmap_read from regmap_read+0x3c/0x5c\n regmap_read from mcp251xfd_alloc_can_err_skb+0x1c/0x54 [mcp251xfd]\n mcp251xfd_alloc_can_err_skb [mcp251xfd] from mcp251xfd_irq+0x194/0xe70 [mcp251xfd]\n mcp251xfd_irq [mcp251xfd] from irq_thread_fn+0x1c/0x78\n irq_thread_fn from irq_thread+0x118/0x1f4\n irq_thread from kthread+0xd8/0xf4\n kthread from ret_from_fork+0x14/0x28\n\nFix this by also setting message->complete to NULL when the transfer is\ncomplete."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ae7d2346dc89",
"version_value": "e005d6754e3e"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.0",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.0",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e005d6754e3e440257006795b687c4ad8733b493",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e005d6754e3e440257006795b687c4ad8733b493"
},
{
"url": "https://git.kernel.org/stable/c/a30659f1576d2c8e62e7426232bb18b885fd951a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a30659f1576d2c8e62e7426232bb18b885fd951a"
},
{
"url": "https://git.kernel.org/stable/c/2070d008cc08bff50a58f0f4d30f12d3ebf94c00",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2070d008cc08bff50a58f0f4d30f12d3ebf94c00"
},
{
"url": "https://git.kernel.org/stable/c/4756fa529b2f12b7cb8f21fe229b0f6f47190829",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4756fa529b2f12b7cb8f21fe229b0f6f47190829"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

125
2024/36xxx/CVE-2024-36931.json
View File

@ -1,135 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36931",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/cio: Ensure the copied buf is NUL terminated\n\nCurrently, we allocate a lbuf-sized kernel buffer and copy lbuf from\nuserspace to that buffer. Later, we use scanf on this buffer but we don't\nensure that the string is terminated inside the buffer, this can lead to\nOOB read when using scanf. Fix this issue by using memdup_user_nul instead."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "a4f17cc72671",
"version_value": "c9d48ce16330"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.13",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/c9d48ce163305595ae20aee27774192476d5e6a5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c9d48ce163305595ae20aee27774192476d5e6a5"
},
{
"url": "https://git.kernel.org/stable/c/10452edd175fcc4fd0f5ac782ed2a002e3e5d65c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/10452edd175fcc4fd0f5ac782ed2a002e3e5d65c"
},
{
"url": "https://git.kernel.org/stable/c/84b38f48836662c4bfae646c014f4e981e16a2b2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/84b38f48836662c4bfae646c014f4e981e16a2b2"
},
{
"url": "https://git.kernel.org/stable/c/06759ebaf75c19c87b2453a5e130e9e61e9b5d65",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/06759ebaf75c19c87b2453a5e130e9e61e9b5d65"
},
{
"url": "https://git.kernel.org/stable/c/da7c622cddd4fe36be69ca61e8c42e43cde94784",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/da7c622cddd4fe36be69ca61e8c42e43cde94784"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

92
2024/36xxx/CVE-2024-36932.json
View File

@ -1,102 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36932",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/debugfs: Prevent use-after-free from occurring after cdev removal\n\nSince thermal_debug_cdev_remove() does not run under cdev->lock, it can\nrun in parallel with thermal_debug_cdev_state_update() and it may free\nthe struct thermal_debugfs object used by the latter after it has been\nchecked against NULL.\n\nIf that happens, thermal_debug_cdev_state_update() will access memory\nthat has been freed already causing the kernel to crash.\n\nAddress this by using cdev->lock in thermal_debug_cdev_remove() around\nthe cdev->debugfs value check (in case the same cdev is removed at the\nsame time in two different threads) and its reset to NULL.\n\nCc :6.8+ <stable@vger.kernel.org> # 6.8+"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "755113d76786",
"version_value": "c1279dee3336"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.8",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/c1279dee33369e2525f532364bb87207d23b9481",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c1279dee33369e2525f532364bb87207d23b9481"
},
{
"url": "https://git.kernel.org/stable/c/d351eb0ab04c3e8109895fc33250cebbce9c11da",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d351eb0ab04c3e8109895fc33250cebbce9c11da"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

158
2024/36xxx/CVE-2024-36933.json
View File

@ -1,168 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36933",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().\n\nsyzbot triggered various splats (see [0] and links) by a crafted GSO\npacket of VIRTIO_NET_HDR_GSO_UDP layering the following protocols:\n\n ETH_P_8021AD + ETH_P_NSH + ETH_P_IPV6 + IPPROTO_UDP\n\nNSH can encapsulate IPv4, IPv6, Ethernet, NSH, and MPLS. As the inner\nprotocol can be Ethernet, NSH GSO handler, nsh_gso_segment(), calls\nskb_mac_gso_segment() to invoke inner protocol GSO handlers.\n\nnsh_gso_segment() does the following for the original skb before\ncalling skb_mac_gso_segment()\n\n 1. reset skb->network_header\n 2. save the original skb->{mac_heaeder,mac_len} in a local variable\n 3. pull the NSH header\n 4. resets skb->mac_header\n 5. set up skb->mac_len and skb->protocol for the inner protocol.\n\nand does the following for the segmented skb\n\n 6. set ntohs(ETH_P_NSH) to skb->protocol\n 7. push the NSH header\n 8. restore skb->mac_header\n 9. set skb->mac_header + mac_len to skb->network_header\n 10. restore skb->mac_len\n\nThere are two problems in 6-7 and 8-9.\n\n (a)\n After 6 & 7, skb->data points to the NSH header, so the outer header\n (ETH_P_8021AD in this case) is stripped when skb is sent out of netdev.\n\n Also, if NSH is encapsulated by NSH + Ethernet (so NSH-Ethernet-NSH),\n skb_pull() in the first nsh_gso_segment() will make skb->data point\n to the middle of the outer NSH or Ethernet header because the Ethernet\n header is not pulled by the second nsh_gso_segment().\n\n (b)\n While restoring skb->{mac_header,network_header} in 8 & 9,\n nsh_gso_segment() does not assume that the data in the linear\n buffer is shifted.\n\n However, udp6_ufo_fragment() could shift the data and change\n skb->mac_header accordingly as demonstrated by syzbot.\n\n If this happens, even the restored skb->mac_header points to\n the middle of the outer header.\n\nIt seems nsh_gso_segment() has never worked with outer headers so far.\n\nAt the end of nsh_gso_segment(), the outer header must be restored for\nthe segmented skb, instead of the NSH header.\n\nTo do that, let's calculate the outer header position relatively from\nthe inner header and set skb->{data,mac_header,protocol} properly.\n\n[0]:\nBUG: KMSAN: uninit-value in ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]\nBUG: KMSAN: uninit-value in ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]\nBUG: KMSAN: uninit-value in ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]\n ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668\n ipvlan_start_xmit+0x5c/0x1a0 drivers/net/ipvlan/ipvlan_main.c:222\n __netdev_start_xmit include/linux/netdevice.h:4989 [inline]\n netdev_start_xmit include/linux/netdevice.h:5003 [inline]\n xmit_one net/core/dev.c:3547 [inline]\n dev_hard_start_xmit+0x244/0xa10 net/core/dev.c:3563\n __dev_queue_xmit+0x33ed/0x51c0 net/core/dev.c:4351\n dev_queue_xmit include/linux/netdevice.h:3171 [inline]\n packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3081 [inline]\n packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3819 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n __do_kmalloc_node mm/slub.c:3980 [inline]\n __kmalloc_node_track_caller+0x705/0x1000 mm/slub.c:4001\n kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582\n __\n---truncated---"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "c411ed854584",
"version_value": "a7c2c3c1caab"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.14",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.314",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.276",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/a7c2c3c1caabcb4a3d6c47284c397507aaf54fe9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a7c2c3c1caabcb4a3d6c47284c397507aaf54fe9"
},
{
"url": "https://git.kernel.org/stable/c/46134031c20fd313d03b90169d64b2e05ca6b65c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/46134031c20fd313d03b90169d64b2e05ca6b65c"
},
{
"url": "https://git.kernel.org/stable/c/bbccf0caef2fa917d6d0692385a06ce3c262a216",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bbccf0caef2fa917d6d0692385a06ce3c262a216"
},
{
"url": "https://git.kernel.org/stable/c/5a4603fbc285752d19e4b415466db18ef3617e4a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5a4603fbc285752d19e4b415466db18ef3617e4a"
},
{
"url": "https://git.kernel.org/stable/c/37ed6f244ec5bda2e90b085084e322ea55d0aaa2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/37ed6f244ec5bda2e90b085084e322ea55d0aaa2"
},
{
"url": "https://git.kernel.org/stable/c/696d18bb59727a2e0526c0802a812620be1c9340",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/696d18bb59727a2e0526c0802a812620be1c9340"
},
{
"url": "https://git.kernel.org/stable/c/29a07f2ee4d273760c2acbfc756e29eccd82470a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/29a07f2ee4d273760c2acbfc756e29eccd82470a"
},
{
"url": "https://git.kernel.org/stable/c/4b911a9690d72641879ea6d13cce1de31d346d79",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4b911a9690d72641879ea6d13cce1de31d346d79"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

158
2024/36xxx/CVE-2024-36934.json
View File

@ -1,168 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36934",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: ensure the copied buf is NUL terminated\n\nCurrently, we allocate a nbytes-sized kernel buffer and copy nbytes from\nuserspace to that buffer. Later, we use sscanf on this buffer but we don't\nensure that the string is terminated inside the buffer, this can lead to\nOOB read when using sscanf. Fix this issue by using memdup_user_nul\ninstead of memdup_user."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7afc5dbde091",
"version_value": "bd502ba81cd1"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.3",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.3",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.314",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.276",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/bd502ba81cd1d515deddad7dbc6b812b14b97147",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bd502ba81cd1d515deddad7dbc6b812b14b97147"
},
{
"url": "https://git.kernel.org/stable/c/80578ec10335bc15ac35fd1703c22aab34e39fdd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/80578ec10335bc15ac35fd1703c22aab34e39fdd"
},
{
"url": "https://git.kernel.org/stable/c/6f0f19b79c085cc891c418b768f26f7004bd51a4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6f0f19b79c085cc891c418b768f26f7004bd51a4"
},
{
"url": "https://git.kernel.org/stable/c/0f560240b4cc25d3de527deb257cdf072c0102a9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0f560240b4cc25d3de527deb257cdf072c0102a9"
},
{
"url": "https://git.kernel.org/stable/c/06cb37e2ba6441888f24566a997481d4197b4e32",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/06cb37e2ba6441888f24566a997481d4197b4e32"
},
{
"url": "https://git.kernel.org/stable/c/e19478763154674c084defc62ae0d64d79657f91",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e19478763154674c084defc62ae0d64d79657f91"
},
{
"url": "https://git.kernel.org/stable/c/1518b2b498a0109eb6b15755169d3b6607356b35",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1518b2b498a0109eb6b15755169d3b6607356b35"
},
{
"url": "https://git.kernel.org/stable/c/8c34096c7fdf272fd4c0c37fe411cd2e3ed0ee9f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8c34096c7fdf272fd4c0c37fe411cd2e3ed0ee9f"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

92
2024/36xxx/CVE-2024-36935.json
View File

@ -1,102 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36935",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: ensure the copied buf is NUL terminated\n\nCurrently, we allocate a count-sized kernel buffer and copy count bytes\nfrom userspace to that buffer. Later, we use sscanf on this buffer but we\ndon't ensure that the string is terminated inside the buffer, this can lead\nto OOB read when using sscanf. Fix this issue by using memdup_user_nul\ninstead of memdup_user."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "96a9a9341cda",
"version_value": "5ff4de981983"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.8",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/5ff4de981983ed84f29b5d92b6550ec054e12a92",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5ff4de981983ed84f29b5d92b6550ec054e12a92"
},
{
"url": "https://git.kernel.org/stable/c/666854ea9cad844f75a068f32812a2d78004914a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/666854ea9cad844f75a068f32812a2d78004914a"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

92
2024/36xxx/CVE-2024-36936.json
View File

@ -1,102 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36936",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi/unaccepted: touch soft lockup during memory accept\n\nCommit 50e782a86c98 (\"efi/unaccepted: Fix soft lockups caused by\nparallel memory acceptance\") has released the spinlock so other CPUs can\ndo memory acceptance in parallel and not triggers softlockup on other\nCPUs.\n\nHowever the softlock up was intermittent shown up if the memory of the\nTD guest is large, and the timeout of softlockup is set to 1 second:\n\n RIP: 0010:_raw_spin_unlock_irqrestore\n Call Trace:\n ? __hrtimer_run_queues\n <IRQ>\n ? hrtimer_interrupt\n ? watchdog_timer_fn\n ? __sysvec_apic_timer_interrupt\n ? __pfx_watchdog_timer_fn\n ? sysvec_apic_timer_interrupt\n </IRQ>\n ? __hrtimer_run_queues\n <TASK>\n ? hrtimer_interrupt\n ? asm_sysvec_apic_timer_interrupt\n ? _raw_spin_unlock_irqrestore\n ? __sysvec_apic_timer_interrupt\n ? sysvec_apic_timer_interrupt\n accept_memory\n try_to_accept_memory\n do_huge_pmd_anonymous_page\n get_page_from_freelist\n __handle_mm_fault\n __alloc_pages\n __folio_alloc\n ? __tdx_hypercall\n handle_mm_fault\n vma_alloc_folio\n do_user_addr_fault\n do_huge_pmd_anonymous_page\n exc_page_fault\n ? __do_huge_pmd_anonymous_page\n asm_exc_page_fault\n __handle_mm_fault\n\nWhen the local irq is enabled at the end of accept_memory(), the\nsoftlockup detects that the watchdog on single CPU has not been fed for\na while. That is to say, even other CPUs will not be blocked by\nspinlock, the current CPU might be stunk with local irq disabled for a\nwhile, which hurts not only nmi watchdog but also softlockup.\n\nChao Gao pointed out that the memory accept could be time costly and\nthere was similar report before. Thus to avoid any softlocup detection\nduring this stage, give the softlockup a flag to skip the timeout check\nat the end of accept_memory(), by invoking touch_softlockup_watchdog()."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "50e782a86c98",
"version_value": "781e34b73601"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.6",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/781e34b736014188ba9e46a71535237313dcda81",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/781e34b736014188ba9e46a71535237313dcda81"
},
{
"url": "https://git.kernel.org/stable/c/1c5a1627f48105cbab81d25ec2f72232bfaa8185",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1c5a1627f48105cbab81d25ec2f72232bfaa8185"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

125
2024/36xxx/CVE-2024-36937.json
View File

@ -1,135 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36937",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: use flags field to disambiguate broadcast redirect\n\nWhen redirecting a packet using XDP, the bpf_redirect_map() helper will set\nup the redirect destination information in struct bpf_redirect_info (using\nthe __bpf_xdp_redirect_map() helper function), and the xdp_do_redirect()\nfunction will read this information after the XDP program returns and pass\nthe frame on to the right redirect destination.\n\nWhen using the BPF_F_BROADCAST flag to do multicast redirect to a whole\nmap, __bpf_xdp_redirect_map() sets the 'map' pointer in struct\nbpf_redirect_info to point to the destination map to be broadcast. And\nxdp_do_redirect() reacts to the value of this map pointer to decide whether\nit's dealing with a broadcast or a single-value redirect. However, if the\ndestination map is being destroyed before xdp_do_redirect() is called, the\nmap pointer will be cleared out (by bpf_clear_redirect_map()) without\nwaiting for any XDP programs to stop running. This causes xdp_do_redirect()\nto think that the redirect was to a single target, but the target pointer\nis also NULL (since broadcast redirects don't have a single target), so\nthis causes a crash when a NULL pointer is passed to dev_map_enqueue().\n\nTo fix this, change xdp_do_redirect() to react directly to the presence of\nthe BPF_F_BROADCAST flag in the 'flags' value in struct bpf_redirect_info\nto disambiguate between a single-target and a broadcast redirect. And only\nread the 'map' pointer if the broadcast flag is set, aborting if that has\nbeen cleared out in the meantime. This prevents the crash, while keeping\nthe atomic (cmpxchg-based) clearing of the map pointer itself, and without\nadding any more checks in the non-broadcast fast path."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "e624d4ed4aa8",
"version_value": "12481f30128f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.14",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/12481f30128fbebc2eeb55eb2d56390fdfa30c5e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/12481f30128fbebc2eeb55eb2d56390fdfa30c5e"
},
{
"url": "https://git.kernel.org/stable/c/272bfb019f3cc018f654b992115774e77b4f3ffc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/272bfb019f3cc018f654b992115774e77b4f3ffc"
},
{
"url": "https://git.kernel.org/stable/c/e22e25820fa04ea5eaac4ef7ee200e9923f466a4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e22e25820fa04ea5eaac4ef7ee200e9923f466a4"
},
{
"url": "https://git.kernel.org/stable/c/6fd81f9d333e7b3532036577b1beb74ba1323553",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6fd81f9d333e7b3532036577b1beb74ba1323553"
},
{
"url": "https://git.kernel.org/stable/c/5bcf0dcbf9066348058b88a510c57f70f384c92c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5bcf0dcbf9066348058b88a510c57f70f384c92c"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

125
2024/36xxx/CVE-2024-36938.json
View File

@ -1,135 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36938",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue\n\nFix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which\nsyzbot reported [1].\n\n[1]\nBUG: KCSAN: data-race in sk_psock_drop / sk_psock_skb_ingress_enqueue\n\nwrite to 0xffff88814b3278b8 of 8 bytes by task 10724 on cpu 1:\n sk_psock_stop_verdict net/core/skmsg.c:1257 [inline]\n sk_psock_drop+0x13e/0x1f0 net/core/skmsg.c:843\n sk_psock_put include/linux/skmsg.h:459 [inline]\n sock_map_close+0x1a7/0x260 net/core/sock_map.c:1648\n unix_release+0x4b/0x80 net/unix/af_unix.c:1048\n __sock_release net/socket.c:659 [inline]\n sock_close+0x68/0x150 net/socket.c:1421\n __fput+0x2c1/0x660 fs/file_table.c:422\n __fput_sync+0x44/0x60 fs/file_table.c:507\n __do_sys_close fs/open.c:1556 [inline]\n __se_sys_close+0x101/0x1b0 fs/open.c:1541\n __x64_sys_close+0x1f/0x30 fs/open.c:1541\n do_syscall_64+0xd3/0x1d0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nread to 0xffff88814b3278b8 of 8 bytes by task 10713 on cpu 0:\n sk_psock_data_ready include/linux/skmsg.h:464 [inline]\n sk_psock_skb_ingress_enqueue+0x32d/0x390 net/core/skmsg.c:555\n sk_psock_skb_ingress_self+0x185/0x1e0 net/core/skmsg.c:606\n sk_psock_verdict_apply net/core/skmsg.c:1008 [inline]\n sk_psock_verdict_recv+0x3e4/0x4a0 net/core/skmsg.c:1202\n unix_read_skb net/unix/af_unix.c:2546 [inline]\n unix_stream_read_skb+0x9e/0xf0 net/unix/af_unix.c:2682\n sk_psock_verdict_data_ready+0x77/0x220 net/core/skmsg.c:1223\n unix_stream_sendmsg+0x527/0x860 net/unix/af_unix.c:2339\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x140/0x180 net/socket.c:745\n ____sys_sendmsg+0x312/0x410 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmsg+0x1e9/0x280 net/socket.c:2667\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x46/0x50 net/socket.c:2674\n do_syscall_64+0xd3/0x1d0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nvalue changed: 0xffffffff83d7feb0 -> 0x0000000000000000\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 PID: 10713 Comm: syz-executor.4 Tainted: G W 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\n\nPrior to this, commit 4cd12c6065df (\"bpf, sockmap: Fix NULL pointer\ndereference in sk_psock_verdict_data_ready()\") fixed one NULL pointer\nsimilarly due to no protection of saved_data_ready. Here is another\ndifferent caller causing the same issue because of the same reason. So\nwe should protect it with sk_callback_lock read lock because the writer\nside in the sk_psock_drop() uses \"write_lock_bh(&sk->sk_callback_lock);\".\n\nTo avoid errors that could happen in future, I move those two pairs of\nlock into the sk_psock_data_ready(), which is suggested by John Fastabend."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "604326b41a6f",
"version_value": "5965bc7535fb"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.20",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.20",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/5965bc7535fb87510b724e5465ccc1a1cf00916d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5965bc7535fb87510b724e5465ccc1a1cf00916d"
},
{
"url": "https://git.kernel.org/stable/c/39dc9e1442385d6e9be0b6491ee488dddd55ae27",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/39dc9e1442385d6e9be0b6491ee488dddd55ae27"
},
{
"url": "https://git.kernel.org/stable/c/b397a0ab8582c533ec0c6b732392f141fc364f87",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b397a0ab8582c533ec0c6b732392f141fc364f87"
},
{
"url": "https://git.kernel.org/stable/c/772d5729b5ff0df0d37b32db600ce635b2172f80",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/772d5729b5ff0df0d37b32db600ce635b2172f80"
},
{
"url": "https://git.kernel.org/stable/c/6648e613226e18897231ab5e42ffc29e63fa3365",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6648e613226e18897231ab5e42ffc29e63fa3365"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

147
2024/36xxx/CVE-2024-36939.json
View File

@ -1,157 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36939",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Handle error of rpc_proc_register() in nfs_net_init().\n\nsyzkaller reported a warning [0] triggered while destroying immature\nnetns.\n\nrpc_proc_register() was called in init_nfs_fs(), but its error\nhas been ignored since at least the initial commit 1da177e4c3f4\n(\"Linux-2.6.12-rc2\").\n\nRecently, commit d47151b79e32 (\"nfs: expose /proc/net/sunrpc/nfs\nin net namespaces\") converted the procfs to per-netns and made\nthe problem more visible.\n\nEven when rpc_proc_register() fails, nfs_net_init() could succeed,\nand thus nfs_net_exit() will be called while destroying the netns.\n\nThen, remove_proc_entry() will be called for non-existing proc\ndirectory and trigger the warning below.\n\nLet's handle the error of rpc_proc_register() properly in nfs_net_init().\n\n[0]:\nname 'nfs'\nWARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nModules linked in:\nCPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nCode: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff <0f> 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb\nRSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c\nRDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc\nR13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8\nFS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310\n nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438\n ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170\n setup_net+0x46c/0x660 net/core/net_namespace.c:372\n copy_net_ns+0x244/0x590 net/core/net_namespace.c:505\n create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228\n ksys_unshare+0x342/0x760 kernel/fork.c:3322\n __do_sys_unshare kernel/fork.c:3393 [inline]\n __se_sys_unshare kernel/fork.c:3391 [inline]\n __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0x7f30d0febe5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600\nRBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002\nR13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000\n </TASK>"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "b33ca18c3a11"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.12",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.276",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b33ca18c3a1190208dfd569c4fa8a2f93084709f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b33ca18c3a1190208dfd569c4fa8a2f93084709f"
},
{
"url": "https://git.kernel.org/stable/c/d4891d817350c67392d4731536945f3809a2a0ba",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d4891d817350c67392d4731536945f3809a2a0ba"
},
{
"url": "https://git.kernel.org/stable/c/ea6ce93327bd2c8a0c6cf6f2f0e800f3b778f021",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ea6ce93327bd2c8a0c6cf6f2f0e800f3b778f021"
},
{
"url": "https://git.kernel.org/stable/c/8ae63bd858691bee0e2a92571f2fbb36a4d86d65",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8ae63bd858691bee0e2a92571f2fbb36a4d86d65"
},
{
"url": "https://git.kernel.org/stable/c/8a1f89c98dcc542dd6d287e573523714702e0f9c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8a1f89c98dcc542dd6d287e573523714702e0f9c"
},
{
"url": "https://git.kernel.org/stable/c/9909dde2e53a19585212c32fe3eda482b5faaaa3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9909dde2e53a19585212c32fe3eda482b5faaaa3"
},
{
"url": "https://git.kernel.org/stable/c/24457f1be29f1e7042e50a7749f5c2dde8c433c8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/24457f1be29f1e7042e50a7749f5c2dde8c433c8"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

158
2024/36xxx/CVE-2024-36940.json
View File

@ -1,168 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36940",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: core: delete incorrect free in pinctrl_enable()\n\nThe \"pctldev\" struct is allocated in devm_pinctrl_register_and_init().\nIt's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(),\nso freeing it in pinctrl_enable() will lead to a double free.\n\nThe devm_pinctrl_dev_release() function frees the pindescs and destroys\nthe mutex as well."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6118714275f0",
"version_value": "735f4c6b6771"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.11",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.11",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.314",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.276",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/735f4c6b6771eafe336404c157ca683ad72a040d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/735f4c6b6771eafe336404c157ca683ad72a040d"
},
{
"url": "https://git.kernel.org/stable/c/cdaa171473d98962ae86f2a663d398fda2fbeefd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cdaa171473d98962ae86f2a663d398fda2fbeefd"
},
{
"url": "https://git.kernel.org/stable/c/288bc4aa75f150d6f1ee82dd43c6da1b438b6068",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/288bc4aa75f150d6f1ee82dd43c6da1b438b6068"
},
{
"url": "https://git.kernel.org/stable/c/41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca"
},
{
"url": "https://git.kernel.org/stable/c/ac7d65795827dc0cf7662384ed27caf4066bd72e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ac7d65795827dc0cf7662384ed27caf4066bd72e"
},
{
"url": "https://git.kernel.org/stable/c/558c8039fdf596a584a92c171cbf3298919c448c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/558c8039fdf596a584a92c171cbf3298919c448c"
},
{
"url": "https://git.kernel.org/stable/c/f9f1e321d53e4c5b666b66e5b43da29841fb55ba",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f9f1e321d53e4c5b666b66e5b43da29841fb55ba"
},
{
"url": "https://git.kernel.org/stable/c/5038a66dad0199de60e5671603ea6623eb9e5c79",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5038a66dad0199de60e5671603ea6623eb9e5c79"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

158
2024/36xxx/CVE-2024-36941.json
View File

@ -1,168 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36941",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: don't free NULL coalescing rule\n\nIf the parsing fails, we can dereference a NULL pointer here."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "be29b99a9b51",
"version_value": "327382dc0f16"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.12",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.314",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.276",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/327382dc0f16b268950b96e0052595efd80f7b0a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/327382dc0f16b268950b96e0052595efd80f7b0a"
},
{
"url": "https://git.kernel.org/stable/c/97792d0611ae2e6fe3ccefb0a94a1d802317c457",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/97792d0611ae2e6fe3ccefb0a94a1d802317c457"
},
{
"url": "https://git.kernel.org/stable/c/5a730a161ac2290d46d49be76b2b1aee8d2eb307",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5a730a161ac2290d46d49be76b2b1aee8d2eb307"
},
{
"url": "https://git.kernel.org/stable/c/ad12c74e953b68ad85c78adc6408ed8435c64af4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ad12c74e953b68ad85c78adc6408ed8435c64af4"
},
{
"url": "https://git.kernel.org/stable/c/b0db4caa10f2e4e811cf88744fbf0d074b67ec1f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b0db4caa10f2e4e811cf88744fbf0d074b67ec1f"
},
{
"url": "https://git.kernel.org/stable/c/244822c09b4f9aedfb5977f03c0deeb39da8ec7d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/244822c09b4f9aedfb5977f03c0deeb39da8ec7d"
},
{
"url": "https://git.kernel.org/stable/c/f92772a642485394db5c9a17bd0ee73fc6902383",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f92772a642485394db5c9a17bd0ee73fc6902383"
},
{
"url": "https://git.kernel.org/stable/c/801ea33ae82d6a9d954074fbcf8ea9d18f1543a7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/801ea33ae82d6a9d954074fbcf8ea9d18f1543a7"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

115
2024/36xxx/CVE-2024-36942.json
View File

@ -1,125 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36942",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: fix firmware check error path\n\nA recent commit fixed the code that parses the firmware files before\ndownloading them to the controller but introduced a memory leak in case\nthe sanity checks ever fail.\n\nMake sure to free the firmware buffer before returning on errors."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "580bcd6bf24f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/580bcd6bf24f9975f97d81d5ef1b64cca9240df9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/580bcd6bf24f9975f97d81d5ef1b64cca9240df9"
},
{
"url": "https://git.kernel.org/stable/c/064688d70c33bb5b49dde6e972b9379a8b045d8a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/064688d70c33bb5b49dde6e972b9379a8b045d8a"
},
{
"url": "https://git.kernel.org/stable/c/7bcba557d5c37cd09ecd5abbe7d50deb86c36d3f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7bcba557d5c37cd09ecd5abbe7d50deb86c36d3f"
},
{
"url": "https://git.kernel.org/stable/c/d1f768214320852766a60a815a0be8f14fba0cc3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d1f768214320852766a60a815a0be8f14fba0cc3"
},
{
"url": "https://git.kernel.org/stable/c/40d442f969fb1e871da6fca73d3f8aef1f888558",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/40d442f969fb1e871da6fca73d3f8aef1f888558"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

92
2024/36xxx/CVE-2024-36943.json
View File

@ -1,102 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36943",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan\n\nmake_uffd_wp_pte() was previously doing:\n\n pte = ptep_get(ptep);\n ptep_modify_prot_start(ptep);\n pte = pte_mkuffd_wp(pte);\n ptep_modify_prot_commit(ptep, pte);\n\nBut if another thread accessed or dirtied the pte between the first 2\ncalls, this could lead to loss of that information. Since\nptep_modify_prot_start() gets and clears atomically, the following is the\ncorrect pattern and prevents any possible race. Any access after the\nfirst call would see an invalid pte and cause a fault:\n\n pte = ptep_modify_prot_start(ptep);\n pte = pte_mkuffd_wp(pte);\n ptep_modify_prot_commit(ptep, pte);"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "52526ca7fdb9",
"version_value": "74b3d66f91d9"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.7",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/74b3d66f91d9f539f99faad74d796fa9a389a015",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/74b3d66f91d9f539f99faad74d796fa9a389a015"
},
{
"url": "https://git.kernel.org/stable/c/c70dce4982ce1718bf978a35f8e26160b82081f4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c70dce4982ce1718bf978a35f8e26160b82081f4"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

115
2024/36xxx/CVE-2024-36944.json
View File

@ -1,125 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36944",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nReapply \"drm/qxl: simplify qxl_fence_wait\"\n\nThis reverts commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea.\n\nStephen Rostedt reports:\n \"I went to run my tests on my VMs and the tests hung on boot up.\n Unfortunately, the most I ever got out was:\n\n [ 93.607888] Testing event system initcall: OK\n [ 93.667730] Running tests on all trace events:\n [ 93.669757] Testing all events: OK\n [ 95.631064] ------------[ cut here ]------------\n Timed out after 60 seconds\"\n\nand further debugging points to a possible circular locking dependency\nbetween the console_owner locking and the worker pool locking.\n\nReverting the commit allows Steve's VM to boot to completion again.\n\n[ This may obviously result in the \"[TTM] Buffer eviction failed\"\n messages again, which was the reason for that original revert. But at\n this point this seems preferable to a non-booting system... ]"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "4a89ac4b0921"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/4a89ac4b0921c4ea21eb1b4cf3a469a91bacfcea",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4a89ac4b0921c4ea21eb1b4cf3a469a91bacfcea"
},
{
"url": "https://git.kernel.org/stable/c/b548c53bc3ab83dc6fc86c8e840f013b2032267a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b548c53bc3ab83dc6fc86c8e840f013b2032267a"
},
{
"url": "https://git.kernel.org/stable/c/148ed8b4d64f94ab079c8f0d88c3f444db97ba97",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/148ed8b4d64f94ab079c8f0d88c3f444db97ba97"
},
{
"url": "https://git.kernel.org/stable/c/3dfe35d8683daf9ba69278643efbabe40000bbf6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3dfe35d8683daf9ba69278643efbabe40000bbf6"
},
{
"url": "https://git.kernel.org/stable/c/3628e0383dd349f02f882e612ab6184e4bb3dc10",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3628e0383dd349f02f882e612ab6184e4bb3dc10"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

114
2024/36xxx/CVE-2024-36945.json
View File

@ -1,124 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36945",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix neighbour and rtable leak in smc_ib_find_route()\n\nIn smc_ib_find_route(), the neighbour found by neigh_lookup() and rtable\nresolved by ip_route_output_flow() are not released or put before return.\nIt may cause the refcount leak, so fix it."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "e5c4744cfb59",
"version_value": "d5a466ab6e78"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.16",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.16",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d5a466ab6e78d6f2e0f64435f1e17246c8e941ff",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d5a466ab6e78d6f2e0f64435f1e17246c8e941ff"
},
{
"url": "https://git.kernel.org/stable/c/5df93c029a907b0ff5a4eeadd77ba06ff0a277d2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5df93c029a907b0ff5a4eeadd77ba06ff0a277d2"
},
{
"url": "https://git.kernel.org/stable/c/da91e447d06dc649fcf46e59122e7bf8f0b2e0db",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/da91e447d06dc649fcf46e59122e7bf8f0b2e0db"
},
{
"url": "https://git.kernel.org/stable/c/2ddc0dd7fec86ee53b8928a5cca5fbddd4fc7c06",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2ddc0dd7fec86ee53b8928a5cca5fbddd4fc7c06"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

158
2024/36xxx/CVE-2024-36946.json
View File

@ -1,168 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36946",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphonet: fix rtm_phonet_notify() skb allocation\n\nfill_route() stores three components in the skb:\n\n- struct rtmsg\n- RTA_DST (u8)\n- RTA_OIF (u32)\n\nTherefore, rtm_phonet_notify() should use\n\nNLMSG_ALIGN(sizeof(struct rtmsg)) +\nnla_total_size(1) +\nnla_total_size(4)"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "f062f41d0657",
"version_value": "ec1f71c05cae"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.33",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.33",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.314",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.276",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/ec1f71c05caeba0f814df77e0f511d8b4618623a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ec1f71c05caeba0f814df77e0f511d8b4618623a"
},
{
"url": "https://git.kernel.org/stable/c/dc6beac059f0331de97155a89d84058d4a9e49c7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dc6beac059f0331de97155a89d84058d4a9e49c7"
},
{
"url": "https://git.kernel.org/stable/c/f085e02f0a32f6dfcfabc6535c9c4a1707cef86b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f085e02f0a32f6dfcfabc6535c9c4a1707cef86b"
},
{
"url": "https://git.kernel.org/stable/c/4ff334cade9dae50e4be387f71e94fae634aa9b4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4ff334cade9dae50e4be387f71e94fae634aa9b4"
},
{
"url": "https://git.kernel.org/stable/c/728a83160f98ee6b60df0d890141b9b7240182fe",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/728a83160f98ee6b60df0d890141b9b7240182fe"
},
{
"url": "https://git.kernel.org/stable/c/ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00"
},
{
"url": "https://git.kernel.org/stable/c/9a77226440008cf04ba68faf641a2d50f4998137",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9a77226440008cf04ba68faf641a2d50f4998137"
},
{
"url": "https://git.kernel.org/stable/c/d8cac8568618dcb8a51af3db1103e8d4cc4aeea7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d8cac8568618dcb8a51af3db1103e8d4cc4aeea7"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

125
2024/36xxx/CVE-2024-36947.json
View File

@ -1,135 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36947",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nqibfs: fix dentry leak\n\nsimple_recursive_removal() drops the pinning references to all positives\nin subtree. For the cases when its argument has been kept alive by\nthe pinning alone that's exactly the right thing to do, but here\nthe argument comes from dcache lookup, that needs to be balanced by\nexplicit dput().\n\nFucked-up-by: Al Viro <viro@zeniv.linux.org.uk>"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "e41d23781859",
"version_value": "24dd9b08df71"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.13",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/24dd9b08df718f20ccf2dd1519909fefd8c233ee",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/24dd9b08df718f20ccf2dd1519909fefd8c233ee"
},
{
"url": "https://git.kernel.org/stable/c/bd8f78c71defbcb7a9ed331e7f287507df972b00",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bd8f78c71defbcb7a9ed331e7f287507df972b00"
},
{
"url": "https://git.kernel.org/stable/c/db71ca93259dd1078bcfea3afafde2143cfc2da7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/db71ca93259dd1078bcfea3afafde2143cfc2da7"
},
{
"url": "https://git.kernel.org/stable/c/02ee394a5d899d9bd2f0759382e9481cab6166f8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/02ee394a5d899d9bd2f0759382e9481cab6166f8"
},
{
"url": "https://git.kernel.org/stable/c/aa23317d0268b309bb3f0801ddd0d61813ff5afb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/aa23317d0268b309bb3f0801ddd0d61813ff5afb"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

82
2024/36xxx/CVE-2024-36948.json
View File

@ -1,92 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36948",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/xe_migrate: Cast to output precision before multiplying operands\n\nAddressing potential overflow in result of multiplication of two lower\nprecision (u32) operands before widening it to higher precision\n(u64).\n\n-v2\nFix commit message and description. (Rodrigo)\n\n(cherry picked from commit 34820967ae7b45411f8f4f737c2d63b0c608e0d7)"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "e23a904dfeb5"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e23a904dfeb5a9e3d4ec527a365e962478cccf05",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e23a904dfeb5a9e3d4ec527a365e962478cccf05"
},
{
"url": "https://git.kernel.org/stable/c/9cb46b31f3d08ed3fce86349e8c12f96d7c88717",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9cb46b31f3d08ed3fce86349e8c12f96d7c88717"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

93
2024/36xxx/CVE-2024-36949.json
View File

@ -1,103 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36949",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\namd/amdkfd: sync all devices to wait all processes being evicted\n\nIf there are more than one device doing reset in parallel, the first\ndevice will call kfd_suspend_all_processes() to evict all processes\non all devices, this call takes time to finish. other device will\nstart reset and recover without waiting. if the process has not been\nevicted before doing recover, it will be restored, then caused page\nfault."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "b6f6626528fe"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b6f6626528fe724b512c34f3fb5946c36a135f58",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b6f6626528fe724b512c34f3fb5946c36a135f58"
},
{
"url": "https://git.kernel.org/stable/c/ed28ef3840bbf93a64376ea7814ce39f86352e14",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ed28ef3840bbf93a64376ea7814ce39f86352e14"
},
{
"url": "https://git.kernel.org/stable/c/d06af584be5a769d124b7302b32a033e9559761d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d06af584be5a769d124b7302b32a033e9559761d"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

102
2024/36xxx/CVE-2024-36956.json Normal file
View File

@ -0,0 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-36956",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/debugfs: Free all thermal zone debug memory on zone removal\n\nBecause thermal_debug_tz_remove() does not free all memory allocated for\nthermal zone diagnostics, some of that memory becomes unreachable after\nfreeing the thermal zone's struct thermal_debugfs object.\n\nAddress this by making thermal_debug_tz_remove() free all of the memory\nin question.\n\nCc :6.8+ <stable@vger.kernel.org> # 6.8+"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7ef01f228c9f",
"version_value": "f51564e4b399"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.8",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f51564e4b3992b53df79460ed5781a5330b5b1d5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f51564e4b3992b53df79460ed5781a5330b5b1d5"
},
{
"url": "https://git.kernel.org/stable/c/72c1afffa4c645fe0e0f1c03e5f34395ed65b5f4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/72c1afffa4c645fe0e0f1c03e5f34395ed65b5f4"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

141
2024/36xxx/CVE-2024-36957.json
View File

@ -1,18 +1,151 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36957",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: avoid off-by-one read from userspace\n\nWe try to access count + 1 byte from userspace with memdup_user(buffer,\ncount + 1). However, the userspace only provides buffer of count bytes and\nonly these count bytes are verified to be okay to access. To ensure the\ncopied buffer is NUL terminated, we use memdup_user_nul instead."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "dae49384d0d7",
"version_value": "bcdac70adceb"
},
{
"version_affected": "<",
"version_name": "3a2eb515d136",
"version_value": "ec697fbd38cb"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.12",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/bcdac70adceb44373da204c3c297f2a98e13216e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bcdac70adceb44373da204c3c297f2a98e13216e"
},
{
"url": "https://git.kernel.org/stable/c/ec697fbd38cbe2eef0948b58673b146caa95402f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ec697fbd38cbe2eef0948b58673b146caa95402f"
},
{
"url": "https://git.kernel.org/stable/c/8f11fe3ea3fc261640cfc8a5addd838000407c67",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8f11fe3ea3fc261640cfc8a5addd838000407c67"
},
{
"url": "https://git.kernel.org/stable/c/0a0285cee11c7dcc2657bcd456e469958a5009e7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0a0285cee11c7dcc2657bcd456e469958a5009e7"
},
{
"url": "https://git.kernel.org/stable/c/fc3e0076c1f82fe981d321e3a7bad4cbee542c19",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fc3e0076c1f82fe981d321e3a7bad4cbee542c19"
},
{
"url": "https://git.kernel.org/stable/c/f299ee709fb45036454ca11e90cb2810fe771878",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f299ee709fb45036454ca11e90cb2810fe771878"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

92
2024/36xxx/CVE-2024-36958.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36958",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix nfsd4_encode_fattr4() crasher\n\nEnsure that args.acl is initialized early. It is used in an\nunconditional call to kfree() on the way out of\nnfsd4_encode_fattr4()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "83ab8678ad0c",
"version_value": "6a7b07689af6"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.7",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/6a7b07689af6e4e023404bf69b1230f43b2a15bc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6a7b07689af6e4e023404bf69b1230f43b2a15bc"
},
{
"url": "https://git.kernel.org/stable/c/18180a4550d08be4eb0387fe83f02f703f92d4e7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/18180a4550d08be4eb0387fe83f02f703f92d4e7"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

178
2024/36xxx/CVE-2024-36959.json
View File

@ -1,18 +1,188 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36959",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()\n\nIf we fail to allocate propname buffer, we need to drop the reference\ncount we just took. Because the pinctrl_dt_free_maps() includes the\ndroping operation, here we call it directly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "a988dcd3dd9e",
"version_value": "06780473cb8a"
},
{
"version_affected": "<",
"version_name": "040f726fecd8",
"version_value": "47d253c48549"
},
{
"version_affected": "<",
"version_name": "777430aa4ddc",
"version_value": "35ab679e8bb5"
},
{
"version_affected": "<",
"version_name": "97e5b508e961",
"version_value": "76aa2440deb9"
},
{
"version_affected": "<",
"version_name": "91d5c5060ee2",
"version_value": "518d5ddafeb0"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.1",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.314",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.276",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/06780473cb8a858d1d6cab2673e021b072a852d1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/06780473cb8a858d1d6cab2673e021b072a852d1"
},
{
"url": "https://git.kernel.org/stable/c/47d253c485491caaf70d8cd8c0248ae26e42581f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/47d253c485491caaf70d8cd8c0248ae26e42581f"
},
{
"url": "https://git.kernel.org/stable/c/35ab679e8bb5a81a4f922d3efbd43e32bce69274",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/35ab679e8bb5a81a4f922d3efbd43e32bce69274"
},
{
"url": "https://git.kernel.org/stable/c/76aa2440deb9a35507590f2c981a69a57ecd305d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/76aa2440deb9a35507590f2c981a69a57ecd305d"
},
{
"url": "https://git.kernel.org/stable/c/518d5ddafeb084d6d9b1773ed85164300037d0e6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/518d5ddafeb084d6d9b1773ed85164300037d0e6"
},
{
"url": "https://git.kernel.org/stable/c/026e24cf31733dbd97f41cc9bc5273ace428eeec",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/026e24cf31733dbd97f41cc9bc5273ace428eeec"
},
{
"url": "https://git.kernel.org/stable/c/c7e02ccc9fdc496fe51e440e3e66ac36509ca049",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c7e02ccc9fdc496fe51e440e3e66ac36509ca049"
},
{
"url": "https://git.kernel.org/stable/c/a0cedbcc8852d6c77b00634b81e41f17f29d9404",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a0cedbcc8852d6c77b00634b81e41f17f29d9404"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

110
2024/3xxx/CVE-2024-3300.json
View File

@ -1,17 +1,119 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3300",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "3DS.Information-Security@3ds.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dassault Syst\u00e8mes",
"product": {
"product_data": [
{
"product_name": "DELMIA Apriso",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "Release 2019 Golden",
"version_value": "Release 2019 SP5"
},
{
"version_affected": "<=",
"version_name": "Release 2020 Golden",
"version_value": "Release 2020 SP4"
},
{
"version_affected": "<=",
"version_name": "Release 2021 Golden",
"version_value": "Release 2021 SP3"
},
{
"version_affected": "<=",
"version_name": "Release 2022 Golden",
"version_value": "Release 2022 SP3"
},
{
"version_affected": "<=",
"version_name": "Release 2023 Golden",
"version_value": "Release 2023 SP2"
},
{
"version_affected": "<=",
"version_name": "Release 2024 Golden",
"version_value": "Release 2024 SP1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.3ds.com/vulnerability/advisories",
"refsource": "MISC",
"name": "https://www.3ds.com/vulnerability/advisories"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Mehdi Elyassa of Synacktiv"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseSeverity": "CRITICAL",
"baseScore": 9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
]
}

110
2024/3xxx/CVE-2024-3301.json
View File

@ -1,17 +1,119 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3301",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "3DS.Information-Security@3ds.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dassault Syst\u00e8mes",
"product": {
"product_data": [
{
"product_name": "DELMIA Apriso",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "Release 2019 Golden",
"version_value": "Release 2019 SP5"
},
{
"version_affected": "<=",
"version_name": "Release 2020 Golden",
"version_value": "Release 2020 SP4"
},
{
"version_affected": "<=",
"version_name": "Release 2021 Golden",
"version_value": "Release 2021 SP3"
},
{
"version_affected": "<=",
"version_name": "Release 2022 Golden",
"version_value": "Release 2022 SP3"
},
{
"version_affected": "<=",
"version_name": "Release 2023 Golden",
"version_value": "Release 2023 SP2"
},
{
"version_affected": "<=",
"version_name": "Release 2024 Golden",
"version_value": "Release 2024 SP1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.3ds.com/vulnerability/advisories",
"refsource": "MISC",
"name": "https://www.3ds.com/vulnerability/advisories"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Mehdi Elyassa of Synacktiv"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseSeverity": "HIGH",
"baseScore": 8.5,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"
}
]
}

100
2024/5xxx/CVE-2024-5519.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5519",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266590 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In ItsourceCode Learning Management System Project In PHP 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei login.php. Mittels dem Manipulieren des Arguments user_email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ItsourceCode",
"product": {
"product_data": [
{
"product_name": "Learning Management System Project In PHP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.266590",
"refsource": "MISC",
"name": "https://vuldb.com/?id.266590"
},
{
"url": "https://vuldb.com/?ctiid.266590",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.266590"
},
{
"url": "https://vuldb.com/?submit.346310",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.346310"
},
{
"url": "https://github.com/L1OudFd8cl09/CVE/issues/2",
"refsource": "MISC",
"name": "https://github.com/L1OudFd8cl09/CVE/issues/2"
}
]
},
"credits": [
{
"lang": "en",
"value": "N3xu5Cr4ck37 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

18
2024/5xxx/CVE-2024-5534.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5534",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}