diff --git a/2024/35xxx/CVE-2024-35795.json b/2024/35xxx/CVE-2024-35795.json index 0e470a07006..e2c00957eff 100644 --- a/2024/35xxx/CVE-2024-35795.json +++ b/2024/35xxx/CVE-2024-35795.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35795", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix deadlock while reading mqd from debugfs\n\nAn errant disk backup on my desktop got into debugfs and triggered the\nfollowing deadlock scenario in the amdgpu debugfs files. The machine\nalso hard-resets immediately after those lines are printed (although I\nwasn't able to reproduce that part when reading by hand):\n\n[ 1318.016074][ T1082] ======================================================\n[ 1318.016607][ T1082] WARNING: possible circular locking dependency detected\n[ 1318.017107][ T1082] 6.8.0-rc7-00015-ge0c8221b72c0 #17 Not tainted\n[ 1318.017598][ T1082] ------------------------------------------------------\n[ 1318.018096][ T1082] tar/1082 is trying to acquire lock:\n[ 1318.018585][ T1082] ffff98c44175d6a0 (&mm->mmap_lock){++++}-{3:3}, at: __might_fault+0x40/0x80\n[ 1318.019084][ T1082]\n[ 1318.019084][ T1082] but task is already holding lock:\n[ 1318.020052][ T1082] ffff98c4c13f55f8 (reservation_ww_class_mutex){+.+.}-{3:3}, at: amdgpu_debugfs_mqd_read+0x6a/0x250 [amdgpu]\n[ 1318.020607][ T1082]\n[ 1318.020607][ T1082] which lock already depends on the new lock.\n[ 1318.020607][ T1082]\n[ 1318.022081][ T1082]\n[ 1318.022081][ T1082] the existing dependency chain (in reverse order) is:\n[ 1318.023083][ T1082]\n[ 1318.023083][ T1082] -> #2 (reservation_ww_class_mutex){+.+.}-{3:3}:\n[ 1318.024114][ T1082] __ww_mutex_lock.constprop.0+0xe0/0x12f0\n[ 1318.024639][ T1082] ww_mutex_lock+0x32/0x90\n[ 1318.025161][ T1082] dma_resv_lockdep+0x18a/0x330\n[ 1318.025683][ T1082] do_one_initcall+0x6a/0x350\n[ 1318.026210][ T1082] kernel_init_freeable+0x1a3/0x310\n[ 1318.026728][ T1082] kernel_init+0x15/0x1a0\n[ 1318.027242][ T1082] ret_from_fork+0x2c/0x40\n[ 1318.027759][ T1082] ret_from_fork_asm+0x11/0x20\n[ 1318.028281][ T1082]\n[ 1318.028281][ T1082] -> #1 (reservation_ww_class_acquire){+.+.}-{0:0}:\n[ 1318.029297][ T1082] dma_resv_lockdep+0x16c/0x330\n[ 1318.029790][ T1082] do_one_initcall+0x6a/0x350\n[ 1318.030263][ T1082] kernel_init_freeable+0x1a3/0x310\n[ 1318.030722][ T1082] kernel_init+0x15/0x1a0\n[ 1318.031168][ T1082] ret_from_fork+0x2c/0x40\n[ 1318.031598][ T1082] ret_from_fork_asm+0x11/0x20\n[ 1318.032011][ T1082]\n[ 1318.032011][ T1082] -> #0 (&mm->mmap_lock){++++}-{3:3}:\n[ 1318.032778][ T1082] __lock_acquire+0x14bf/0x2680\n[ 1318.033141][ T1082] lock_acquire+0xcd/0x2c0\n[ 1318.033487][ T1082] __might_fault+0x58/0x80\n[ 1318.033814][ T1082] amdgpu_debugfs_mqd_read+0x103/0x250 [amdgpu]\n[ 1318.034181][ T1082] full_proxy_read+0x55/0x80\n[ 1318.034487][ T1082] vfs_read+0xa7/0x360\n[ 1318.034788][ T1082] ksys_read+0x70/0xf0\n[ 1318.035085][ T1082] do_syscall_64+0x94/0x180\n[ 1318.035375][ T1082] entry_SYSCALL_64_after_hwframe+0x46/0x4e\n[ 1318.035664][ T1082]\n[ 1318.035664][ T1082] other info that might help us debug this:\n[ 1318.035664][ T1082]\n[ 1318.036487][ T1082] Chain exists of:\n[ 1318.036487][ T1082] &mm->mmap_lock --> reservation_ww_class_acquire --> reservation_ww_class_mutex\n[ 1318.036487][ T1082]\n[ 1318.037310][ T1082] Possible unsafe locking scenario:\n[ 1318.037310][ T1082]\n[ 1318.037838][ T1082] CPU0 CPU1\n[ 1318.038101][ T1082] ---- ----\n[ 1318.038350][ T1082] lock(reservation_ww_class_mutex);\n[ 1318.038590][ T1082] lock(reservation_ww_class_acquire);\n[ 1318.038839][ T1082] lock(reservation_ww_class_mutex);\n[ 1318.039083][ T1082] rlock(&mm->mmap_lock);\n[ 1318.039328][ T1082]\n[ 1318.039328][ T1082] *** DEADLOCK ***\n[ 1318.039328][ T1082]\n[ 1318.040029][ T1082] 1 lock held by tar/1082:\n[ 1318.040259][ T1082] #0: ffff98c4c13f55f8 (reservation_ww_class_mutex){+.+.}-{3:3}, at: amdgpu_debugfs_mqd_read+0x6a/0x250 [amdgpu]\n[ 1318.040560][ T1082]\n[ 1318.040560][ T1082] stack backtrace:\n[\n---truncated---" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "445d85e3c1df", + "version_value": "197f6d6987c5" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.5", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.5", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/197f6d6987c55860f6eea1c93e4f800c59078874", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/197f6d6987c55860f6eea1c93e4f800c59078874" + }, + { + "url": "https://git.kernel.org/stable/c/8b03556da6e576c62664b6cd01809e4a09d53b5b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8b03556da6e576c62664b6cd01809e4a09d53b5b" + }, + { + "url": "https://git.kernel.org/stable/c/4687e3c6ee877ee25e57b984eca00be53b9a8db5", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4687e3c6ee877ee25e57b984eca00be53b9a8db5" + }, + { + "url": "https://git.kernel.org/stable/c/8678b1060ae2b75feb60b87e5b75e17374e3c1c5", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8678b1060ae2b75feb60b87e5b75e17374e3c1c5" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35796.json b/2024/35xxx/CVE-2024-35796.json index 31c72ed1015..8c9d89f2d96 100644 --- a/2024/35xxx/CVE-2024-35796.json +++ b/2024/35xxx/CVE-2024-35796.json @@ -1,18 +1,157 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35796", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ll_temac: platform_get_resource replaced by wrong function\n\nThe function platform_get_resource was replaced with\ndevm_platform_ioremap_resource_byname and is called using 0 as name.\n\nThis eventually ends up in platform_get_resource_byname in the call\nstack, where it causes a null pointer in strcmp.\n\n\tif (type == resource_type(r) && !strcmp(r->name, name))\n\nIt should have been replaced with devm_platform_ioremap_resource." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "bd69058f50d5", + "version_value": "6d9395ba7f85" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.9", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.9", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/6d9395ba7f85bdb7af0b93272e537484ecbeff48", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6d9395ba7f85bdb7af0b93272e537484ecbeff48" + }, + { + "url": "https://git.kernel.org/stable/c/553d294db94b5f139378022df480a9fb6c3ae39e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/553d294db94b5f139378022df480a9fb6c3ae39e" + }, + { + "url": "https://git.kernel.org/stable/c/46efbdbc95a30951c2579caf97b6df2ee2b3bef3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/46efbdbc95a30951c2579caf97b6df2ee2b3bef3" + }, + { + "url": "https://git.kernel.org/stable/c/476eed5f1c22034774902a980aa48dc4662cb39a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/476eed5f1c22034774902a980aa48dc4662cb39a" + }, + { + "url": "https://git.kernel.org/stable/c/7e9edb569fd9f688d887e36db8170f6e22bafbc8", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7e9edb569fd9f688d887e36db8170f6e22bafbc8" + }, + { + "url": "https://git.kernel.org/stable/c/92c0c29f667870f17c0b764544bdf22ce0e886a1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/92c0c29f667870f17c0b764544bdf22ce0e886a1" + }, + { + "url": "https://git.kernel.org/stable/c/3a38a829c8bc27d78552c28e582eb1d885d07d11", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3a38a829c8bc27d78552c28e582eb1d885d07d11" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35797.json b/2024/35xxx/CVE-2024-35797.json index a6838fa9ab4..f60ac8e1ce3 100644 --- a/2024/35xxx/CVE-2024-35797.json +++ b/2024/35xxx/CVE-2024-35797.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35797", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: cachestat: fix two shmem bugs\n\nWhen cachestat on shmem races with swapping and invalidation, there\nare two possible bugs:\n\n1) A swapin error can have resulted in a poisoned swap entry in the\n shmem inode's xarray. Calling get_shadow_from_swap_cache() on it\n will result in an out-of-bounds access to swapper_spaces[].\n\n Validate the entry with non_swap_entry() before going further.\n\n2) When we find a valid swap entry in the shmem's inode, the shadow\n entry in the swapcache might not exist yet: swap IO is still in\n progress and we're before __remove_mapping; swapin, invalidation,\n or swapoff have removed the shadow from swapcache after we saw the\n shmem swap entry.\n\n This will send a NULL to workingset_test_recent(). The latter\n purely operates on pointer bits, so it won't crash - node 0, memcg\n ID 0, eviction timestamp 0, etc. are all valid inputs - but it's a\n bogus test. In theory that could result in a false \"recently\n evicted\" count.\n\n Such a false positive wouldn't be the end of the world. But for\n code clarity and (future) robustness, be explicit about this case.\n\n Bail on get_shadow_from_swap_cache() returning NULL." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "cf264e1329fb", + "version_value": "b79f9e1ff27c" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.5", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.5", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/b79f9e1ff27c994a4c452235ba09e672ec698e23", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b79f9e1ff27c994a4c452235ba09e672ec698e23" + }, + { + "url": "https://git.kernel.org/stable/c/d962f6c583458037dc7e529659b2b02b9dd3d94b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d962f6c583458037dc7e529659b2b02b9dd3d94b" + }, + { + "url": "https://git.kernel.org/stable/c/24a0e73d544439bb9329fbbafac44299e548a677", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/24a0e73d544439bb9329fbbafac44299e548a677" + }, + { + "url": "https://git.kernel.org/stable/c/d5d39c707a4cf0bcc84680178677b97aa2cb2627", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d5d39c707a4cf0bcc84680178677b97aa2cb2627" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35798.json b/2024/35xxx/CVE-2024-35798.json index f729db3cad8..b092627cb7a 100644 --- a/2024/35xxx/CVE-2024-35798.json +++ b/2024/35xxx/CVE-2024-35798.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35798", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race in read_extent_buffer_pages()\n\nThere are reports from tree-checker that detects corrupted nodes,\nwithout any obvious pattern so possibly an overwrite in memory.\nAfter some debugging it turns out there's a race when reading an extent\nbuffer the uptodate status can be missed.\n\nTo prevent concurrent reads for the same extent buffer,\nread_extent_buffer_pages() performs these checks:\n\n /* (1) */\n if (test_bit(EXTENT_BUFFER_UPTODATE, &eb->bflags))\n return 0;\n\n /* (2) */\n if (test_and_set_bit(EXTENT_BUFFER_READING, &eb->bflags))\n goto done;\n\nAt this point, it seems safe to start the actual read operation. Once\nthat completes, end_bbio_meta_read() does\n\n /* (3) */\n set_extent_buffer_uptodate(eb);\n\n /* (4) */\n clear_bit(EXTENT_BUFFER_READING, &eb->bflags);\n\nNormally, this is enough to ensure only one read happens, and all other\ncallers wait for it to finish before returning. Unfortunately, there is\na racey interleaving:\n\n Thread A | Thread B | Thread C\n ---------+----------+---------\n (1) | |\n | (1) |\n (2) | |\n (3) | |\n (4) | |\n | (2) |\n | | (1)\n\nWhen this happens, thread B kicks of an unnecessary read. Worse, thread\nC will see UPTODATE set and return immediately, while the read from\nthread B is still in progress. This race could result in tree-checker\nerrors like this as the extent buffer is concurrently modified:\n\n BTRFS critical (device dm-0): corrupted node, root=256\n block=8550954455682405139 owner mismatch, have 11858205567642294356\n expect [256, 18446744073709551360]\n\nFix it by testing UPTODATE again after setting the READING bit, and if\nit's been set, skip the unnecessary read.\n\n[ minor update of changelog ]" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "d7172f52e993", + "version_value": "0427c8ef8bbb" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.5", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.5", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/0427c8ef8bbb7f304de42ef51d69c960e165e052", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0427c8ef8bbb7f304de42ef51d69c960e165e052" + }, + { + "url": "https://git.kernel.org/stable/c/3a25878a3378adce5d846300c9570f15aa7f7a80", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3a25878a3378adce5d846300c9570f15aa7f7a80" + }, + { + "url": "https://git.kernel.org/stable/c/2885d54af2c2e1d910e20d5c8045bae40e02fbc1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2885d54af2c2e1d910e20d5c8045bae40e02fbc1" + }, + { + "url": "https://git.kernel.org/stable/c/ef1e68236b9153c27cb7cf29ead0c532870d4215", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ef1e68236b9153c27cb7cf29ead0c532870d4215" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35799.json b/2024/35xxx/CVE-2024-35799.json index 669e05a08bb..0c2ac3777fa 100644 --- a/2024/35xxx/CVE-2024-35799.json +++ b/2024/35xxx/CVE-2024-35799.json @@ -1,18 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35799", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Prevent crash when disable stream\n\n[Why]\nDisabling stream encoder invokes a function that no longer exists.\n\n[How]\nCheck if the function declaration is NULL in disable stream encoder." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "4356a2c3f296" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.6.26", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/4356a2c3f296503c8b420ae8adece053960a9f06", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4356a2c3f296503c8b420ae8adece053960a9f06" + }, + { + "url": "https://git.kernel.org/stable/c/59772327d439874095516673b4b30c48bd83ca38", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/59772327d439874095516673b4b30c48bd83ca38" + }, + { + "url": "https://git.kernel.org/stable/c/2b17133a0a2e0e111803124dad09e803718d4a48", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2b17133a0a2e0e111803124dad09e803718d4a48" + }, + { + "url": "https://git.kernel.org/stable/c/72d72e8fddbcd6c98e1b02d32cf6f2b04e10bd1c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/72d72e8fddbcd6c98e1b02d32cf6f2b04e10bd1c" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35800.json b/2024/35xxx/CVE-2024-35800.json index d85bf606232..7814d009cc3 100644 --- a/2024/35xxx/CVE-2024-35800.json +++ b/2024/35xxx/CVE-2024-35800.json @@ -1,18 +1,140 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35800", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: fix panic in kdump kernel\n\nCheck if get_next_variable() is actually valid pointer before\ncalling it. In kdump kernel this method is set to NULL that causes\npanic during the kexec-ed kernel boot.\n\nTested with QEMU and OVMF firmware." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "a8901f331b8b", + "version_value": "b9d103aca85f" + }, + { + "version_affected": "<", + "version_name": "bad267f9e18f", + "version_value": "9114ba998750" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.3", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.3", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/b9d103aca85f082a343b222493f3cab1219aaaf4", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b9d103aca85f082a343b222493f3cab1219aaaf4" + }, + { + "url": "https://git.kernel.org/stable/c/9114ba9987506bcfbb454f6e68558d68cb1abbde", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9114ba9987506bcfbb454f6e68558d68cb1abbde" + }, + { + "url": "https://git.kernel.org/stable/c/7784135f134c13af17d9ffb39a57db8500bc60ff", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7784135f134c13af17d9ffb39a57db8500bc60ff" + }, + { + "url": "https://git.kernel.org/stable/c/090d2b4515ade379cd592fbc8931344945978210", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/090d2b4515ade379cd592fbc8931344945978210" + }, + { + "url": "https://git.kernel.org/stable/c/62b71cd73d41ddac6b1760402bbe8c4932e23531", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/62b71cd73d41ddac6b1760402bbe8c4932e23531" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35801.json b/2024/35xxx/CVE-2024-35801.json index 8c9a8ba7bea..798609f32b5 100644 --- a/2024/35xxx/CVE-2024-35801.json +++ b/2024/35xxx/CVE-2024-35801.json @@ -1,18 +1,135 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35801", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Keep xfd_state in sync with MSR_IA32_XFD\n\nCommit 672365477ae8 (\"x86/fpu: Update XFD state where required\") and\ncommit 8bf26758ca96 (\"x86/fpu: Add XFD state to fpstate\") introduced a\nper CPU variable xfd_state to keep the MSR_IA32_XFD value cached, in\norder to avoid unnecessary writes to the MSR.\n\nOn CPU hotplug MSR_IA32_XFD is reset to the init_fpstate.xfd, which\nwipes out any stale state. But the per CPU cached xfd value is not\nreset, which brings them out of sync.\n\nAs a consequence a subsequent xfd_update_state() might fail to update\nthe MSR which in turn can result in XRSTOR raising a #NM in kernel\nspace, which crashes the kernel.\n\nTo fix this, introduce xfd_set_state() to write xfd_state together\nwith MSR_IA32_XFD, and use it in all places that set MSR_IA32_XFD." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "672365477ae8", + "version_value": "21c7c00dae55" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.16", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.16", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/21c7c00dae55cb0e3810d5f9506b58f68475d41d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/21c7c00dae55cb0e3810d5f9506b58f68475d41d" + }, + { + "url": "https://git.kernel.org/stable/c/1acbca933313aa866e39996904c9aca4d435c4cd", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/1acbca933313aa866e39996904c9aca4d435c4cd" + }, + { + "url": "https://git.kernel.org/stable/c/92b0f04e937665bde5768f3fcc622dcce44413d8", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/92b0f04e937665bde5768f3fcc622dcce44413d8" + }, + { + "url": "https://git.kernel.org/stable/c/b61e3b7055ac6edee4be071c52f48c26472d2624", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b61e3b7055ac6edee4be071c52f48c26472d2624" + }, + { + "url": "https://git.kernel.org/stable/c/10e4b5166df9ff7a2d5316138ca668b42d004422", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/10e4b5166df9ff7a2d5316138ca668b42d004422" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35802.json b/2024/35xxx/CVE-2024-35802.json index b632be44504..df09f7b622c 100644 --- a/2024/35xxx/CVE-2024-35802.json +++ b/2024/35xxx/CVE-2024-35802.json @@ -1,18 +1,125 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35802", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sev: Fix position dependent variable references in startup code\n\nThe early startup code executes from a 1:1 mapping of memory, which\ndiffers from the mapping that the code was linked and/or relocated to\nrun at. The latter mapping is not active yet at this point, and so\nsymbol references that rely on it will fault.\n\nGiven that the core kernel is built without -fPIC, symbol references are\ntypically emitted as absolute, and so any such references occuring in\nthe early startup code will therefore crash the kernel.\n\nWhile an attempt was made to work around this for the early SEV/SME\nstartup code, by forcing RIP-relative addressing for certain global\nSEV/SME variables via inline assembly (see snp_cpuid_get_table() for\nexample), RIP-relative addressing must be pervasively enforced for\nSEV/SME global variables when accessed prior to page table fixups.\n\n__startup_64() already handles this issue for select non-SEV/SME global\nvariables using fixup_pointer(), which adjusts the pointer relative to a\n`physaddr` argument. To avoid having to pass around this `physaddr`\nargument across all functions needing to apply pointer fixups, introduce\na macro RIP_RELATIVE_REF() which generates a RIP-relative reference to\na given global variable. It is used where necessary to force\nRIP-relative accesses to global variables.\n\nFor backporting purposes, this patch makes no attempt at cleaning up\nother occurrences of this pattern, involving either inline asm or\nfixup_pointer(). Those will be addressed later.\n\n [ bp: Call it \"rip_rel_ref\" everywhere like other code shortens\n \"rIP-relative reference\" and make the asm wrapper __always_inline. ]" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "fe272b61506b" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/fe272b61506bb1534922ef07aa165fd3c37a6a90", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/fe272b61506bb1534922ef07aa165fd3c37a6a90" + }, + { + "url": "https://git.kernel.org/stable/c/0982fd6bf0b822876f2e93ec782c4c28a3f85535", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0982fd6bf0b822876f2e93ec782c4c28a3f85535" + }, + { + "url": "https://git.kernel.org/stable/c/66fa3fcb474b2b892fe42d455a6f7ec5aaa98fb9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/66fa3fcb474b2b892fe42d455a6f7ec5aaa98fb9" + }, + { + "url": "https://git.kernel.org/stable/c/954a4a87814465ad61cc97c1cd3de1525baaaf07", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/954a4a87814465ad61cc97c1cd3de1525baaaf07" + }, + { + "url": "https://git.kernel.org/stable/c/1c811d403afd73f04bde82b83b24c754011bd0e8", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/1c811d403afd73f04bde82b83b24c754011bd0e8" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35803.json b/2024/35xxx/CVE-2024-35803.json index 0c565ca45e0..7a7da4097cb 100644 --- a/2024/35xxx/CVE-2024-35803.json +++ b/2024/35xxx/CVE-2024-35803.json @@ -1,18 +1,125 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35803", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/efistub: Call mixed mode boot services on the firmware's stack\n\nNormally, the EFI stub calls into the EFI boot services using the stack\nthat was live when the stub was entered. According to the UEFI spec,\nthis stack needs to be at least 128k in size - this might seem large but\nall asynchronous processing and event handling in EFI runs from the same\nstack and so quite a lot of space may be used in practice.\n\nIn mixed mode, the situation is a bit different: the bootloader calls\nthe 32-bit EFI stub entry point, which calls the decompressor's 32-bit\nentry point, where the boot stack is set up, using a fixed allocation\nof 16k. This stack is still in use when the EFI stub is started in\n64-bit mode, and so all calls back into the EFI firmware will be using\nthe decompressor's limited boot stack.\n\nDue to the placement of the boot stack right after the boot heap, any\nstack overruns have gone unnoticed. However, commit\n\n 5c4feadb0011983b (\"x86/decompressor: Move global symbol references to C code\")\n\nmoved the definition of the boot heap into C code, and now the boot\nstack is placed right at the base of BSS, where any overruns will\ncorrupt the end of the .data section.\n\nWhile it would be possible to work around this by increasing the size of\nthe boot stack, doing so would affect all x86 systems, and mixed mode\nsystems are a tiny (and shrinking) fraction of the x86 installed base.\n\nSo instead, record the firmware stack pointer value when entering from\nthe 32-bit firmware, and switch to this stack every time a EFI boot\nservice call is made." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "2149f8a56e2e" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/2149f8a56e2ed345c7a4d022a79f6b8fc53ae926", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2149f8a56e2ed345c7a4d022a79f6b8fc53ae926" + }, + { + "url": "https://git.kernel.org/stable/c/930775060ca348b8665f60eef14b204172d14f31", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/930775060ca348b8665f60eef14b204172d14f31" + }, + { + "url": "https://git.kernel.org/stable/c/fba7ee7187581b5bc222003e73e2592b398bb06d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/fba7ee7187581b5bc222003e73e2592b398bb06d" + }, + { + "url": "https://git.kernel.org/stable/c/725351c036452b7db5771a7bed783564bc4b99cc", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/725351c036452b7db5771a7bed783564bc4b99cc" + }, + { + "url": "https://git.kernel.org/stable/c/cefcd4fe2e3aaf792c14c9e56dab89e3d7a65d02", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/cefcd4fe2e3aaf792c14c9e56dab89e3d7a65d02" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35804.json b/2024/35xxx/CVE-2024-35804.json index cfb7541703f..e4f398434f0 100644 --- a/2024/35xxx/CVE-2024-35804.json +++ b/2024/35xxx/CVE-2024-35804.json @@ -1,18 +1,140 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35804", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Mark target gfn of emulated atomic instruction as dirty\n\nWhen emulating an atomic access on behalf of the guest, mark the target\ngfn dirty if the CMPXCHG by KVM is attempted and doesn't fault. This\nfixes a bug where KVM effectively corrupts guest memory during live\nmigration by writing to guest memory without informing userspace that the\npage is dirty.\n\nMarking the page dirty got unintentionally dropped when KVM's emulated\nCMPXCHG was converted to do a user access. Before that, KVM explicitly\nmapped the guest page into kernel memory, and marked the page dirty during\nthe unmap phase.\n\nMark the page dirty even if the CMPXCHG fails, as the old data is written\nback on failure, i.e. the page is still written. The value written is\nguaranteed to be the same because the operation is atomic, but KVM's ABI\nis that all writes are dirty logged regardless of the value written. And\nmore importantly, that's what KVM did before the buggy commit.\n\nHuge kudos to the folks on the Cc list (and many others), who did all the\nactual work of triaging and debugging.\n\nbase-commit: 6769ea8da8a93ed4630f1ce64df6aafcaabfce64" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "d97c0667c1e6", + "version_value": "a9bd6bb6f02b" + }, + { + "version_affected": "<", + "version_name": "1c2361f667f3", + "version_value": "726374dde5d6" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.19", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.19", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/a9bd6bb6f02bf7132c1ab192ba62bbfa52df7d66", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a9bd6bb6f02bf7132c1ab192ba62bbfa52df7d66" + }, + { + "url": "https://git.kernel.org/stable/c/726374dde5d608b15b9756bd52b6fc283fda7a06", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/726374dde5d608b15b9756bd52b6fc283fda7a06" + }, + { + "url": "https://git.kernel.org/stable/c/9d1b22e573a3789ed1f32033ee709106993ba551", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9d1b22e573a3789ed1f32033ee709106993ba551" + }, + { + "url": "https://git.kernel.org/stable/c/225d587a073584946c05c9b7651d637bd45c0c71", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/225d587a073584946c05c9b7651d637bd45c0c71" + }, + { + "url": "https://git.kernel.org/stable/c/910c57dfa4d113aae6571c2a8b9ae8c430975902", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/910c57dfa4d113aae6571c2a8b9ae8c430975902" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35805.json b/2024/35xxx/CVE-2024-35805.json index dc4d0d9a6a3..658c1cfb5c1 100644 --- a/2024/35xxx/CVE-2024-35805.json +++ b/2024/35xxx/CVE-2024-35805.json @@ -1,18 +1,158 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35805", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm snapshot: fix lockup in dm_exception_table_exit\n\nThere was reported lockup when we exit a snapshot with many exceptions.\nFix this by adding \"cond_resched\" to the loop that frees the exceptions." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "e7d4cff57c3c" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.4.274", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/e7d4cff57c3c43fdd72342c78d4138f509c7416e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e7d4cff57c3c43fdd72342c78d4138f509c7416e" + }, + { + "url": "https://git.kernel.org/stable/c/9759ff196e7d248bcf8386a7451d6ff8537a7d9c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9759ff196e7d248bcf8386a7451d6ff8537a7d9c" + }, + { + "url": "https://git.kernel.org/stable/c/116562e804ffc9dc600adab6326dde31d72262c7", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/116562e804ffc9dc600adab6326dde31d72262c7" + }, + { + "url": "https://git.kernel.org/stable/c/3d47eb405781cc5127deca9a14e24b27696087a1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3d47eb405781cc5127deca9a14e24b27696087a1" + }, + { + "url": "https://git.kernel.org/stable/c/e50f83061ac250f90710757a3e51b70a200835e2", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e50f83061ac250f90710757a3e51b70a200835e2" + }, + { + "url": "https://git.kernel.org/stable/c/fa5c055800a7fd49a36bbb52593aca4ea986a366", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/fa5c055800a7fd49a36bbb52593aca4ea986a366" + }, + { + "url": "https://git.kernel.org/stable/c/5f4ad4d0b0943296287313db60b3f84df4aad683", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5f4ad4d0b0943296287313db60b3f84df4aad683" + }, + { + "url": "https://git.kernel.org/stable/c/6e7132ed3c07bd8a6ce3db4bb307ef2852b322dc", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6e7132ed3c07bd8a6ce3db4bb307ef2852b322dc" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35806.json b/2024/35xxx/CVE-2024-35806.json index bcf14054119..255172cc60e 100644 --- a/2024/35xxx/CVE-2024-35806.json +++ b/2024/35xxx/CVE-2024-35806.json @@ -1,18 +1,179 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35806", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: fsl: qbman: Always disable interrupts when taking cgr_lock\n\nsmp_call_function_single disables IRQs when executing the callback. To\nprevent deadlocks, we must disable IRQs when taking cgr_lock elsewhere.\nThis is already done by qman_update_cgr and qman_delete_cgr; fix the\nother lockers." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "96f413f47677", + "version_value": "b56a793f2676" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.16", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.16", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.312", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.274", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/b56a793f267679945d1fdb9a280013bd2d0ed7f9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b56a793f267679945d1fdb9a280013bd2d0ed7f9" + }, + { + "url": "https://git.kernel.org/stable/c/62c3ecd2833cff0eff4a82af4082c44ca8d2518a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/62c3ecd2833cff0eff4a82af4082c44ca8d2518a" + }, + { + "url": "https://git.kernel.org/stable/c/dd199e5b759ffe349622a4b8fbcafc51fc51b1ec", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/dd199e5b759ffe349622a4b8fbcafc51fc51b1ec" + }, + { + "url": "https://git.kernel.org/stable/c/e6378314bb920acb39013051fa65d8f9f8030430", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e6378314bb920acb39013051fa65d8f9f8030430" + }, + { + "url": "https://git.kernel.org/stable/c/a62168653774c36398d65846a98034436ee66d03", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a62168653774c36398d65846a98034436ee66d03" + }, + { + "url": "https://git.kernel.org/stable/c/0e6521b0f93ff350434ed4ae61a250907e65d397", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0e6521b0f93ff350434ed4ae61a250907e65d397" + }, + { + "url": "https://git.kernel.org/stable/c/276af8efb05c8e47acf2738a5609dd72acfc703f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/276af8efb05c8e47acf2738a5609dd72acfc703f" + }, + { + "url": "https://git.kernel.org/stable/c/af25c5180b2b1796342798f6c56fcfd12f5035bd", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/af25c5180b2b1796342798f6c56fcfd12f5035bd" + }, + { + "url": "https://git.kernel.org/stable/c/584c2a9184a33a40fceee838f856de3cffa19be3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/584c2a9184a33a40fceee838f856de3cffa19be3" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35807.json b/2024/35xxx/CVE-2024-35807.json index 8e2f9f4ca03..3b6ccc24049 100644 --- a/2024/35xxx/CVE-2024-35807.json +++ b/2024/35xxx/CVE-2024-35807.json @@ -1,18 +1,179 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35807", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix corruption during on-line resize\n\nWe observed a corruption during on-line resize of a file system that is\nlarger than 16 TiB with 4k block size. With having more then 2^32 blocks\nresize_inode is turned off by default by mke2fs. The issue can be\nreproduced on a smaller file system for convenience by explicitly\nturning off resize_inode. An on-line resize across an 8 GiB boundary (the\nsize of a meta block group in this setup) then leads to a corruption:\n\n dev=/dev/ # should be >= 16 GiB\n mkdir -p /corruption\n /sbin/mke2fs -t ext4 -b 4096 -O ^resize_inode $dev $((2 * 2**21 - 2**15))\n mount -t ext4 $dev /corruption\n\n dd if=/dev/zero bs=4096 of=/corruption/test count=$((2*2**21 - 4*2**15))\n sha1sum /corruption/test\n # 79d2658b39dcfd77274e435b0934028adafaab11 /corruption/test\n\n /sbin/resize2fs $dev $((2*2**21))\n # drop page cache to force reload the block from disk\n echo 1 > /proc/sys/vm/drop_caches\n\n sha1sum /corruption/test\n # 3c2abc63cbf1a94c9e6977e0fbd72cd832c4d5c3 /corruption/test\n\n2^21 = 2^15*2^6 equals 8 GiB whereof 2^15 is the number of blocks per\nblock group and 2^6 are the number of block groups that make a meta\nblock group.\n\nThe last checksum might be different depending on how the file is laid\nout across the physical blocks. The actual corruption occurs at physical\nblock 63*2^15 = 2064384 which would be the location of the backup of the\nmeta block group's block descriptor. During the on-line resize the file\nsystem will be converted to meta_bg starting at s_first_meta_bg which is\n2 in the example - meaning all block groups after 16 GiB. However, in\next4_flex_group_add we might add block groups that are not part of the\nfirst meta block group yet. In the reproducer we achieved this by\nsubstracting the size of a whole block group from the point where the\nmeta block group would start. This must be considered when updating the\nbackup block group descriptors to follow the non-meta_bg layout. The fix\nis to add a test whether the group to add is already part of the meta\nblock group or not." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "01f795f9e0d6", + "version_value": "75cc31c2e719" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "3.7", + "status": "affected" + }, + { + "version": "0", + "lessThan": "3.7", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.312", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.274", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/75cc31c2e7193b69f5d25650bda5bb42ed92f8a1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/75cc31c2e7193b69f5d25650bda5bb42ed92f8a1" + }, + { + "url": "https://git.kernel.org/stable/c/ee4e9c1976147a850f6085a13fca95bcaa00d84c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ee4e9c1976147a850f6085a13fca95bcaa00d84c" + }, + { + "url": "https://git.kernel.org/stable/c/e8e8b197317228b5089ed9e7802dadf3ccaa027a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e8e8b197317228b5089ed9e7802dadf3ccaa027a" + }, + { + "url": "https://git.kernel.org/stable/c/239c669edb2bffa1aa2612519b1d438ab35d6be6", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/239c669edb2bffa1aa2612519b1d438ab35d6be6" + }, + { + "url": "https://git.kernel.org/stable/c/fb1088d51bbaa0faec5a55d4f5818a9ab79e24df", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/fb1088d51bbaa0faec5a55d4f5818a9ab79e24df" + }, + { + "url": "https://git.kernel.org/stable/c/37b6a3ba793bbbae057f5b991970ebcc52cb3db5", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/37b6a3ba793bbbae057f5b991970ebcc52cb3db5" + }, + { + "url": "https://git.kernel.org/stable/c/b461910af8ba3bed80f48c2bf852686d05c6fc5c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b461910af8ba3bed80f48c2bf852686d05c6fc5c" + }, + { + "url": "https://git.kernel.org/stable/c/722d2c01b8b108f8283d1b7222209d5b2a5aa7bd", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/722d2c01b8b108f8283d1b7222209d5b2a5aa7bd" + }, + { + "url": "https://git.kernel.org/stable/c/a6b3bfe176e8a5b05ec4447404e412c2a3fc92cc", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a6b3bfe176e8a5b05ec4447404e412c2a3fc92cc" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35808.json b/2024/35xxx/CVE-2024-35808.json index 210074f7a08..8c849367b21 100644 --- a/2024/35xxx/CVE-2024-35808.json +++ b/2024/35xxx/CVE-2024-35808.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35808", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/dm-raid: don't call md_reap_sync_thread() directly\n\nCurrently md_reap_sync_thread() is called from raid_message() directly\nwithout holding 'reconfig_mutex', this is definitely unsafe because\nmd_reap_sync_thread() can change many fields that is protected by\n'reconfig_mutex'.\n\nHowever, hold 'reconfig_mutex' here is still problematic because this\nwill cause deadlock, for example, commit 130443d60b1b (\"md: refactor\nidle/frozen_sync_thread() to fix deadlock\").\n\nFix this problem by using stop_sync_thread() to unregister sync_thread,\nlike md/raid did." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "be83651f0050", + "version_value": "347dcdc15a17" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "3.10", + "status": "affected" + }, + { + "version": "0", + "lessThan": "3.10", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/347dcdc15a1706f61aa545ae498ededdf31aeebc", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/347dcdc15a1706f61aa545ae498ededdf31aeebc" + }, + { + "url": "https://git.kernel.org/stable/c/9e59b8d76ff511505eb0dd1478329f09e0f04669", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9e59b8d76ff511505eb0dd1478329f09e0f04669" + }, + { + "url": "https://git.kernel.org/stable/c/cd32b27a66db8776d8b8e82ec7d7dde97a8693b0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/cd32b27a66db8776d8b8e82ec7d7dde97a8693b0" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35809.json b/2024/35xxx/CVE-2024-35809.json index 438d23b4e34..440fae2172b 100644 --- a/2024/35xxx/CVE-2024-35809.json +++ b/2024/35xxx/CVE-2024-35809.json @@ -1,18 +1,169 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35809", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/PM: Drain runtime-idle callbacks before driver removal\n\nA race condition between the .runtime_idle() callback and the .remove()\ncallback in the rtsx_pcr PCI driver leads to a kernel crash due to an\nunhandled page fault [1].\n\nThe problem is that rtsx_pci_runtime_idle() is not expected to be running\nafter pm_runtime_get_sync() has been called, but the latter doesn't really\nguarantee that. It only guarantees that the suspend and resume callbacks\nwill not be running when it returns.\n\nHowever, if a .runtime_idle() callback is already running when\npm_runtime_get_sync() is called, the latter will notice that the runtime PM\nstatus of the device is RPM_ACTIVE and it will return right away without\nwaiting for the former to complete. In fact, it cannot wait for\n.runtime_idle() to complete because it may be called from that callback (it\narguably does not make much sense to do that, but it is not strictly\nprohibited).\n\nThus in general, whoever is providing a .runtime_idle() callback needs\nto protect it from running in parallel with whatever code runs after\npm_runtime_get_sync(). [Note that .runtime_idle() will not start after\npm_runtime_get_sync() has returned, but it may continue running then if it\nhas started earlier.]\n\nOne way to address that race condition is to call pm_runtime_barrier()\nafter pm_runtime_get_sync() (not before it, because a nonzero value of the\nruntime PM usage counter is necessary to prevent runtime PM callbacks from\nbeing invoked) to wait for the .runtime_idle() callback to complete should\nit be running at that point. A suitable place for doing that is in\npci_device_remove() which calls pm_runtime_get_sync() before removing the\ndriver, so it may as well call pm_runtime_barrier() subsequently, which\nwill prevent the race in question from occurring, not just in the rtsx_pcr\ndriver, but in any PCI drivers providing .runtime_idle() callbacks." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "9a87375bb586" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.19.312", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.274", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/9a87375bb586515c0af63d5dcdcd58ec4acf20a6", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9a87375bb586515c0af63d5dcdcd58ec4acf20a6" + }, + { + "url": "https://git.kernel.org/stable/c/47d8aafcfe313511a98f165a54d0adceb34e54b1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/47d8aafcfe313511a98f165a54d0adceb34e54b1" + }, + { + "url": "https://git.kernel.org/stable/c/bbe068b24409ef740657215605284fc7cdddd491", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/bbe068b24409ef740657215605284fc7cdddd491" + }, + { + "url": "https://git.kernel.org/stable/c/7cc94dd36e48879e76ae7a8daea4ff322b7d9674", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7cc94dd36e48879e76ae7a8daea4ff322b7d9674" + }, + { + "url": "https://git.kernel.org/stable/c/900b81caf00c89417172afe0e7e49ac4eb110f4b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/900b81caf00c89417172afe0e7e49ac4eb110f4b" + }, + { + "url": "https://git.kernel.org/stable/c/d86ad8c3e152349454b82f37007ff6ba45f26989", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d86ad8c3e152349454b82f37007ff6ba45f26989" + }, + { + "url": "https://git.kernel.org/stable/c/d534198311c345e4b062c4b88bb609efb8bd91d5", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d534198311c345e4b062c4b88bb609efb8bd91d5" + }, + { + "url": "https://git.kernel.org/stable/c/6347348c6aba52dda0b33296684cbb627bdc6970", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6347348c6aba52dda0b33296684cbb627bdc6970" + }, + { + "url": "https://git.kernel.org/stable/c/9d5286d4e7f68beab450deddbb6a32edd5ecf4bf", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9d5286d4e7f68beab450deddbb6a32edd5ecf4bf" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35810.json b/2024/35xxx/CVE-2024-35810.json index b92aa09347c..8c391827c4a 100644 --- a/2024/35xxx/CVE-2024-35810.json +++ b/2024/35xxx/CVE-2024-35810.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35810", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix the lifetime of the bo cursor memory\n\nThe cleanup can be dispatched while the atomic update is still active,\nwhich means that the memory acquired in the atomic update needs to\nnot be invalidated by the cleanup. The buffer objects in vmw_plane_state\ninstead of using the builtin map_and_cache were trying to handle\nthe lifetime of the mapped memory themselves, leading to crashes.\n\nUse the map_and_cache instead of trying to manage the lifetime of the\nbuffer objects held by the vmw_plane_state.\n\nFixes kernel oops'es in IGT's kms_cursor_legacy forked-bo." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "bb6780aa5a1d", + "version_value": "86cb706a40b7" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.2", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.2", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/86cb706a40b7e6b2221ee49a298a65ad9b46c02d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/86cb706a40b7e6b2221ee49a298a65ad9b46c02d" + }, + { + "url": "https://git.kernel.org/stable/c/104a5b2772bc7c0715ae7355ccf9d294a472765c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/104a5b2772bc7c0715ae7355ccf9d294a472765c" + }, + { + "url": "https://git.kernel.org/stable/c/ed381800ea6d9a4c7f199235a471c0c48100f0ae", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ed381800ea6d9a4c7f199235a471c0c48100f0ae" + }, + { + "url": "https://git.kernel.org/stable/c/9a9e8a7159ca09af9b1a300a6c8e8b6ff7501c76", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9a9e8a7159ca09af9b1a300a6c8e8b6ff7501c76" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35811.json b/2024/35xxx/CVE-2024-35811.json index 73124011008..1785442ec72 100644 --- a/2024/35xxx/CVE-2024-35811.json +++ b/2024/35xxx/CVE-2024-35811.json @@ -1,18 +1,179 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35811", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach\n\nThis is the candidate patch of CVE-2023-47233 :\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-47233\n\nIn brcm80211 driver,it starts with the following invoking chain\nto start init a timeout worker:\n\n->brcmf_usb_probe\n ->brcmf_usb_probe_cb\n ->brcmf_attach\n ->brcmf_bus_started\n ->brcmf_cfg80211_attach\n ->wl_init_priv\n ->brcmf_init_escan\n ->INIT_WORK(&cfg->escan_timeout_work,\n\t\t brcmf_cfg80211_escan_timeout_worker);\n\nIf we disconnect the USB by hotplug, it will call\nbrcmf_usb_disconnect to make cleanup. The invoking chain is :\n\nbrcmf_usb_disconnect\n ->brcmf_usb_disconnect_cb\n ->brcmf_detach\n ->brcmf_cfg80211_detach\n ->kfree(cfg);\n\nWhile the timeout woker may still be running. This will cause\na use-after-free bug on cfg in brcmf_cfg80211_escan_timeout_worker.\n\nFix it by deleting the timer and canceling the worker in\nbrcmf_cfg80211_detach.\n\n[arend.vanspriel@broadcom.com: keep timer delete as is and cancel work just before free]" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "e756af5b30b0", + "version_value": "202c50393504" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "3.7", + "status": "affected" + }, + { + "version": "0", + "lessThan": "3.7", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.312", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.274", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/202c503935042272e2f9e1bb549d5f69a8681169", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/202c503935042272e2f9e1bb549d5f69a8681169" + }, + { + "url": "https://git.kernel.org/stable/c/8e3f03f4ef7c36091f46e7349096efb5a2cdb3a1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8e3f03f4ef7c36091f46e7349096efb5a2cdb3a1" + }, + { + "url": "https://git.kernel.org/stable/c/bacb8c3ab86dcd760c15903fcee58169bc3026aa", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/bacb8c3ab86dcd760c15903fcee58169bc3026aa" + }, + { + "url": "https://git.kernel.org/stable/c/8c36205123dc57349b59b4f1a2301eb278cbc731", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8c36205123dc57349b59b4f1a2301eb278cbc731" + }, + { + "url": "https://git.kernel.org/stable/c/0b812f706fd7090be74812101114a0e165b36744", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0b812f706fd7090be74812101114a0e165b36744" + }, + { + "url": "https://git.kernel.org/stable/c/190794848e2b9d15de92d502b6ac652806904f5a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/190794848e2b9d15de92d502b6ac652806904f5a" + }, + { + "url": "https://git.kernel.org/stable/c/6678a1e7d896c00030b31491690e8ddc9a90767a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6678a1e7d896c00030b31491690e8ddc9a90767a" + }, + { + "url": "https://git.kernel.org/stable/c/0a7591e14a8da794d0b93b5d1c6254ccb23adacb", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0a7591e14a8da794d0b93b5d1c6254ccb23adacb" + }, + { + "url": "https://git.kernel.org/stable/c/0f7352557a35ab7888bc7831411ec8a3cbe20d78", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0f7352557a35ab7888bc7831411ec8a3cbe20d78" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35812.json b/2024/35xxx/CVE-2024-35812.json index c64dadd3b5e..787ab400e19 100644 --- a/2024/35xxx/CVE-2024-35812.json +++ b/2024/35xxx/CVE-2024-35812.json @@ -1,18 +1,256 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35812", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdc-wdm: close race between read and workqueue\n\nwdm_read() cannot race with itself. However, in\nservice_outstanding_interrupt() it can race with the\nworkqueue, which can be triggered by error handling.\n\nHence we need to make sure that the WDM_RESPONDING\nflag is not just only set but tested." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "afba937e540c", + "version_value": "590441121960" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "2.6.26", + "status": "affected" + }, + { + "version": "0", + "lessThan": "2.6.26", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.312", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.313", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.274", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.275", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.216", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.157", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.88", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.29", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.8", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/5904411219601127ffdbd2d622bb5d67f9d8d16c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5904411219601127ffdbd2d622bb5d67f9d8d16c" + }, + { + "url": "https://git.kernel.org/stable/c/347cca11bb78b9f3c29b45a9c52e70258bd008bf", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/347cca11bb78b9f3c29b45a9c52e70258bd008bf" + }, + { + "url": "https://git.kernel.org/stable/c/3afdcc4e1a00facad210f5c5891bb2fbc026067f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3afdcc4e1a00facad210f5c5891bb2fbc026067f" + }, + { + "url": "https://git.kernel.org/stable/c/164be0a824387301312689bb29b2be92ab2cd39d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/164be0a824387301312689bb29b2be92ab2cd39d" + }, + { + "url": "https://git.kernel.org/stable/c/9b319f4a88094b2e020e6db6e819c808d890098d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9b319f4a88094b2e020e6db6e819c808d890098d" + }, + { + "url": "https://git.kernel.org/stable/c/ab92e11b73b48b79f144421430891f3aa6242656", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ab92e11b73b48b79f144421430891f3aa6242656" + }, + { + "url": "https://git.kernel.org/stable/c/a86e54a345139f1a7668c9f83bdc7ac6f91b6f78", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a86e54a345139f1a7668c9f83bdc7ac6f91b6f78" + }, + { + "url": "https://git.kernel.org/stable/c/7182175f565ffffa2ba1911726c5656bfc7a1bae", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7182175f565ffffa2ba1911726c5656bfc7a1bae" + }, + { + "url": "https://git.kernel.org/stable/c/916cd2fcbc1e344bcabf4b2a834cdf5a0417d30c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/916cd2fcbc1e344bcabf4b2a834cdf5a0417d30c" + }, + { + "url": "https://git.kernel.org/stable/c/8672ad663a22d0e4a325bb7d817b36ec412b967c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8672ad663a22d0e4a325bb7d817b36ec412b967c" + }, + { + "url": "https://git.kernel.org/stable/c/da3b75931bb737be74d6b4341e0080f233ed1409", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/da3b75931bb737be74d6b4341e0080f233ed1409" + }, + { + "url": "https://git.kernel.org/stable/c/2ff436b6399859e06539a2b9c667897d3cc85ad5", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2ff436b6399859e06539a2b9c667897d3cc85ad5" + }, + { + "url": "https://git.kernel.org/stable/c/9723602387217caa71d623ffcce314dc39e84a09", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9723602387217caa71d623ffcce314dc39e84a09" + }, + { + "url": "https://git.kernel.org/stable/c/19f955ad9437a6859a529af34e2eafd903d5e7c1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/19f955ad9437a6859a529af34e2eafd903d5e7c1" + }, + { + "url": "https://git.kernel.org/stable/c/e4e47e406d74cab601b2ab21ba5e3add811e05ae", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e4e47e406d74cab601b2ab21ba5e3add811e05ae" + }, + { + "url": "https://git.kernel.org/stable/c/339f83612f3a569b194680768b22bf113c26a29d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/339f83612f3a569b194680768b22bf113c26a29d" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35813.json b/2024/35xxx/CVE-2024-35813.json index bd45a6c298c..363b3e29e50 100644 --- a/2024/35xxx/CVE-2024-35813.json +++ b/2024/35xxx/CVE-2024-35813.json @@ -1,18 +1,198 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35813", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: core: Avoid negative index with array access\n\nCommit 4d0c8d0aef63 (\"mmc: core: Use mrq.sbc in close-ended ffu\") assigns\nprev_idata = idatas[i - 1], but doesn't check that the iterator i is\ngreater than zero. Let's fix this by adding a check." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "f49f9e802785", + "version_value": "b9a7339ae403" + }, + { + "version_affected": "<", + "version_name": "59020bf0999f", + "version_value": "2b539c88940e" + }, + { + "version_affected": "<", + "version_name": "50b8b7a22e90", + "version_value": "81b8645feca0" + }, + { + "version_affected": "<", + "version_name": "c4edcd134bb7", + "version_value": "ad9cc5e9e53a" + }, + { + "version_affected": "<", + "version_name": "1653a8102868", + "version_value": "4466677dcabe" + }, + { + "version_affected": "<", + "version_name": "eed9119f8f8e", + "version_value": "064db53f9023" + }, + { + "version_affected": "<", + "version_name": "4d0c8d0aef63", + "version_value": "7d0e8a614755" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.8", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.8", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.274", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/b9a7339ae403035ffe7fc37cb034b36947910f68", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b9a7339ae403035ffe7fc37cb034b36947910f68" + }, + { + "url": "https://git.kernel.org/stable/c/2b539c88940e22494da80a93ee1c5a28bbad10f6", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2b539c88940e22494da80a93ee1c5a28bbad10f6" + }, + { + "url": "https://git.kernel.org/stable/c/81b8645feca08a54c7c4bf36e7b176f4983b2f28", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/81b8645feca08a54c7c4bf36e7b176f4983b2f28" + }, + { + "url": "https://git.kernel.org/stable/c/ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55" + }, + { + "url": "https://git.kernel.org/stable/c/4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2" + }, + { + "url": "https://git.kernel.org/stable/c/064db53f9023a2d5877a2d12de6bc27995f6ca56", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/064db53f9023a2d5877a2d12de6bc27995f6ca56" + }, + { + "url": "https://git.kernel.org/stable/c/7d0e8a6147550aa058fa6ade8583ad252aa61304", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7d0e8a6147550aa058fa6ade8583ad252aa61304" + }, + { + "url": "https://git.kernel.org/stable/c/cf55a7acd1ed38afe43bba1c8a0935b51d1dc014", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/cf55a7acd1ed38afe43bba1c8a0935b51d1dc014" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35814.json b/2024/35xxx/CVE-2024-35814.json index 13950668207..956b0b82920 100644 --- a/2024/35xxx/CVE-2024-35814.json +++ b/2024/35xxx/CVE-2024-35814.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35814", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nswiotlb: Fix double-allocation of slots due to broken alignment handling\n\nCommit bbb73a103fbb (\"swiotlb: fix a braino in the alignment check fix\"),\nwhich was a fix for commit 0eee5ae10256 (\"swiotlb: fix slot alignment\nchecks\"), causes a functional regression with vsock in a virtual machine\nusing bouncing via a restricted DMA SWIOTLB pool.\n\nWhen virtio allocates the virtqueues for the vsock device using\ndma_alloc_coherent(), the SWIOTLB search can return page-unaligned\nallocations if 'area->index' was left unaligned by a previous allocation\nfrom the buffer:\n\n # Final address in brackets is the SWIOTLB address returned to the caller\n | virtio-pci 0000:00:07.0: orig_addr 0x0 alloc_size 0x2000, iotlb_align_mask 0x800 stride 0x2: got slot 1645-1649/7168 (0x98326800)\n | virtio-pci 0000:00:07.0: orig_addr 0x0 alloc_size 0x2000, iotlb_align_mask 0x800 stride 0x2: got slot 1649-1653/7168 (0x98328800)\n | virtio-pci 0000:00:07.0: orig_addr 0x0 alloc_size 0x2000, iotlb_align_mask 0x800 stride 0x2: got slot 1653-1657/7168 (0x9832a800)\n\nThis ends badly (typically buffer corruption and/or a hang) because\nswiotlb_alloc() is expecting a page-aligned allocation and so blindly\nreturns a pointer to the 'struct page' corresponding to the allocation,\ntherefore double-allocating the first half (2KiB slot) of the 4KiB page.\n\nFix the problem by treating the allocation alignment separately to any\nadditional alignment requirements from the device, using the maximum\nof the two as the stride to search the buffer slots and taking care\nto ensure a minimum of page-alignment for buffers larger than a page.\n\nThis also resolves swiotlb allocation failures occuring due to the\ninclusion of ~PAGE_MASK in 'iotlb_align_mask' for large allocations and\nresulting in alignment requirements exceeding swiotlb_max_mapping_size()." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0eee5ae10256", + "version_value": "3e7acd6e25ba" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.3", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.3", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/3e7acd6e25ba77dde48c3b721c54c89cd6a10534", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3e7acd6e25ba77dde48c3b721c54c89cd6a10534" + }, + { + "url": "https://git.kernel.org/stable/c/c88668aa6c1da240ea3eb4d128b7906e740d3cb8", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c88668aa6c1da240ea3eb4d128b7906e740d3cb8" + }, + { + "url": "https://git.kernel.org/stable/c/777391743771040e12cc40d3d0d178f70c616491", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/777391743771040e12cc40d3d0d178f70c616491" + }, + { + "url": "https://git.kernel.org/stable/c/04867a7a33324c9c562ee7949dbcaab7aaad1fb4", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/04867a7a33324c9c562ee7949dbcaab7aaad1fb4" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35815.json b/2024/35xxx/CVE-2024-35815.json index c7ca92f56aa..62b3bb00bc9 100644 --- a/2024/35xxx/CVE-2024-35815.json +++ b/2024/35xxx/CVE-2024-35815.json @@ -1,18 +1,172 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35815", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion\n\nThe first kiocb_set_cancel_fn() argument may point at a struct kiocb\nthat is not embedded inside struct aio_kiocb. With the current code,\ndepending on the compiler, the req->ki_ctx read happens either before\nthe IOCB_AIO_RW test or after that test. Move the req->ki_ctx read such\nthat it is guaranteed that the IOCB_AIO_RW test happens first." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "337b543e274f", + "version_value": "10ca82aff584" + }, + { + "version_affected": "<", + "version_name": "b4eea7a05ee0", + "version_value": "396dbbc18963" + }, + { + "version_affected": "<", + "version_name": "ea1cd64d59f2", + "version_value": "94eb0293703c" + }, + { + "version_affected": "<", + "version_name": "d7b6fa97ec89", + "version_value": "a71cba07783a" + }, + { + "version_affected": "<", + "version_name": "18f614369def", + "version_value": "18d5fc3c16cc" + }, + { + "version_affected": "<", + "version_name": "e7e23fc5d5fe", + "version_value": "c01ed748847f" + }, + { + "version_affected": "<", + "version_name": "1dc7d74fe456", + "version_value": "5c43d0041e3a" + }, + { + "version_affected": "<", + "version_name": "b820de741ae4", + "version_value": "961ebd120565" + }, + { + "version_affected": "<", + "version_name": "4.19.308", + "version_value": "4.19.312" + }, + { + "version_affected": "<", + "version_name": "5.4.270", + "version_value": "5.4.274" + }, + { + "version_affected": "<", + "version_name": "5.10.211", + "version_value": "5.10.215" + }, + { + "version_affected": "<", + "version_name": "5.15.150", + "version_value": "5.15.154" + }, + { + "version_affected": "<", + "version_name": "6.1.80", + "version_value": "6.1.84" + }, + { + "version_affected": "<", + "version_name": "6.6.19", + "version_value": "6.6.24" + }, + { + "version_affected": "<", + "version_name": "6.7.7", + "version_value": "6.7.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/10ca82aff58434e122c7c757cf0497c335f993f3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/10ca82aff58434e122c7c757cf0497c335f993f3" + }, + { + "url": "https://git.kernel.org/stable/c/396dbbc18963648e9d1a4edbb55cfe08fa374d50", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/396dbbc18963648e9d1a4edbb55cfe08fa374d50" + }, + { + "url": "https://git.kernel.org/stable/c/94eb0293703ced580f05dfbe5a57da5931e9aee2", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/94eb0293703ced580f05dfbe5a57da5931e9aee2" + }, + { + "url": "https://git.kernel.org/stable/c/a71cba07783abc76b547568b6452cd1dd9981410", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a71cba07783abc76b547568b6452cd1dd9981410" + }, + { + "url": "https://git.kernel.org/stable/c/18d5fc3c16cc317bd0e5f5dabe0660df415cadb7", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/18d5fc3c16cc317bd0e5f5dabe0660df415cadb7" + }, + { + "url": "https://git.kernel.org/stable/c/c01ed748847fe8b810d86efc229b9e6c7fafa01e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c01ed748847fe8b810d86efc229b9e6c7fafa01e" + }, + { + "url": "https://git.kernel.org/stable/c/5c43d0041e3a05c6c41c318b759fff16d2384596", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5c43d0041e3a05c6c41c318b759fff16d2384596" + }, + { + "url": "https://git.kernel.org/stable/c/961ebd120565cb60cebe21cb634fbc456022db4a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/961ebd120565cb60cebe21cb634fbc456022db4a" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35816.json b/2024/35xxx/CVE-2024-35816.json index 07e9fa6b056..34271973cde 100644 --- a/2024/35xxx/CVE-2024-35816.json +++ b/2024/35xxx/CVE-2024-35816.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35816", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: ohci: prevent leak of left-over IRQ on unbind\n\nCommit 5a95f1ded28691e6 (\"firewire: ohci: use devres for requested IRQ\")\nalso removed the call to free_irq() in pci_remove(), leading to a\nleftover irq of devm_request_irq() at pci_disable_msi() in pci_remove()\nwhen unbinding the driver from the device\n\nremove_proc_entry: removing non-empty directory 'irq/136', leaking at\nleast 'firewire_ohci'\nCall Trace:\n ? remove_proc_entry+0x19c/0x1c0\n ? __warn+0x81/0x130\n ? remove_proc_entry+0x19c/0x1c0\n ? report_bug+0x171/0x1a0\n ? console_unlock+0x78/0x120\n ? handle_bug+0x3c/0x80\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? remove_proc_entry+0x19c/0x1c0\n unregister_irq_proc+0xf4/0x120\n free_desc+0x3d/0xe0\n ? kfree+0x29f/0x2f0\n irq_free_descs+0x47/0x70\n msi_domain_free_locked.part.0+0x19d/0x1d0\n msi_domain_free_irqs_all_locked+0x81/0xc0\n pci_free_msi_irqs+0x12/0x40\n pci_disable_msi+0x4c/0x60\n pci_remove+0x9d/0xc0 [firewire_ohci\n 01b483699bebf9cb07a3d69df0aa2bee71db1b26]\n pci_device_remove+0x37/0xa0\n device_release_driver_internal+0x19f/0x200\n unbind_store+0xa1/0xb0\n\nremove irq with devm_free_irq() before pci_disable_msi()\nalso remove it in fail_msi: of pci_probe() as this would lead to\nan identical leak" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5a95f1ded286", + "version_value": "43c70cbc2502" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.5", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.5", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/43c70cbc2502cf2557105c662eeed6a15d082b88", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/43c70cbc2502cf2557105c662eeed6a15d082b88" + }, + { + "url": "https://git.kernel.org/stable/c/318f6d53dd425c400e35f1a9b7af682c2c6a66d6", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/318f6d53dd425c400e35f1a9b7af682c2c6a66d6" + }, + { + "url": "https://git.kernel.org/stable/c/575801663c7dc38f826212b39e3b91a4a8661c33", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/575801663c7dc38f826212b39e3b91a4a8661c33" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35817.json b/2024/35xxx/CVE-2024-35817.json index 3c37f126235..cd0662063af 100644 --- a/2024/35xxx/CVE-2024-35817.json +++ b/2024/35xxx/CVE-2024-35817.json @@ -1,18 +1,136 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35817", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag\n\nOtherwise after the GTT bo is released, the GTT and gart space is freed\nbut amdgpu_ttm_backend_unbind will not clear the gart page table entry\nand leave valid mapping entry pointing to the stale system page. Then\nif GPU access the gart address mistakely, it will read undefined value\ninstead page fault, harder to debug and reproduce the real issue." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "5d5f1a7f3b10" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/5d5f1a7f3b1039925f79c7894f153c2a905201fb", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5d5f1a7f3b1039925f79c7894f153c2a905201fb" + }, + { + "url": "https://git.kernel.org/stable/c/589c414138a1bed98e652c905937d8f790804efe", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/589c414138a1bed98e652c905937d8f790804efe" + }, + { + "url": "https://git.kernel.org/stable/c/6fcd12cb90888ef2d8af8d4c04e913252eee4ef3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6fcd12cb90888ef2d8af8d4c04e913252eee4ef3" + }, + { + "url": "https://git.kernel.org/stable/c/e8d27caef2c829a306e1f762fb95f06e8ec676f6", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e8d27caef2c829a306e1f762fb95f06e8ec676f6" + }, + { + "url": "https://git.kernel.org/stable/c/5cdce3dda3b3dacde902f63a8ee72c2b7f91912d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5cdce3dda3b3dacde902f63a8ee72c2b7f91912d" + }, + { + "url": "https://git.kernel.org/stable/c/6c6064cbe58b43533e3451ad6a8ba9736c109ac3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6c6064cbe58b43533e3451ad6a8ba9736c109ac3" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35818.json b/2024/35xxx/CVE-2024-35818.json index 3d93146453d..3f35839a4d1 100644 --- a/2024/35xxx/CVE-2024-35818.json +++ b/2024/35xxx/CVE-2024-35818.json @@ -1,18 +1,125 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35818", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Define the __io_aw() hook as mmiowb()\n\nCommit fb24ea52f78e0d595852e (\"drivers: Remove explicit invocations of\nmmiowb()\") remove all mmiowb() in drivers, but it says:\n\n\"NOTE: mmiowb() has only ever guaranteed ordering in conjunction with\nspin_unlock(). However, pairing each mmiowb() removal in this patch with\nthe corresponding call to spin_unlock() is not at all trivial, so there\nis a small chance that this change may regress any drivers incorrectly\nrelying on mmiowb() to order MMIO writes between CPUs using lock-free\nsynchronisation.\"\n\nThe mmio in radeon_ring_commit() is protected by a mutex rather than a\nspinlock, but in the mutex fastpath it behaves similar to spinlock. We\ncan add mmiowb() calls in the radeon driver but the maintainer says he\ndoesn't like such a workaround, and radeon is not the only example of\nmutex protected mmio.\n\nSo we should extend the mmiowb tracking system from spinlock to mutex,\nand maybe other locking primitives. This is not easy and error prone, so\nwe solve it in the architectural code, by simply defining the __io_aw()\nhook as mmiowb(). And we no longer need to override queued_spin_unlock()\nso use the generic definition.\n\nWithout this, we get such an error when run 'glxgears' on weak ordering\narchitectures such as LoongArch:\n\nradeon 0000:04:00.0: ring 0 stalled for more than 10324msec\nradeon 0000:04:00.0: ring 3 stalled for more than 10240msec\nradeon 0000:04:00.0: GPU lockup (current fence id 0x000000000001f412 last fence id 0x000000000001f414 on ring 3)\nradeon 0000:04:00.0: GPU lockup (current fence id 0x000000000000f940 last fence id 0x000000000000f941 on ring 0)\nradeon 0000:04:00.0: scheduling IB failed (-35).\n[drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35)\nradeon 0000:04:00.0: scheduling IB failed (-35).\n[drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35)\nradeon 0000:04:00.0: scheduling IB failed (-35).\n[drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35)\nradeon 0000:04:00.0: scheduling IB failed (-35).\n[drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35)\nradeon 0000:04:00.0: scheduling IB failed (-35).\n[drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35)\nradeon 0000:04:00.0: scheduling IB failed (-35).\n[drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35)\nradeon 0000:04:00.0: scheduling IB failed (-35).\n[drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35)" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "97cd43ba824a" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/97cd43ba824aec764f5ea2790d0c0a318f885167", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/97cd43ba824aec764f5ea2790d0c0a318f885167" + }, + { + "url": "https://git.kernel.org/stable/c/d7d7c6cdea875be3b241d7d39873bb431db7154d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d7d7c6cdea875be3b241d7d39873bb431db7154d" + }, + { + "url": "https://git.kernel.org/stable/c/0b61a7dc6712b78799b3949997e8a5e94db5c4b0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0b61a7dc6712b78799b3949997e8a5e94db5c4b0" + }, + { + "url": "https://git.kernel.org/stable/c/9adec248bba33b1503252caf8e59d81febfc5ceb", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9adec248bba33b1503252caf8e59d81febfc5ceb" + }, + { + "url": "https://git.kernel.org/stable/c/9c68ece8b2a5c5ff9b2fcaea923dd73efeb174cd", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9c68ece8b2a5c5ff9b2fcaea923dd73efeb174cd" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35819.json b/2024/35xxx/CVE-2024-35819.json index 9462a66d7e6..969466f8e0c 100644 --- a/2024/35xxx/CVE-2024-35819.json +++ b/2024/35xxx/CVE-2024-35819.json @@ -1,18 +1,179 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35819", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: fsl: qbman: Use raw spinlock for cgr_lock\n\nsmp_call_function always runs its callback in hard IRQ context, even on\nPREEMPT_RT, where spinlocks can sleep. So we need to use a raw spinlock\nfor cgr_lock to ensure we aren't waiting on a sleeping task.\n\nAlthough this bug has existed for a while, it was not apparent until\ncommit ef2a8d5478b9 (\"net: dpaa: Adjust queue depth on rate change\")\nwhich invokes smp_call_function_single via qman_update_cgr_safe every\ntime a link goes up or down." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "96f413f47677", + "version_value": "2b3fede82251" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.16", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.16", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.312", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.274", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/2b3fede8225133671ce837c0d284804aa3bc7a02", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2b3fede8225133671ce837c0d284804aa3bc7a02" + }, + { + "url": "https://git.kernel.org/stable/c/ff50716b7d5b7985979a5b21163cd79fb3d21d59", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ff50716b7d5b7985979a5b21163cd79fb3d21d59" + }, + { + "url": "https://git.kernel.org/stable/c/32edca2f03a6cc42c650ddc3ad83d086e3f365d1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/32edca2f03a6cc42c650ddc3ad83d086e3f365d1" + }, + { + "url": "https://git.kernel.org/stable/c/9a3ca8292ce9fdcce122706c28c3f07bc857fe5e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9a3ca8292ce9fdcce122706c28c3f07bc857fe5e" + }, + { + "url": "https://git.kernel.org/stable/c/d6b5aac451c9cc12e43ab7308e0e2ddc52c62c14", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d6b5aac451c9cc12e43ab7308e0e2ddc52c62c14" + }, + { + "url": "https://git.kernel.org/stable/c/54d26adf64c04f186098b39dba86b86037084baa", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/54d26adf64c04f186098b39dba86b86037084baa" + }, + { + "url": "https://git.kernel.org/stable/c/f39d36b7540cf0088ed7ce2de2794f2aa237f6df", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f39d36b7540cf0088ed7ce2de2794f2aa237f6df" + }, + { + "url": "https://git.kernel.org/stable/c/cd53a8ae5aacb4ecd25088486dea1cd02e74b506", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/cd53a8ae5aacb4ecd25088486dea1cd02e74b506" + }, + { + "url": "https://git.kernel.org/stable/c/fbec4e7fed89b579f2483041fabf9650fb0dd6bc", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/fbec4e7fed89b579f2483041fabf9650fb0dd6bc" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35820.json b/2024/35xxx/CVE-2024-35820.json index 3d143e90ad3..17a215ef44b 100644 --- a/2024/35xxx/CVE-2024-35820.json +++ b/2024/35xxx/CVE-2024-35820.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35820", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix io_queue_proc modifying req->flags\n\nWith multiple poll entries __io_queue_proc() might be running in\nparallel with poll handlers and possibly task_work, we should not be\ncarelessly modifying req->flags there. io_poll_double_prepare() handles\na similar case with locking but it's much easier to move it into\n__io_arm_poll_handler()." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "595e52284d24", + "version_value": "51a490a7f63c" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.7", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.7", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/51a490a7f63cae0754120e7c04f4f47920bd48db", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/51a490a7f63cae0754120e7c04f4f47920bd48db" + }, + { + "url": "https://git.kernel.org/stable/c/0ecb8919469e6d5c74eea24086b34ce1bda5aef7", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0ecb8919469e6d5c74eea24086b34ce1bda5aef7" + }, + { + "url": "https://git.kernel.org/stable/c/1a8ec63b2b6c91caec87d4e132b1f71b5df342be", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/1a8ec63b2b6c91caec87d4e132b1f71b5df342be" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35821.json b/2024/35xxx/CVE-2024-35821.json index feaa87d923a..58b5fb1209a 100644 --- a/2024/35xxx/CVE-2024-35821.json +++ b/2024/35xxx/CVE-2024-35821.json @@ -1,18 +1,179 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35821", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Set page uptodate in the correct place\n\nPage cache reads are lockless, so setting the freshly allocated page\nuptodate before we've overwritten it with the data it's supposed to have\nin it will allow a simultaneous reader to see old data. Move the call\nto SetPageUptodate into ubifs_write_end(), which is after we copied the\nnew data into the page." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1e51764a3c2a", + "version_value": "4aa554832b9d" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "2.6.27", + "status": "affected" + }, + { + "version": "0", + "lessThan": "2.6.27", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.312", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.274", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/4aa554832b9dc9e66249df75b8f447d87853e12e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4aa554832b9dc9e66249df75b8f447d87853e12e" + }, + { + "url": "https://git.kernel.org/stable/c/778c6ad40256f1c03244fc06d7cdf71f6b5e7310", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/778c6ad40256f1c03244fc06d7cdf71f6b5e7310" + }, + { + "url": "https://git.kernel.org/stable/c/8f599ab6fabbca4c741107eade70722a98adfd9f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8f599ab6fabbca4c741107eade70722a98adfd9f" + }, + { + "url": "https://git.kernel.org/stable/c/f19b1023a3758f40791ec166038d6411c8894ae3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f19b1023a3758f40791ec166038d6411c8894ae3" + }, + { + "url": "https://git.kernel.org/stable/c/142d87c958d9454c3cffa625fab56f3016e8f9f3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/142d87c958d9454c3cffa625fab56f3016e8f9f3" + }, + { + "url": "https://git.kernel.org/stable/c/fc99f4e2d2f1ce766c14e98463c2839194ae964f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/fc99f4e2d2f1ce766c14e98463c2839194ae964f" + }, + { + "url": "https://git.kernel.org/stable/c/4b7c4fc60d6a46350fbe54f5dc937aeaa02e675e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4b7c4fc60d6a46350fbe54f5dc937aeaa02e675e" + }, + { + "url": "https://git.kernel.org/stable/c/17772bbe9cfa972ea1ff827319f6e1340de76566", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/17772bbe9cfa972ea1ff827319f6e1340de76566" + }, + { + "url": "https://git.kernel.org/stable/c/723012cab779eee8228376754e22c6594229bf8f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/723012cab779eee8228376754e22c6594229bf8f" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35822.json b/2024/35xxx/CVE-2024-35822.json index 187ba3e2ef3..bcd29ab9b34 100644 --- a/2024/35xxx/CVE-2024-35822.json +++ b/2024/35xxx/CVE-2024-35822.json @@ -1,18 +1,169 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35822", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: udc: remove warning when queue disabled ep\n\nIt is possible trigger below warning message from mass storage function,\n\nWARNING: CPU: 6 PID: 3839 at drivers/usb/gadget/udc/core.c:294 usb_ep_queue+0x7c/0x104\npc : usb_ep_queue+0x7c/0x104\nlr : fsg_main_thread+0x494/0x1b3c\n\nRoot cause is mass storage function try to queue request from main thread,\nbut other thread may already disable ep when function disable.\n\nAs there is no function failure in the driver, in order to avoid effort\nto fix warning, change WARN_ON_ONCE() in usb_ep_queue() to pr_debug()." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "2b002c308e18" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.19.312", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.274", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/2b002c308e184feeaeb72987bca3f1b11e5f70b8", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2b002c308e184feeaeb72987bca3f1b11e5f70b8" + }, + { + "url": "https://git.kernel.org/stable/c/68d951880d0c52c7f13dcefb5501b69b8605ce8c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/68d951880d0c52c7f13dcefb5501b69b8605ce8c" + }, + { + "url": "https://git.kernel.org/stable/c/3e944ddc17c042945d983e006df7860687a8849a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3e944ddc17c042945d983e006df7860687a8849a" + }, + { + "url": "https://git.kernel.org/stable/c/df5cbb908f1687e8ab97e222a16b7890d5501acf", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/df5cbb908f1687e8ab97e222a16b7890d5501acf" + }, + { + "url": "https://git.kernel.org/stable/c/f74c5e0b54b02706d9a862ac6cddade30ac86bcf", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f74c5e0b54b02706d9a862ac6cddade30ac86bcf" + }, + { + "url": "https://git.kernel.org/stable/c/99731076722eb7ed26b0c87c879da7bb71d24290", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/99731076722eb7ed26b0c87c879da7bb71d24290" + }, + { + "url": "https://git.kernel.org/stable/c/36177c2595df12225b95ce74eb1ac77b43d5a58c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/36177c2595df12225b95ce74eb1ac77b43d5a58c" + }, + { + "url": "https://git.kernel.org/stable/c/30511676eb54d480d014352bf784f02577a10252", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/30511676eb54d480d014352bf784f02577a10252" + }, + { + "url": "https://git.kernel.org/stable/c/2a587a035214fa1b5ef598aea0b81848c5b72e5e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2a587a035214fa1b5ef598aea0b81848c5b72e5e" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35823.json b/2024/35xxx/CVE-2024-35823.json index fb84c1f84c4..8ff7b0600db 100644 --- a/2024/35xxx/CVE-2024-35823.json +++ b/2024/35xxx/CVE-2024-35823.json @@ -1,18 +1,168 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35823", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt: fix unicode buffer corruption when deleting characters\n\nThis is the same issue that was fixed for the VGA text buffer in commit\n39cdb68c64d8 (\"vt: fix memory overlapping when deleting chars in the\nbuffer\"). The cure is also the same i.e. replace memcpy() with memmove()\ndue to the overlaping buffers." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "81732c3b2fed", + "version_value": "fc7dfe3d123f" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "3.7", + "status": "affected" + }, + { + "version": "0", + "lessThan": "3.7", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.312", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.274", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/fc7dfe3d123f00e720be80b920da287810a1f37d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/fc7dfe3d123f00e720be80b920da287810a1f37d" + }, + { + "url": "https://git.kernel.org/stable/c/ff7342090c1e8c5a37015c89822a68b275b46f8a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ff7342090c1e8c5a37015c89822a68b275b46f8a" + }, + { + "url": "https://git.kernel.org/stable/c/1ce408f75ccf1e25b3fddef75cca878b55f2ac90", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/1ce408f75ccf1e25b3fddef75cca878b55f2ac90" + }, + { + "url": "https://git.kernel.org/stable/c/0190d19d7651c08abc187dac3819c61b726e7e3f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0190d19d7651c08abc187dac3819c61b726e7e3f" + }, + { + "url": "https://git.kernel.org/stable/c/994a1e583c0c206c8ca7d03334a65b79f4d8bc51", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/994a1e583c0c206c8ca7d03334a65b79f4d8bc51" + }, + { + "url": "https://git.kernel.org/stable/c/7529cbd8b5f6697b369803fe1533612c039cabda", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7529cbd8b5f6697b369803fe1533612c039cabda" + }, + { + "url": "https://git.kernel.org/stable/c/2933b1e4757a0a5c689cf48d80b1a2a85f237ff1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2933b1e4757a0a5c689cf48d80b1a2a85f237ff1" + }, + { + "url": "https://git.kernel.org/stable/c/1581dafaf0d34bc9c428a794a22110d7046d186d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/1581dafaf0d34bc9c428a794a22110d7046d186d" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35824.json b/2024/35xxx/CVE-2024-35824.json index 051236e8f43..ee97b116f0e 100644 --- a/2024/35xxx/CVE-2024-35824.json +++ b/2024/35xxx/CVE-2024-35824.json @@ -1,18 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35824", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume\n\nWhen not configured for wakeup lis3lv02d_i2c_suspend() will call\nlis3lv02d_poweroff() even if the device has already been turned off\nby the runtime-suspend handler and if configured for wakeup and\nthe device is runtime-suspended at this point then it is not turned\nback on to serve as a wakeup source.\n\nBefore commit b1b9f7a49440 (\"misc: lis3lv02d_i2c: Add missing setting\nof the reg_ctrl callback\"), lis3lv02d_poweroff() failed to disable\nthe regulators which as a side effect made calling poweroff() twice ok.\n\nNow that poweroff() correctly disables the regulators, doing this twice\ntriggers a WARN() in the regulator core:\n\nunbalanced disables for regulator-dummy\nWARNING: CPU: 1 PID: 92 at drivers/regulator/core.c:2999 _regulator_disable\n...\n\nFix lis3lv02d_i2c_suspend() to not call poweroff() a second time if\nalready runtime-suspended and add a poweron() call when necessary to\nmake wakeup work.\n\nlis3lv02d_i2c_resume() has similar issues, with an added weirness that\nit always powers on the device if it is runtime suspended, after which\nthe first runtime-resume will call poweron() again, causing the enabled\ncount for the regulator to increase by 1 every suspend/resume. These\nunbalanced regulator_enable() calls cause the regulator to never\nbe turned off and trigger the following WARN() on driver unbind:\n\nWARNING: CPU: 1 PID: 1724 at drivers/regulator/core.c:2396 _regulator_put\n\nFix this by making lis3lv02d_i2c_resume() mirror the new suspend()." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2c1164ad927e", + "version_value": "4154e7673541" + }, + { + "version_affected": "<", + "version_name": "1229ce1c4acd", + "version_value": "997ca4153846" + }, + { + "version_affected": "<", + "version_name": "755182e1e866", + "version_value": "f6df761182fc" + }, + { + "version_affected": "<", + "version_name": "b1b9f7a49440", + "version_value": "ac3e0384073b" + }, + { + "version_affected": "<", + "version_name": "6.1.77", + "version_value": "6.1.84" + }, + { + "version_affected": "<", + "version_name": "6.6.16", + "version_value": "6.6.24" + }, + { + "version_affected": "<", + "version_name": "6.7.4", + "version_value": "6.7.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/4154e767354140db7804207117e7238fb337b0e7", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4154e767354140db7804207117e7238fb337b0e7" + }, + { + "url": "https://git.kernel.org/stable/c/997ca415384612c8df76d99d9a768e0b3f42b325", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/997ca415384612c8df76d99d9a768e0b3f42b325" + }, + { + "url": "https://git.kernel.org/stable/c/f6df761182fc953907b18aba5049fc2a044ecb45", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f6df761182fc953907b18aba5049fc2a044ecb45" + }, + { + "url": "https://git.kernel.org/stable/c/ac3e0384073b2408d6cb0d972fee9fcc3776053d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ac3e0384073b2408d6cb0d972fee9fcc3776053d" + } + ] + }, + "generator": { + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36010.json b/2024/36xxx/CVE-2024-36010.json new file mode 100644 index 00000000000..ed02d1026a7 --- /dev/null +++ b/2024/36xxx/CVE-2024-36010.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36010", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36011.json b/2024/36xxx/CVE-2024-36011.json new file mode 100644 index 00000000000..d65df9a1320 --- /dev/null +++ b/2024/36xxx/CVE-2024-36011.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36011", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36012.json b/2024/36xxx/CVE-2024-36012.json new file mode 100644 index 00000000000..55b1e038744 --- /dev/null +++ b/2024/36xxx/CVE-2024-36012.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36012", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36013.json b/2024/36xxx/CVE-2024-36013.json new file mode 100644 index 00000000000..92d3f85c781 --- /dev/null +++ b/2024/36xxx/CVE-2024-36013.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36013", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36014.json b/2024/36xxx/CVE-2024-36014.json new file mode 100644 index 00000000000..1a3fc2f38f7 --- /dev/null +++ b/2024/36xxx/CVE-2024-36014.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36014", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36015.json b/2024/36xxx/CVE-2024-36015.json new file mode 100644 index 00000000000..1a8720c7b30 --- /dev/null +++ b/2024/36xxx/CVE-2024-36015.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36015", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36016.json b/2024/36xxx/CVE-2024-36016.json new file mode 100644 index 00000000000..561bce16679 --- /dev/null +++ b/2024/36xxx/CVE-2024-36016.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36016", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36017.json b/2024/36xxx/CVE-2024-36017.json new file mode 100644 index 00000000000..19d99a214e0 --- /dev/null +++ b/2024/36xxx/CVE-2024-36017.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36017", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36018.json b/2024/36xxx/CVE-2024-36018.json new file mode 100644 index 00000000000..b7069e10582 --- /dev/null +++ b/2024/36xxx/CVE-2024-36018.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36018", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36019.json b/2024/36xxx/CVE-2024-36019.json new file mode 100644 index 00000000000..01c21b6d385 --- /dev/null +++ b/2024/36xxx/CVE-2024-36019.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36019", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36020.json b/2024/36xxx/CVE-2024-36020.json new file mode 100644 index 00000000000..45dd52d6f34 --- /dev/null +++ b/2024/36xxx/CVE-2024-36020.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36020", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36021.json b/2024/36xxx/CVE-2024-36021.json new file mode 100644 index 00000000000..5e328616c05 --- /dev/null +++ b/2024/36xxx/CVE-2024-36021.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36021", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36022.json b/2024/36xxx/CVE-2024-36022.json new file mode 100644 index 00000000000..1fb2e8db9ea --- /dev/null +++ b/2024/36xxx/CVE-2024-36022.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36022", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36023.json b/2024/36xxx/CVE-2024-36023.json new file mode 100644 index 00000000000..20a3f6523c0 --- /dev/null +++ b/2024/36xxx/CVE-2024-36023.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36023", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36024.json b/2024/36xxx/CVE-2024-36024.json new file mode 100644 index 00000000000..16e622efae6 --- /dev/null +++ b/2024/36xxx/CVE-2024-36024.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36024", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36025.json b/2024/36xxx/CVE-2024-36025.json new file mode 100644 index 00000000000..cafc37fc2d7 --- /dev/null +++ b/2024/36xxx/CVE-2024-36025.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36025", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36026.json b/2024/36xxx/CVE-2024-36026.json new file mode 100644 index 00000000000..752d41e7cd2 --- /dev/null +++ b/2024/36xxx/CVE-2024-36026.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36026", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36027.json b/2024/36xxx/CVE-2024-36027.json new file mode 100644 index 00000000000..28ca0ada1f6 --- /dev/null +++ b/2024/36xxx/CVE-2024-36027.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36027", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36028.json b/2024/36xxx/CVE-2024-36028.json new file mode 100644 index 00000000000..5f2392e8dbe --- /dev/null +++ b/2024/36xxx/CVE-2024-36028.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36028", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36029.json b/2024/36xxx/CVE-2024-36029.json new file mode 100644 index 00000000000..6009271e995 --- /dev/null +++ b/2024/36xxx/CVE-2024-36029.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36029", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36030.json b/2024/36xxx/CVE-2024-36030.json new file mode 100644 index 00000000000..417cc6670fb --- /dev/null +++ b/2024/36xxx/CVE-2024-36030.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36030", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36031.json b/2024/36xxx/CVE-2024-36031.json new file mode 100644 index 00000000000..fd26636727c --- /dev/null +++ b/2024/36xxx/CVE-2024-36031.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36031", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36032.json b/2024/36xxx/CVE-2024-36032.json new file mode 100644 index 00000000000..72695e07dac --- /dev/null +++ b/2024/36xxx/CVE-2024-36032.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36032", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36033.json b/2024/36xxx/CVE-2024-36033.json new file mode 100644 index 00000000000..5a4e742d4b8 --- /dev/null +++ b/2024/36xxx/CVE-2024-36033.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36033", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5042.json b/2024/5xxx/CVE-2024-5042.json index 6c57992cd2a..83e89a234de 100644 --- a/2024/5xxx/CVE-2024-5042.json +++ b/2024/5xxx/CVE-2024-5042.json @@ -1,17 +1,131 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5042", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execution with Unnecessary Privileges", + "cweId": "CWE-250" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Openshift Data Foundation 4", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-5042", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2024-5042" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280921", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2280921" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "null" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/5xxx/CVE-2024-5049.json b/2024/5xxx/CVE-2024-5049.json index 529fddee755..d61486e48f4 100644 --- a/2024/5xxx/CVE-2024-5049.json +++ b/2024/5xxx/CVE-2024-5049.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5049", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in Codezips E-Commerce Site 1.0. Affected by this issue is some unknown functionality of the file admin/editproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-264746 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in Codezips E-Commerce Site 1.0 entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei admin/editproduct.php. Durch das Beeinflussen des Arguments profilepic mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Codezips", + "product": { + "product_data": [ + { + "product_name": "E-Commerce Site", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.264746", + "refsource": "MISC", + "name": "https://vuldb.com/?id.264746" + }, + { + "url": "https://vuldb.com/?ctiid.264746", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.264746" + }, + { + "url": "https://vuldb.com/?submit.335838", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.335838" + }, + { + "url": "https://github.com/polaris0x1/CVE/issues/2", + "refsource": "MISC", + "name": "https://github.com/polaris0x1/CVE/issues/2" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "polaris0x1 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/5xxx/CVE-2024-5063.json b/2024/5xxx/CVE-2024-5063.json new file mode 100644 index 00000000000..976cecb2345 --- /dev/null +++ b/2024/5xxx/CVE-2024-5063.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5063", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5064.json b/2024/5xxx/CVE-2024-5064.json new file mode 100644 index 00000000000..30984fe6ba2 --- /dev/null +++ b/2024/5xxx/CVE-2024-5064.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5064", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5065.json b/2024/5xxx/CVE-2024-5065.json new file mode 100644 index 00000000000..b44a246f82a --- /dev/null +++ b/2024/5xxx/CVE-2024-5065.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5065", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5066.json b/2024/5xxx/CVE-2024-5066.json new file mode 100644 index 00000000000..375d0cbc02c --- /dev/null +++ b/2024/5xxx/CVE-2024-5066.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5066", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file