admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-12-29 03:25:22 +00:00
parent da76587fc1
commit 7e8c70749d
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
14 changed files with 1631 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
2024/56xxx/CVE-2024-56623.json
View File

@ -1,18 +1,136 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56623",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix use after free on unload\n\nSystem crash is observed with stack trace warning of use after\nfree. There are 2 signals to tell dpc_thread to terminate (UNLOADING\nflag and kthread_stop).\n\nOn setting the UNLOADING flag when dpc_thread happens to run at the time\nand sees the flag, this causes dpc_thread to exit and clean up\nitself. When kthread_stop is called for final cleanup, this causes use\nafter free.\n\nRemove UNLOADING signal to terminate dpc_thread. Use the kthread_stop\nas the main signal to exit dpc_thread.\n\n[596663.812935] kernel BUG at mm/slub.c:294!\n[596663.812950] invalid opcode: 0000 [#1] SMP PTI\n[596663.812957] CPU: 13 PID: 1475935 Comm: rmmod Kdump: loaded Tainted: G IOE --------- - - 4.18.0-240.el8.x86_64 #1\n[596663.812960] Hardware name: HP ProLiant DL380p Gen8, BIOS P70 08/20/2012\n[596663.812974] RIP: 0010:__slab_free+0x17d/0x360\n\n...\n[596663.813008] Call Trace:\n[596663.813022] ? __dentry_kill+0x121/0x170\n[596663.813030] ? _cond_resched+0x15/0x30\n[596663.813034] ? _cond_resched+0x15/0x30\n[596663.813039] ? wait_for_completion+0x35/0x190\n[596663.813048] ? try_to_wake_up+0x63/0x540\n[596663.813055] free_task+0x5a/0x60\n[596663.813061] kthread_stop+0xf3/0x100\n[596663.813103] qla2x00_remove_one+0x284/0x440 [qla2xxx]"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "12f04fc8580eafb0510f805749553eb6213f323e"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.10.231",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.174",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.120",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.66",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.5",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/12f04fc8580eafb0510f805749553eb6213f323e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/12f04fc8580eafb0510f805749553eb6213f323e"
},
{
"url": "https://git.kernel.org/stable/c/ca36d9d53745d5ec8946ef85006d4da605ea7c54",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ca36d9d53745d5ec8946ef85006d4da605ea7c54"
},
{
"url": "https://git.kernel.org/stable/c/b3e6f25176f248762a24d25ab8cf8c5e90874f80",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b3e6f25176f248762a24d25ab8cf8c5e90874f80"
},
{
"url": "https://git.kernel.org/stable/c/15369e774f27ec790f207de87c0b541e3f90b22d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/15369e774f27ec790f207de87c0b541e3f90b22d"
},
{
"url": "https://git.kernel.org/stable/c/6abf16d3c915b2feb68c1c8b25fcb71b13f98478",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6abf16d3c915b2feb68c1c8b25fcb71b13f98478"
},
{
"url": "https://git.kernel.org/stable/c/07c903db0a2ff84b68efa1a74a4de353ea591eb0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/07c903db0a2ff84b68efa1a74a4de353ea591eb0"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

92
2024/56xxx/CVE-2024-56624.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56624",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Fix out_fput in iommufd_fault_alloc()\n\nAs fput() calls the file->f_op->release op, where fault obj and ictx are\ngetting released, there is no need to release these two after fput() one\nmore time, which would result in imbalanced refcounts:\n refcount_t: decrement hit 0; leaking memory.\n WARNING: CPU: 48 PID: 2369 at lib/refcount.c:31 refcount_warn_saturate+0x60/0x230\n Call trace:\n refcount_warn_saturate+0x60/0x230 (P)\n refcount_warn_saturate+0x60/0x230 (L)\n iommufd_fault_fops_release+0x9c/0xe0 [iommufd]\n ...\n VFS: Close: file count is 0 (f_op=iommufd_fops [iommufd])\n WARNING: CPU: 48 PID: 2369 at fs/open.c:1507 filp_flush+0x3c/0xf0\n Call trace:\n filp_flush+0x3c/0xf0 (P)\n filp_flush+0x3c/0xf0 (L)\n __arm64_sys_close+0x34/0x98\n ...\n imbalanced put on file reference count\n WARNING: CPU: 48 PID: 2369 at fs/file.c:74 __file_ref_put+0x100/0x138\n Call trace:\n __file_ref_put+0x100/0x138 (P)\n __file_ref_put+0x100/0x138 (L)\n __fput_sync+0x4c/0xd0\n\nDrop those two lines to fix the warnings above."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "07838f7fd529c8a6de44b601d4b7057e6c8d36ed",
"version_value": "2b3f30c8edbf9a122ce01f13f0f41fbca5f1d41d"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.11",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.11",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.5",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/2b3f30c8edbf9a122ce01f13f0f41fbca5f1d41d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2b3f30c8edbf9a122ce01f13f0f41fbca5f1d41d"
},
{
"url": "https://git.kernel.org/stable/c/af7f4780514f850322b2959032ecaa96e4b26472",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/af7f4780514f850322b2959032ecaa96e4b26472"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

125
2024/56xxx/CVE-2024-56625.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56625",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: dev: can_set_termination(): allow sleeping GPIOs\n\nIn commit 6e86a1543c37 (\"can: dev: provide optional GPIO based\ntermination support\") GPIO based termination support was added.\n\nFor no particular reason that patch uses gpiod_set_value() to set the\nGPIO. This leads to the following warning, if the systems uses a\nsleeping GPIO, i.e. behind an I2C port expander:\n\n| WARNING: CPU: 0 PID: 379 at /drivers/gpio/gpiolib.c:3496 gpiod_set_value+0x50/0x6c\n| CPU: 0 UID: 0 PID: 379 Comm: ip Not tainted 6.11.0-20241016-1 #1 823affae360cc91126e4d316d7a614a8bf86236c\n\nReplace gpiod_set_value() by gpiod_set_value_cansleep() to allow the\nuse of sleeping GPIOs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6e86a1543c378f2e8837ad88f361b7bf606c80f7",
"version_value": "faa0a1975a6fbce30616775216606eb8d6388ea1"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.15",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.174",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.120",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.66",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.5",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/faa0a1975a6fbce30616775216606eb8d6388ea1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/faa0a1975a6fbce30616775216606eb8d6388ea1"
},
{
"url": "https://git.kernel.org/stable/c/46637a608fb1ee871a0ad8bf70d917d5d95ac251",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/46637a608fb1ee871a0ad8bf70d917d5d95ac251"
},
{
"url": "https://git.kernel.org/stable/c/1ac442f25c19953d2f33b92549628b0aeac83db6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1ac442f25c19953d2f33b92549628b0aeac83db6"
},
{
"url": "https://git.kernel.org/stable/c/3b0c5bb437d31a9864f633b85cbc42d2f6c51c96",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3b0c5bb437d31a9864f633b85cbc42d2f6c51c96"
},
{
"url": "https://git.kernel.org/stable/c/ee1dfbdd8b4b6de85e96ae2059dc9c1bdb6b49b5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ee1dfbdd8b4b6de85e96ae2059dc9c1bdb6b49b5"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

104
2024/56xxx/CVE-2024-56626.json
View File

@ -1,18 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56626",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write\n\nAn offset from client could be a negative value, It could allows\nto write data outside the bounds of the allocated buffer.\nNote that this issue is coming when setting\n'vfs objects = streams_xattr parameter' in ksmbd.conf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "8cd7490fc0f268883e86e840cda5311257af69ca"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.120",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.66",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.5",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/8cd7490fc0f268883e86e840cda5311257af69ca",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8cd7490fc0f268883e86e840cda5311257af69ca"
},
{
"url": "https://git.kernel.org/stable/c/164d3597d26d9acff5d5b8bc3208bdcca942dd6a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/164d3597d26d9acff5d5b8bc3208bdcca942dd6a"
},
{
"url": "https://git.kernel.org/stable/c/c5797f195c67132d061d29c57a7c6d30530686f0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c5797f195c67132d061d29c57a7c6d30530686f0"
},
{
"url": "https://git.kernel.org/stable/c/313dab082289e460391c82d855430ec8a28ddf81",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/313dab082289e460391c82d855430ec8a28ddf81"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

104
2024/56xxx/CVE-2024-56627.json
View File

@ -1,18 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56627",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read\n\nAn offset from client could be a negative value, It could lead\nto an out-of-bounds read from the stream_buf.\nNote that this issue is coming when setting\n'vfs objects = streams_xattr parameter' in ksmbd.conf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "de4d790dcf53be41736239d7ee63849a16ff5d10"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.120",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.66",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.5",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/de4d790dcf53be41736239d7ee63849a16ff5d10",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/de4d790dcf53be41736239d7ee63849a16ff5d10"
},
{
"url": "https://git.kernel.org/stable/c/27de4295522e9a33e4a3fc72f7b8193df9eebe41",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/27de4295522e9a33e4a3fc72f7b8193df9eebe41"
},
{
"url": "https://git.kernel.org/stable/c/81eed631935f2c52cdaf6691c6d48e0b06e8ad73",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/81eed631935f2c52cdaf6691c6d48e0b06e8ad73"
},
{
"url": "https://git.kernel.org/stable/c/fc342cf86e2dc4d2edb0fc2ff5e28b6c7845adb9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fc342cf86e2dc4d2edb0fc2ff5e28b6c7845adb9"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

114
2024/56xxx/CVE-2024-56628.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56628",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Add architecture specific huge_pte_clear()\n\nWhen executing mm selftests run_vmtests.sh, there is such an error:\n\n BUG: Bad page state in process uffd-unit-tests pfn:00000\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x0\n flags: 0xffff0000002000(reserved|node=0|zone=0|lastcpupid=0xffff)\n raw: 00ffff0000002000 ffffbf0000000008 ffffbf0000000008 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000\n page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set\n Modules linked in: snd_seq_dummy snd_seq snd_seq_device rfkill vfat fat\n virtio_balloon efi_pstore virtio_net pstore net_failover failover fuse\n nfnetlink virtio_scsi virtio_gpu virtio_dma_buf dm_multipath efivarfs\n CPU: 2 UID: 0 PID: 1913 Comm: uffd-unit-tests Not tainted 6.12.0 #184\n Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022\n Stack : 900000047c8ac000 0000000000000000 9000000000223a7c 900000047c8ac000\n 900000047c8af690 900000047c8af698 0000000000000000 900000047c8af7d8\n 900000047c8af7d0 900000047c8af7d0 900000047c8af5b0 0000000000000001\n 0000000000000001 900000047c8af698 10b3c7d53da40d26 0000010000000000\n 0000000000000022 0000000fffffffff fffffffffe000000 ffff800000000000\n 000000000000002f 0000800000000000 000000017a6d4000 90000000028f8940\n 0000000000000000 0000000000000000 90000000025aa5e0 9000000002905000\n 0000000000000000 90000000028f8940 ffff800000000000 0000000000000000\n 0000000000000000 0000000000000000 9000000000223a94 000000012001839c\n 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1d\n ...\n Call Trace:\n [<9000000000223a94>] show_stack+0x5c/0x180\n [<9000000001c3fd64>] dump_stack_lvl+0x6c/0xa0\n [<900000000056aa08>] bad_page+0x1a0/0x1f0\n [<9000000000574978>] free_unref_folios+0xbf0/0xd20\n [<90000000004e65cc>] folios_put_refs+0x1a4/0x2b8\n [<9000000000599a0c>] free_pages_and_swap_cache+0x164/0x260\n [<9000000000547698>] tlb_batch_pages_flush+0xa8/0x1c0\n [<9000000000547f30>] tlb_finish_mmu+0xa8/0x218\n [<9000000000543cb8>] exit_mmap+0x1a0/0x360\n [<9000000000247658>] __mmput+0x78/0x200\n [<900000000025583c>] do_exit+0x43c/0xde8\n [<9000000000256490>] do_group_exit+0x68/0x110\n [<9000000000256554>] sys_exit_group+0x1c/0x20\n [<9000000001c413b4>] do_syscall+0x94/0x130\n [<90000000002216d8>] handle_syscall+0xb8/0x158\n Disabling lock debugging due to kernel taint\n BUG: non-zero pgtables_bytes on freeing mm: -16384\n\nOn LoongArch system, invalid huge pte entry should be invalid_pte_table\nor a single _PAGE_HUGE bit rather than a zero value. And it should be\nthe same with invalid pmd entry, since pmd_none() is called by function\nfree_pgd_range() and pmd_none() return 0 by huge_pte_clear(). So single\n_PAGE_HUGE bit is also treated as a valid pte table and free_pte_range()\nwill be called in free_pmd_range().\n\n free_pmd_range()\n pmd = pmd_offset(pud, addr);\n do {\n next = pmd_addr_end(addr, end);\n if (pmd_none_or_clear_bad(pmd))\n continue;\n free_pte_range(tlb, pmd, addr);\n } while (pmd++, addr = next, addr != end);\n\nHere invalid_pte_table is used for both invalid huge pte entry and\npmd entry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "09cfefb7fa70c3af011b0db0a513fd80b2f18abc",
"version_value": "dba3c45e333a3a2a01395b5f5e5f88f8baba74e4"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.19",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.19",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.120",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.66",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.5",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/dba3c45e333a3a2a01395b5f5e5f88f8baba74e4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dba3c45e333a3a2a01395b5f5e5f88f8baba74e4"
},
{
"url": "https://git.kernel.org/stable/c/7dfbf011a57b9e1a40f5ce8080a53c497e105c6c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7dfbf011a57b9e1a40f5ce8080a53c497e105c6c"
},
{
"url": "https://git.kernel.org/stable/c/9b602190cf2d8ac957be0011e418ed6c3b49b9a3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9b602190cf2d8ac957be0011e418ed6c3b49b9a3"
},
{
"url": "https://git.kernel.org/stable/c/7cd1f5f77925ae905a57296932f0f9ef0dc364f8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7cd1f5f77925ae905a57296932f0f9ef0dc364f8"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

147
2024/56xxx/CVE-2024-56629.json
View File

@ -1,18 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56629",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: wacom: fix when get product name maybe null pointer\n\nDue to incorrect dev->product reporting by certain devices, null\npointer dereferences occur when dev->product is empty, leading to\npotential system crashes.\n\nThis issue was found on EXCELSIOR DL37-D05 device with\nLoongson-LS3A6000-7A2000-DL37 motherboard.\n\nKernel logs:\n[ 56.470885] usb 4-3: new full-speed USB device number 4 using ohci-pci\n[ 56.671638] usb 4-3: string descriptor 0 read error: -22\n[ 56.671644] usb 4-3: New USB device found, idVendor=056a, idProduct=0374, bcdDevice= 1.07\n[ 56.671647] usb 4-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3\n[ 56.678839] hid-generic 0003:056A:0374.0004: hiddev0,hidraw3: USB HID v1.10 Device [HID 056a:0374] on usb-0000:00:05.0-3/input0\n[ 56.697719] CPU 2 Unable to handle kernel paging request at virtual address 0000000000000000, era == 90000000066e35c8, ra == ffff800004f98a80\n[ 56.697732] Oops[#1]:\n[ 56.697734] CPU: 2 PID: 2742 Comm: (udev-worker) Tainted: G OE 6.6.0-loong64-desktop #25.00.2000.015\n[ 56.697737] Hardware name: Inspur CE520L2/C09901N000000000, BIOS 2.09.00 10/11/2024\n[ 56.697739] pc 90000000066e35c8 ra ffff800004f98a80 tp 9000000125478000 sp 900000012547b8a0\n[ 56.697741] a0 0000000000000000 a1 ffff800004818b28 a2 0000000000000000 a3 0000000000000000\n[ 56.697743] a4 900000012547b8f0 a5 0000000000000000 a6 0000000000000000 a7 0000000000000000\n[ 56.697745] t0 ffff800004818b2d t1 0000000000000000 t2 0000000000000003 t3 0000000000000005\n[ 56.697747] t4 0000000000000000 t5 0000000000000000 t6 0000000000000000 t7 0000000000000000\n[ 56.697748] t8 0000000000000000 u0 0000000000000000 s9 0000000000000000 s0 900000011aa48028\n[ 56.697750] s1 0000000000000000 s2 0000000000000000 s3 ffff800004818e80 s4 ffff800004810000\n[ 56.697751] s5 90000001000b98d0 s6 ffff800004811f88 s7 ffff800005470440 s8 0000000000000000\n[ 56.697753] ra: ffff800004f98a80 wacom_update_name+0xe0/0x300 [wacom]\n[ 56.697802] ERA: 90000000066e35c8 strstr+0x28/0x120\n[ 56.697806] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n[ 56.697816] PRMD: 0000000c (PPLV0 +PIE +PWE)\n[ 56.697821] EUEN: 00000000 (-FPE -SXE -ASXE -BTE)\n[ 56.697827] ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7)\n[ 56.697831] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0)\n[ 56.697835] BADV: 0000000000000000\n[ 56.697836] PRID: 0014d000 (Loongson-64bit, Loongson-3A6000)\n[ 56.697838] Modules linked in: wacom(+) bnep bluetooth rfkill qrtr nls_iso8859_1 nls_cp437 snd_hda_codec_conexant snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd soundcore input_leds mousedev led_class joydev deepin_netmonitor(OE) fuse nfnetlink dmi_sysfs ip_tables x_tables overlay amdgpu amdxcp drm_exec gpu_sched drm_buddy radeon drm_suballoc_helper i2c_algo_bit drm_ttm_helper r8169 ttm drm_display_helper spi_loongson_pci xhci_pci cec xhci_pci_renesas spi_loongson_core hid_generic realtek gpio_loongson_64bit\n[ 56.697887] Process (udev-worker) (pid: 2742, threadinfo=00000000aee0d8b4, task=00000000a9eff1f3)\n[ 56.697890] Stack : 0000000000000000 ffff800004817e00 0000000000000000 0000251c00000000\n[ 56.697896] 0000000000000000 00000011fffffffd 0000000000000000 0000000000000000\n[ 56.697901] 0000000000000000 1b67a968695184b9 0000000000000000 90000001000b98d0\n[ 56.697906] 90000001000bb8d0 900000011aa48028 0000000000000000 ffff800004f9d74c\n[ 56.697911] 90000001000ba000 ffff800004f9ce58 0000000000000000 ffff800005470440\n[ 56.697916] ffff800004811f88 90000001000b98d0 9000000100da2aa8 90000001000bb8d0\n[ 56.697921] 0000000000000000 90000001000ba000 900000011aa48028 ffff800004f9d74c\n[ 56.697926] ffff8000054704e8 90000001000bb8b8 90000001000ba000 0000000000000000\n[ 56.697931] 90000001000bb8d0 \n---truncated---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "09dc28acaec74d7467c7c9b81dc8676e5bc957ce",
"version_value": "d031eef3cc2e3bf524509e38fb898e5335c85c96"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.287",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.231",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.174",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.120",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.66",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.5",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d031eef3cc2e3bf524509e38fb898e5335c85c96",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d031eef3cc2e3bf524509e38fb898e5335c85c96"
},
{
"url": "https://git.kernel.org/stable/c/5912a921289edb34d40aeab32ea6d52d41e75fed",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5912a921289edb34d40aeab32ea6d52d41e75fed"
},
{
"url": "https://git.kernel.org/stable/c/2ed3e3a3ac06af8a6391c3d6a7791b7967d7d43a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2ed3e3a3ac06af8a6391c3d6a7791b7967d7d43a"
},
{
"url": "https://git.kernel.org/stable/c/2cd323c55bd3f356bf23ae1b4c20100abcdc29d6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2cd323c55bd3f356bf23ae1b4c20100abcdc29d6"
},
{
"url": "https://git.kernel.org/stable/c/a7f0509556fa2f9789639dbcee9eed46e471ccef",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a7f0509556fa2f9789639dbcee9eed46e471ccef"
},
{
"url": "https://git.kernel.org/stable/c/e689bc6697a7fcebd4a945ab0b1e1112c76024d8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e689bc6697a7fcebd4a945ab0b1e1112c76024d8"
},
{
"url": "https://git.kernel.org/stable/c/59548215b76be98cf3422eea9a67d6ea578aca3d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/59548215b76be98cf3422eea9a67d6ea578aca3d"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

147
2024/56xxx/CVE-2024-56630.json
View File

@ -1,18 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56630",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: free inode when ocfs2_get_init_inode() fails\n\nsyzbot is reporting busy inodes after unmount, for commit 9c89fe0af826\n(\"ocfs2: Handle error from dquot_initialize()\") forgot to call iput() when\nnew_inode() succeeded and dquot_initialize() failed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9c89fe0af826bfff36d8019ea6fd78db09b3c478",
"version_value": "911fcc95b530615b484e8920741fc5e4bc4e684a"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.3",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.3",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.287",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.231",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.174",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.120",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.66",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.5",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/911fcc95b530615b484e8920741fc5e4bc4e684a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/911fcc95b530615b484e8920741fc5e4bc4e684a"
},
{
"url": "https://git.kernel.org/stable/c/9c19ea59965ebb482e227532f7bbb01792fb028c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9c19ea59965ebb482e227532f7bbb01792fb028c"
},
{
"url": "https://git.kernel.org/stable/c/c5327720a4655303ffa3f632d86ee205dd783f32",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c5327720a4655303ffa3f632d86ee205dd783f32"
},
{
"url": "https://git.kernel.org/stable/c/67c2c6d0564ca05348ba4f8f6eaf7a0713f56c15",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/67c2c6d0564ca05348ba4f8f6eaf7a0713f56c15"
},
{
"url": "https://git.kernel.org/stable/c/a84d507d3290aca249b44ae992af9e10590cc5f6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a84d507d3290aca249b44ae992af9e10590cc5f6"
},
{
"url": "https://git.kernel.org/stable/c/03db61c43c8e2729896fda6b9a95c7fb5c875c20",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/03db61c43c8e2729896fda6b9a95c7fb5c875c20"
},
{
"url": "https://git.kernel.org/stable/c/965b5dd1894f4525f38c1b5f99b0106a07dbb5db",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/965b5dd1894f4525f38c1b5f99b0106a07dbb5db"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

103
2024/56xxx/CVE-2024-56631.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56631",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: sg: Fix slab-use-after-free read in sg_release()\n\nFix a use-after-free bug in sg_release(), detected by syzbot with KASAN:\n\nBUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30\nkernel/locking/lockdep.c:5838\n__mutex_unlock_slowpath+0xe2/0x750 kernel/locking/mutex.c:912\nsg_release+0x1f4/0x2e0 drivers/scsi/sg.c:407\n\nIn sg_release(), the function kref_put(&sfp->f_ref, sg_remove_sfp) is\ncalled before releasing the open_rel_lock mutex. The kref_put() call may\ndecrement the reference count of sfp to zero, triggering its cleanup\nthrough sg_remove_sfp(). This cleanup includes scheduling deferred work\nvia sg_remove_sfp_usercontext(), which ultimately frees sfp.\n\nAfter kref_put(), sg_release() continues to unlock open_rel_lock and may\nreference sfp or sdp. If sfp has already been freed, this results in a\nslab-use-after-free error.\n\nMove the kref_put(&sfp->f_ref, sg_remove_sfp) call after unlocking the\nopen_rel_lock mutex. This ensures:\n\n - No references to sfp or sdp occur after the reference count is\n decremented.\n\n - Cleanup functions such as sg_remove_sfp() and\n sg_remove_sfp_usercontext() can safely execute without impacting the\n mutex handling in sg_release().\n\nThe fix has been tested and validated by syzbot. This patch closes the\nbug reported at the following syzkaller link and ensures proper\nsequencing of resource cleanup and mutex operations, eliminating the\nrisk of use-after-free errors in sg_release()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "cc833acbee9db5ca8c6162b015b4c93863c6f821",
"version_value": "59b30afa578637169e2819536bb66459fdddc39d"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.17",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.17",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.66",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.5",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/59b30afa578637169e2819536bb66459fdddc39d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/59b30afa578637169e2819536bb66459fdddc39d"
},
{
"url": "https://git.kernel.org/stable/c/1f5e2f1ca5875728fcf62bc1a054707444ab4960",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1f5e2f1ca5875728fcf62bc1a054707444ab4960"
},
{
"url": "https://git.kernel.org/stable/c/f10593ad9bc36921f623361c9e3dd96bd52d85ee",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f10593ad9bc36921f623361c9e3dd96bd52d85ee"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

92
2024/56xxx/CVE-2024-56632.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56632",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix the memleak while create new ctrl failed\n\nNow while we create new ctrl failed, we have not free the\ntagset occupied by admin_q, here try to fix it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "fd1418de10b9ca03d78404cf00a95138689ea369",
"version_value": "ceff9ac13a2478afddce85414d404e6aff6425f6"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.7",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.5",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/ceff9ac13a2478afddce85414d404e6aff6425f6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ceff9ac13a2478afddce85414d404e6aff6425f6"
},
{
"url": "https://git.kernel.org/stable/c/fec55c29e54d3ca6fe9d7d7d9266098b4514fd34",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fec55c29e54d3ca6fe9d7d7d9266098b4514fd34"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

147
2024/56xxx/CVE-2024-56633.json
View File

@ -1,18 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56633",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\n\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\ntosend bytes, which is either msg->sg.size or a smaller value apply_bytes.\n\nPotential problems with this strategy are as follows:\n\n- If the actual sent bytes are smaller than tosend, we need to charge some\n bytes back, as in line 487, which is okay but seems not clean.\n\n- When tosend is set to apply_bytes, as in line 417, and (ret < 0), we may\n miss uncharging (msg->sg.size - apply_bytes) bytes.\n\n[...]\n415 tosend = msg->sg.size;\n416 if (psock->apply_bytes && psock->apply_bytes < tosend)\n417 tosend = psock->apply_bytes;\n[...]\n443 sk_msg_return(sk, msg, tosend);\n444 release_sock(sk);\n446 origsize = msg->sg.size;\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\n448 msg, tosend, flags);\n449 sent = origsize - msg->sg.size;\n[...]\n454 lock_sock(sk);\n455 if (unlikely(ret < 0)) {\n456 int free = sk_msg_free_nocharge(sk, msg);\n458 if (!cork)\n459 *copied -= free;\n460 }\n[...]\n487 if (eval == __SK_REDIRECT)\n488 sk_mem_charge(sk, tosend - sent);\n[...]\n\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\nthe following warning will be reported:\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\nModules linked in:\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nWorkqueue: events sk_psock_destroy\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\nFS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n<TASK>\n? __warn+0x89/0x130\n? inet_sock_destruct+0x190/0x1a0\n? report_bug+0xfc/0x1e0\n? handle_bug+0x5c/0xa0\n? exc_invalid_op+0x17/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? inet_sock_destruct+0x190/0x1a0\n__sk_destruct+0x25/0x220\nsk_psock_destroy+0x2b2/0x310\nprocess_scheduled_works+0xa3/0x3e0\nworker_thread+0x117/0x240\n? __pfx_worker_thread+0x10/0x10\nkthread+0xcf/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n</TASK>\n---[ end trace 0000000000000000 ]---\n\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\nbytes are finalized, and uncharge this value. When (ret < 0), we shall\ninvoke sk_msg_free.\n\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\nwe may miss uncharging (msg->sg.size - apply_bytes) bytes. The same\nwarning will be reported in selftest.\n\n[...]\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta);\n473 return -EACCES;\n[...]\n\nSo instead of sk_msg_free_partial we can do sk_msg_free here."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "604326b41a6fb9b4a78b6179335decee0365cd8c",
"version_value": "905d82e6e77d16ec3e089c92b7b59a14899dfc1a"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.20",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.20",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.287",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.231",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.174",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.120",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.66",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.5",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/905d82e6e77d16ec3e089c92b7b59a14899dfc1a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/905d82e6e77d16ec3e089c92b7b59a14899dfc1a"
},
{
"url": "https://git.kernel.org/stable/c/dbedc7e142df5ea238a46fdd7462c1c42cd36a10",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dbedc7e142df5ea238a46fdd7462c1c42cd36a10"
},
{
"url": "https://git.kernel.org/stable/c/0d6cd1151e26fc7c2d5daa85e8984aaa685a1a12",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0d6cd1151e26fc7c2d5daa85e8984aaa685a1a12"
},
{
"url": "https://git.kernel.org/stable/c/456f08d24afa51b5eb816c42e4ca1c44a247bd42",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/456f08d24afa51b5eb816c42e4ca1c44a247bd42"
},
{
"url": "https://git.kernel.org/stable/c/206d56f41a1509cadd06e2178c26cb830e45057d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/206d56f41a1509cadd06e2178c26cb830e45057d"
},
{
"url": "https://git.kernel.org/stable/c/5c9e3bb43a354a2245caebbbbb4a5b8c034fdd56",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5c9e3bb43a354a2245caebbbbb4a5b8c034fdd56"
},
{
"url": "https://git.kernel.org/stable/c/ca70b8baf2bd125b2a4d96e76db79375c07d7ff2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ca70b8baf2bd125b2a4d96e76db79375c07d7ff2"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

147
2024/56xxx/CVE-2024-56634.json
View File

@ -1,18 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56634",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: grgpio: Add NULL check in grgpio_probe\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in grgpio_probe is not checked.\nAdd NULL check in grgpio_probe, to handle kernel NULL\npointer dereference error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7eb6ce2f272336ff8337f40fa8668fa04dc2d684",
"version_value": "53ff0caa6ad57372d426b4f48fc0f66df43a731f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.287",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.231",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.174",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.120",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.66",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.5",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/53ff0caa6ad57372d426b4f48fc0f66df43a731f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/53ff0caa6ad57372d426b4f48fc0f66df43a731f"
},
{
"url": "https://git.kernel.org/stable/c/4733f68e59bb7b9e3d395699abb18366954b9ba7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4733f68e59bb7b9e3d395699abb18366954b9ba7"
},
{
"url": "https://git.kernel.org/stable/c/ad4dfa7ea7f5f7e9a3c78627cfc749bc7005ca7a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ad4dfa7ea7f5f7e9a3c78627cfc749bc7005ca7a"
},
{
"url": "https://git.kernel.org/stable/c/09adf8792b61c09ae543972a1ece1884ef773848",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/09adf8792b61c09ae543972a1ece1884ef773848"
},
{
"url": "https://git.kernel.org/stable/c/8d2ca6ac3711a4f4015d26b7cc84f325ac608edb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8d2ca6ac3711a4f4015d26b7cc84f325ac608edb"
},
{
"url": "https://git.kernel.org/stable/c/db2fc255fcf41f536ac8666409849e11659af88d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/db2fc255fcf41f536ac8666409849e11659af88d"
},
{
"url": "https://git.kernel.org/stable/c/050b23d081da0f29474de043e9538c1f7a351b3b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/050b23d081da0f29474de043e9538c1f7a351b3b"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

103
2024/56xxx/CVE-2024-56635.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56635",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid potential UAF in default_operstate()\n\nsyzbot reported an UAF in default_operstate() [1]\n\nIssue is a race between device and netns dismantles.\n\nAfter calling __rtnl_unlock() from netdev_run_todo(),\nwe can not assume the netns of each device is still alive.\n\nMake sure the device is not in NETREG_UNREGISTERED state,\nand add an ASSERT_RTNL() before the call to\n__dev_get_by_index().\n\nWe might move this ASSERT_RTNL() in __dev_get_by_index()\nin the future.\n\n[1]\n\nBUG: KASAN: slab-use-after-free in __dev_get_by_index+0x5d/0x110 net/core/dev.c:852\nRead of size 8 at addr ffff888043eba1b0 by task syz.0.0/5339\n\nCPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-10296-gaaf20f870da0 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n __dev_get_by_index+0x5d/0x110 net/core/dev.c:852\n default_operstate net/core/link_watch.c:51 [inline]\n rfc2863_policy+0x224/0x300 net/core/link_watch.c:67\n linkwatch_do_dev+0x3e/0x170 net/core/link_watch.c:170\n netdev_run_todo+0x461/0x1000 net/core/dev.c:10894\n rtnl_unlock net/core/rtnetlink.c:152 [inline]\n rtnl_net_unlock include/linux/rtnetlink.h:133 [inline]\n rtnl_dellink+0x760/0x8d0 net/core/rtnetlink.c:3520\n rtnetlink_rcv_msg+0x791/0xcf0 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2541\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f2a3cb80809\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f2a3d9cd058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f2a3cd45fa0 RCX: 00007f2a3cb80809\nRDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000008\nRBP: 00007f2a3cbf393e R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f2a3cd45fa0 R15: 00007ffd03bc65c8\n </TASK>\n\nAllocated by task 5339:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4314\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kmalloc_array_noprof include/linux/slab.h:945 [inline]\n netdev_create_hash net/core/dev.c:11870 [inline]\n netdev_init+0x10c/0x250 net/core/dev.c:11890\n ops_init+0x31e/0x590 net/core/net_namespace.c:138\n setup_net+0x287/0x9e0 net/core/net_namespace.c:362\n copy_net_ns+0x33f/0x570 net/core/net_namespace.c:500\n create_new_namespaces+0x425/0x7b0 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0x124/0x180 kernel/nsproxy.c:228\n ksys_unshare+0x57d/0xa70 kernel/fork.c:3314\n __do_sys_unshare kernel/fork.c:3385 [inline]\n __se_sys_unshare kernel/fork.c:3383 [inline]\n __x64_sys_unshare+0x38/0x40 kernel/fork.c:3383\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x8\n---truncated---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8c55facecd7ade835287298ce325f930d888d8ec",
"version_value": "3265aab0736f78bb218200b06b1abb525c316269"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.2",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.2",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.66",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.5",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/3265aab0736f78bb218200b06b1abb525c316269",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3265aab0736f78bb218200b06b1abb525c316269"
},
{
"url": "https://git.kernel.org/stable/c/316183d58319f191e16503bc2dffa156c4442df2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/316183d58319f191e16503bc2dffa156c4442df2"
},
{
"url": "https://git.kernel.org/stable/c/750e51603395e755537da08f745864c93e3ce741",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/750e51603395e755537da08f745864c93e3ce741"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

136
2024/56xxx/CVE-2024-56636.json
View File

@ -1,18 +1,146 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56636",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: do not assume mac header is set in geneve_xmit_skb()\n\nWe should not assume mac header is set in output path.\n\nUse skb_eth_hdr() instead of eth_hdr() to fix the issue.\n\nsysbot reported the following :\n\n WARNING: CPU: 0 PID: 11635 at include/linux/skbuff.h:3052 skb_mac_header include/linux/skbuff.h:3052 [inline]\n WARNING: CPU: 0 PID: 11635 at include/linux/skbuff.h:3052 eth_hdr include/linux/if_ether.h:24 [inline]\n WARNING: CPU: 0 PID: 11635 at include/linux/skbuff.h:3052 geneve_xmit_skb drivers/net/geneve.c:898 [inline]\n WARNING: CPU: 0 PID: 11635 at include/linux/skbuff.h:3052 geneve_xmit+0x4c38/0x5730 drivers/net/geneve.c:1039\nModules linked in:\nCPU: 0 UID: 0 PID: 11635 Comm: syz.4.1423 Not tainted 6.12.0-syzkaller-10296-gaaf20f870da0 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:skb_mac_header include/linux/skbuff.h:3052 [inline]\n RIP: 0010:eth_hdr include/linux/if_ether.h:24 [inline]\n RIP: 0010:geneve_xmit_skb drivers/net/geneve.c:898 [inline]\n RIP: 0010:geneve_xmit+0x4c38/0x5730 drivers/net/geneve.c:1039\nCode: 21 c6 02 e9 35 d4 ff ff e8 a5 48 4c fb 90 0f 0b 90 e9 fd f5 ff ff e8 97 48 4c fb 90 0f 0b 90 e9 d8 f5 ff ff e8 89 48 4c fb 90 <0f> 0b 90 e9 41 e4 ff ff e8 7b 48 4c fb 90 0f 0b 90 e9 cd e7 ff ff\nRSP: 0018:ffffc90003b2f870 EFLAGS: 00010283\nRAX: 000000000000037a RBX: 000000000000ffff RCX: ffffc9000dc3d000\nRDX: 0000000000080000 RSI: ffffffff86428417 RDI: 0000000000000003\nRBP: ffffc90003b2f9f0 R08: 0000000000000003 R09: 000000000000ffff\nR10: 000000000000ffff R11: 0000000000000002 R12: ffff88806603c000\nR13: 0000000000000000 R14: ffff8880685b2780 R15: 0000000000000e23\nFS: 00007fdc2deed6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b30a1dff8 CR3: 0000000056b8c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n __dev_direct_xmit+0x58a/0x720 net/core/dev.c:4490\n dev_direct_xmit include/linux/netdevice.h:3181 [inline]\n packet_xmit+0x1e4/0x360 net/packet/af_packet.c:285\n packet_snd net/packet/af_packet.c:3146 [inline]\n packet_sendmsg+0x2700/0x5660 net/packet/af_packet.c:3178\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg net/socket.c:726 [inline]\n __sys_sendto+0x488/0x4f0 net/socket.c:2197\n __do_sys_sendto net/socket.c:2204 [inline]\n __se_sys_sendto net/socket.c:2200 [inline]\n __x64_sys_sendto+0xe0/0x1c0 net/socket.c:2200\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "a025fb5f49ad38cf749753b16fcd031d0d678f2b",
"version_value": "d9fa09ca004befe9cf826d6820439cb6f93cecd7"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.0",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.0",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.231",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.174",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.120",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.66",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.5",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d9fa09ca004befe9cf826d6820439cb6f93cecd7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d9fa09ca004befe9cf826d6820439cb6f93cecd7"
},
{
"url": "https://git.kernel.org/stable/c/b65958284401016b983078c68f70b047537f4aba",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b65958284401016b983078c68f70b047537f4aba"
},
{
"url": "https://git.kernel.org/stable/c/2ee7bdc7cb40abfe658a71fbd10c7db2f4fc4f9a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2ee7bdc7cb40abfe658a71fbd10c7db2f4fc4f9a"
},
{
"url": "https://git.kernel.org/stable/c/97ce3a4ec55eac6b5e2949ffb04028d604afda3b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/97ce3a4ec55eac6b5e2949ffb04028d604afda3b"
},
{
"url": "https://git.kernel.org/stable/c/177b72ed7c77b11e46dd4336d73a87a77a5603af",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/177b72ed7c77b11e46dd4336d73a87a77a5603af"
},
{
"url": "https://git.kernel.org/stable/c/8588c99c7d47448fcae39e3227d6e2bb97aad86d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8588c99c7d47448fcae39e3227d6e2bb97aad86d"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}