admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-05-02 16:03:34 +00:00
parent 8a27f22342
commit 82eae9fe6f
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 869 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
2023/53xxx/CVE-2023-53138.json
View File

@ -1,18 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-53138",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: caif: Fix use-after-free in cfusbl_device_notify()\n\nsyzbot reported use-after-free in cfusbl_device_notify() [1]. This\ncauses a stack trace like below:\n\nBUG: KASAN: use-after-free in cfusbl_device_notify+0x7c9/0x870 net/caif/caif_usb.c:138\nRead of size 8 at addr ffff88807ac4e6f0 by task kworker/u4:6/1214\n\nCPU: 0 PID: 1214 Comm: kworker/u4:6 Not tainted 5.19.0-rc3-syzkaller-00146-g92f20ff72066 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: netns cleanup_net\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0xeb/0x467 mm/kasan/report.c:313\n print_report mm/kasan/report.c:429 [inline]\n kasan_report.cold+0xf4/0x1c6 mm/kasan/report.c:491\n cfusbl_device_notify+0x7c9/0x870 net/caif/caif_usb.c:138\n notifier_call_chain+0xb5/0x200 kernel/notifier.c:87\n call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:1945\n call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]\n call_netdevice_notifiers net/core/dev.c:1997 [inline]\n netdev_wait_allrefs_any net/core/dev.c:10227 [inline]\n netdev_run_todo+0xbc0/0x10f0 net/core/dev.c:10341\n default_device_exit_batch+0x44e/0x590 net/core/dev.c:11334\n ops_exit_list+0x125/0x170 net/core/net_namespace.c:167\n cleanup_net+0x4ea/0xb00 net/core/net_namespace.c:594\n process_one_work+0x996/0x1610 kernel/workqueue.c:2289\n worker_thread+0x665/0x1080 kernel/workqueue.c:2436\n kthread+0x2e9/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302\n </TASK>\n\nWhen unregistering a net device, unregister_netdevice_many_notify()\nsets the device's reg_state to NETREG_UNREGISTERING, calls notifiers\nwith NETDEV_UNREGISTER, and adds the device to the todo list.\n\nLater on, devices in the todo list are processed by netdev_run_todo().\nnetdev_run_todo() waits devices' reference count become 1 while\nrebdoadcasting NETDEV_UNREGISTER notification.\n\nWhen cfusbl_device_notify() is called with NETDEV_UNREGISTER multiple\ntimes, the parent device might be freed. This could cause UAF.\nProcessing NETDEV_UNREGISTER multiple times also causes inbalance of\nreference count for the module.\n\nThis patch fixes the issue by accepting only first NETDEV_UNREGISTER\nnotification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7ad65bf68d705b445ef10b77ab50dab22be185ee",
"version_value": "68a45c3cf0e2242a533657f4f535d9b6a7447a79"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.3",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.3",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.310",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.278",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.237",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.175",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.103",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.20",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.2.7",
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/68a45c3cf0e2242a533657f4f535d9b6a7447a79",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/68a45c3cf0e2242a533657f4f535d9b6a7447a79"
},
{
"url": "https://git.kernel.org/stable/c/1793da97a23e31c5bf06631f3f3e5a25f368fd64",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1793da97a23e31c5bf06631f3f3e5a25f368fd64"
},
{
"url": "https://git.kernel.org/stable/c/9dc16be373b382ddd4c274052a6e870a95e76c01",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9dc16be373b382ddd4c274052a6e870a95e76c01"
},
{
"url": "https://git.kernel.org/stable/c/c3aaec463a632cf4187dc017e421bfa69d7834a9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c3aaec463a632cf4187dc017e421bfa69d7834a9"
},
{
"url": "https://git.kernel.org/stable/c/3f14457e1584224f4296af613bbd99deb60b5d91",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3f14457e1584224f4296af613bbd99deb60b5d91"
},
{
"url": "https://git.kernel.org/stable/c/287027d8a567168a5d8ce5cb0cba16a34791a48c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/287027d8a567168a5d8ce5cb0cba16a34791a48c"
},
{
"url": "https://git.kernel.org/stable/c/d1a11bbdbb5ea9f172019c5a4a3e9d8eabd72179",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d1a11bbdbb5ea9f172019c5a4a3e9d8eabd72179"
},
{
"url": "https://git.kernel.org/stable/c/9781e98a97110f5e76999058368b4be76a788484",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9781e98a97110f5e76999058368b4be76a788484"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

158
2023/53xxx/CVE-2023-53139.json
View File

@ -1,18 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-53139",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties\n\ndevm_kmalloc_array may fails, *fw_vsc_cfg might be null and cause\nout-of-bounds write in device_property_read_u8_array later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "a06347c04c13e380afce0c9816df51f00b83faf1",
"version_value": "ad11b872bc9b5d27e56183c6b01f9218c85395d2"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.4",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.4",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.310",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.278",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.237",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.175",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.103",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.20",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.2.7",
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/ad11b872bc9b5d27e56183c6b01f9218c85395d2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ad11b872bc9b5d27e56183c6b01f9218c85395d2"
},
{
"url": "https://git.kernel.org/stable/c/98f49e693e02c1dafd5786be3468657840dd6f06",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/98f49e693e02c1dafd5786be3468657840dd6f06"
},
{
"url": "https://git.kernel.org/stable/c/0a3664a1058d4b2b1ea2112cc275ca47fba7fc08",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0a3664a1058d4b2b1ea2112cc275ca47fba7fc08"
},
{
"url": "https://git.kernel.org/stable/c/80be62358fa5507cefbaa067c7e6648401f2c3da",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/80be62358fa5507cefbaa067c7e6648401f2c3da"
},
{
"url": "https://git.kernel.org/stable/c/4357bbb921fe9e81d0fd9f70d669d1f177d8380e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4357bbb921fe9e81d0fd9f70d669d1f177d8380e"
},
{
"url": "https://git.kernel.org/stable/c/ce93f1afc05941a572f5a69e2ed4012af905a693",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ce93f1afc05941a572f5a69e2ed4012af905a693"
},
{
"url": "https://git.kernel.org/stable/c/27824b2f98818215adc9661e563252c48dab1a13",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/27824b2f98818215adc9661e563252c48dab1a13"
},
{
"url": "https://git.kernel.org/stable/c/11f180a5d62a51b484e9648f9b310e1bd50b1a57",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/11f180a5d62a51b484e9648f9b310e1bd50b1a57"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

147
2023/53xxx/CVE-2023-53140.json
View File

@ -1,18 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-53140",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Remove the /proc/scsi/${proc_name} directory earlier\n\nRemove the /proc/scsi/${proc_name} directory earlier to fix a race\ncondition between unloading and reloading kernel modules. This fixes a bug\nintroduced in 2009 by commit 77c019768f06 (\"[SCSI] fix /proc memory leak in\nthe SCSI core\").\n\nFix the following kernel warning:\n\nproc_dir_entry 'scsi/scsi_debug' already registered\nWARNING: CPU: 19 PID: 27986 at fs/proc/generic.c:376 proc_register+0x27d/0x2e0\nCall Trace:\n proc_mkdir+0xb5/0xe0\n scsi_proc_hostdir_add+0xb5/0x170\n scsi_host_alloc+0x683/0x6c0\n sdebug_driver_probe+0x6b/0x2d0 [scsi_debug]\n really_probe+0x159/0x540\n __driver_probe_device+0xdc/0x230\n driver_probe_device+0x4f/0x120\n __device_attach_driver+0xef/0x180\n bus_for_each_drv+0xe5/0x130\n __device_attach+0x127/0x290\n device_initial_probe+0x17/0x20\n bus_probe_device+0x110/0x130\n device_add+0x673/0xc80\n device_register+0x1e/0x30\n sdebug_add_host_helper+0x1a7/0x3b0 [scsi_debug]\n scsi_debug_init+0x64f/0x1000 [scsi_debug]\n do_one_initcall+0xd7/0x470\n do_init_module+0xe7/0x330\n load_module+0x122a/0x12c0\n __do_sys_finit_module+0x124/0x1a0\n __x64_sys_finit_module+0x46/0x50\n do_syscall_64+0x38/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "77c019768f0607c36e25bec11ce3e1eabef09277",
"version_value": "13daafe1e209b03e9bda16ff2bd2b2da145a139b"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.30",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.30",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.278",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.237",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.175",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.103",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.20",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.2.7",
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/13daafe1e209b03e9bda16ff2bd2b2da145a139b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/13daafe1e209b03e9bda16ff2bd2b2da145a139b"
},
{
"url": "https://git.kernel.org/stable/c/891a3cba425cf483d96facca55aebd6ff1da4338",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/891a3cba425cf483d96facca55aebd6ff1da4338"
},
{
"url": "https://git.kernel.org/stable/c/6b223e32d66ca9db1f252f433514783d8b22a8e1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6b223e32d66ca9db1f252f433514783d8b22a8e1"
},
{
"url": "https://git.kernel.org/stable/c/e471e928de97b00f297ad1015cc14f9459765713",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e471e928de97b00f297ad1015cc14f9459765713"
},
{
"url": "https://git.kernel.org/stable/c/17e98a5ede81b7696bec421f7afa2dfe467f5e6b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/17e98a5ede81b7696bec421f7afa2dfe467f5e6b"
},
{
"url": "https://git.kernel.org/stable/c/1ec363599f8346d5a8d08c71a0d9860d6c420ec0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1ec363599f8346d5a8d08c71a0d9860d6c420ec0"
},
{
"url": "https://git.kernel.org/stable/c/fc663711b94468f4e1427ebe289c9f05669699c9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fc663711b94468f4e1427ebe289c9f05669699c9"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

158
2023/53xxx/CVE-2023-53141.json
View File

@ -1,18 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-53141",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()\n\nila_xlat_nl_cmd_get_mapping() generates an empty skb,\ntriggerring a recent sanity check [1].\n\nInstead, return an error code, so that user space\ncan get it.\n\n[1]\nskb_assert_len\nWARNING: CPU: 0 PID: 5923 at include/linux/skbuff.h:2527 skb_assert_len include/linux/skbuff.h:2527 [inline]\nWARNING: CPU: 0 PID: 5923 at include/linux/skbuff.h:2527 __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156\nModules linked in:\nCPU: 0 PID: 5923 Comm: syz-executor269 Not tainted 6.2.0-syzkaller-18300-g2ebd1fbb946d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : skb_assert_len include/linux/skbuff.h:2527 [inline]\npc : __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156\nlr : skb_assert_len include/linux/skbuff.h:2527 [inline]\nlr : __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156\nsp : ffff80001e0d6c40\nx29: ffff80001e0d6e60 x28: dfff800000000000 x27: ffff0000c86328c0\nx26: dfff800000000000 x25: ffff0000c8632990 x24: ffff0000c8632a00\nx23: 0000000000000000 x22: 1fffe000190c6542 x21: ffff0000c8632a10\nx20: ffff0000c8632a00 x19: ffff80001856e000 x18: ffff80001e0d5fc0\nx17: 0000000000000000 x16: ffff80001235d16c x15: 0000000000000000\nx14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001\nx11: ff80800008353a30 x10: 0000000000000000 x9 : 21567eaf25bfb600\nx8 : 21567eaf25bfb600 x7 : 0000000000000001 x6 : 0000000000000001\nx5 : ffff80001e0d6558 x4 : ffff800015c74760 x3 : ffff800008596744\nx2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000000e\nCall trace:\nskb_assert_len include/linux/skbuff.h:2527 [inline]\n__dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156\ndev_queue_xmit include/linux/netdevice.h:3033 [inline]\n__netlink_deliver_tap_skb net/netlink/af_netlink.c:307 [inline]\n__netlink_deliver_tap+0x45c/0x6f8 net/netlink/af_netlink.c:325\nnetlink_deliver_tap+0xf4/0x174 net/netlink/af_netlink.c:338\n__netlink_sendskb net/netlink/af_netlink.c:1283 [inline]\nnetlink_sendskb+0x6c/0x154 net/netlink/af_netlink.c:1292\nnetlink_unicast+0x334/0x8d4 net/netlink/af_netlink.c:1380\nnlmsg_unicast include/net/netlink.h:1099 [inline]\ngenlmsg_unicast include/net/genetlink.h:433 [inline]\ngenlmsg_reply include/net/genetlink.h:443 [inline]\nila_xlat_nl_cmd_get_mapping+0x620/0x7d0 net/ipv6/ila/ila_xlat.c:493\ngenl_family_rcv_msg_doit net/netlink/genetlink.c:968 [inline]\ngenl_family_rcv_msg net/netlink/genetlink.c:1048 [inline]\ngenl_rcv_msg+0x938/0xc1c net/netlink/genetlink.c:1065\nnetlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2574\ngenl_rcv+0x38/0x50 net/netlink/genetlink.c:1076\nnetlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]\nnetlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1365\nnetlink_sendmsg+0x800/0xae0 net/netlink/af_netlink.c:1942\nsock_sendmsg_nosec net/socket.c:714 [inline]\nsock_sendmsg net/socket.c:734 [inline]\n____sys_sendmsg+0x558/0x844 net/socket.c:2479\n___sys_sendmsg net/socket.c:2533 [inline]\n__sys_sendmsg+0x26c/0x33c net/socket.c:2562\n__do_sys_sendmsg net/socket.c:2571 [inline]\n__se_sys_sendmsg net/socket.c:2569 [inline]\n__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2569\n__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]\ninvoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52\nel0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142\ndo_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193\nel0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637\nel0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655\nel0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591\nirq event stamp: 136484\nhardirqs last enabled at (136483): [<ffff800008350244>] __up_console_sem+0x60/0xb4 kernel/printk/printk.c:345\nhardirqs last disabled at (136484): [<ffff800012358d60>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405\nsoftirqs last enabled at (136418): [<ffff800008020ea8>] softirq_ha\n---truncated---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7f00feaf107645d95a6d87e99b4d141ac0a08efd",
"version_value": "b26bc5861505f04dea933ca3e522772b20fa086f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.5",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.5",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.310",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.278",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.237",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.175",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.103",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.20",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.2.7",
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b26bc5861505f04dea933ca3e522772b20fa086f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b26bc5861505f04dea933ca3e522772b20fa086f"
},
{
"url": "https://git.kernel.org/stable/c/c631e52aea0fc8d4deea06e439f5810a8b40ad0f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c631e52aea0fc8d4deea06e439f5810a8b40ad0f"
},
{
"url": "https://git.kernel.org/stable/c/783f218940b3c7b872e4111d0145000f26ecbdf6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/783f218940b3c7b872e4111d0145000f26ecbdf6"
},
{
"url": "https://git.kernel.org/stable/c/42d9ed4e5dc5f87fbd67c232e2e4a9b88ceeb47f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/42d9ed4e5dc5f87fbd67c232e2e4a9b88ceeb47f"
},
{
"url": "https://git.kernel.org/stable/c/91aceb3844d4aec555c7f423f9fd843eff5835e9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/91aceb3844d4aec555c7f423f9fd843eff5835e9"
},
{
"url": "https://git.kernel.org/stable/c/25b54f247ea060aeb85ec88a82c75060fca03521",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/25b54f247ea060aeb85ec88a82c75060fca03521"
},
{
"url": "https://git.kernel.org/stable/c/60fe7cb483c8c5dcadaeeac867251d6e59c7badc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/60fe7cb483c8c5dcadaeeac867251d6e59c7badc"
},
{
"url": "https://git.kernel.org/stable/c/693aa2c0d9b6d5b1f2745d31b6e70d09dbbaf06e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/693aa2c0d9b6d5b1f2745d31b6e70d09dbbaf06e"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

114
2023/53xxx/CVE-2023-53142.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-53142",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: copy last block omitted in ice_get_module_eeprom()\n\nice_get_module_eeprom() is broken since commit e9c9692c8a81 (\"ice:\nReimplement module reads used by ethtool\") In this refactor,\nice_get_module_eeprom() reads the eeprom in blocks of size 8.\nBut the condition that should protect the buffer overflow\nignores the last block. The last block always contains zeros.\n\nBug uncovered by ethtool upstream commit 9538f384b535\n(\"netlink: eeprom: Defer page requests to individual parsers\")\nAfter this commit, ethtool reads a block with length = 1;\nto read the SFF-8024 identifier value.\n\nunpatched driver:\n$ ethtool -m enp65s0f0np0 offset 0x90 length 8\nOffset Values\n------ ------\n0x0090: 00 00 00 00 00 00 00 00\n$ ethtool -m enp65s0f0np0 offset 0x90 length 12\nOffset Values\n------ ------\n0x0090: 00 00 01 a0 4d 65 6c 6c 00 00 00 00\n$\n\n$ ethtool -m enp65s0f0np0\nOffset Values\n------ ------\n0x0000: 11 06 06 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0060: 00 00 00 00 00 00 00 00 00 00 00 00 00 01 08 00\n0x0070: 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n\npatched driver:\n$ ethtool -m enp65s0f0np0 offset 0x90 length 8\nOffset Values\n------ ------\n0x0090: 00 00 01 a0 4d 65 6c 6c\n$ ethtool -m enp65s0f0np0 offset 0x90 length 12\nOffset Values\n------ ------\n0x0090: 00 00 01 a0 4d 65 6c 6c 61 6e 6f 78\n$ ethtool -m enp65s0f0np0\n Identifier : 0x11 (QSFP28)\n Extended identifier : 0x00\n Extended identifier description : 1.5W max. Power consumption\n Extended identifier description : No CDR in TX, No CDR in RX\n Extended identifier description : High Power Class (> 3.5 W) not enabled\n Connector : 0x23 (No separable connector)\n Transceiver codes : 0x88 0x00 0x00 0x00 0x00 0x00 0x00 0x00\n Transceiver type : 40G Ethernet: 40G Base-CR4\n Transceiver type : 25G Ethernet: 25G Base-CR CA-N\n Encoding : 0x05 (64B/66B)\n BR, Nominal : 25500Mbps\n Rate identifier : 0x00\n Length (SMF,km) : 0km\n Length (OM3 50um) : 0m\n Length (OM2 50um) : 0m\n Length (OM1 62.5um) : 0m\n Length (Copper or Active cable) : 1m\n Transmitter technology : 0xa0 (Copper cable unequalized)\n Attenuation at 2.5GHz : 4db\n Attenuation at 5.0GHz : 5db\n Attenuation at 7.0GHz : 7db\n Attenuation at 12.9GHz : 10db\n ........\n ...."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "e9c9692c8a81aacf0854f68ab54dc182f8be38e8",
"version_value": "c813f7a3161481483ae2077651b21bc217c419e0"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.13",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.103",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.20",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.2.7",
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/c813f7a3161481483ae2077651b21bc217c419e0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c813f7a3161481483ae2077651b21bc217c419e0"
},
{
"url": "https://git.kernel.org/stable/c/90b40ab29298db3a4879c1d3c4e685184386bce6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/90b40ab29298db3a4879c1d3c4e685184386bce6"
},
{
"url": "https://git.kernel.org/stable/c/8cfbdda65588e75bfbd93e5ee847efcb4796ad09",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8cfbdda65588e75bfbd93e5ee847efcb4796ad09"
},
{
"url": "https://git.kernel.org/stable/c/84cba1840e68430325ac133a11be06bfb2f7acd8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/84cba1840e68430325ac133a11be06bfb2f7acd8"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

158
2023/53xxx/CVE-2023-53143.json
View File

@ -1,18 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-53143",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix another off-by-one fsmap error on 1k block filesystems\n\nApparently syzbot figured out that issuing this FSMAP call:\n\nstruct fsmap_head cmd = {\n\t.fmh_count\t= ...;\n\t.fmh_keys\t= {\n\t\t{ .fmr_device = /* ext4 dev */, .fmr_physical = 0, },\n\t\t{ .fmr_device = /* ext4 dev */, .fmr_physical = 0, },\n\t},\n...\n};\nret = ioctl(fd, FS_IOC_GETFSMAP, &cmd);\n\nProduces this crash if the underlying filesystem is a 1k-block ext4\nfilesystem:\n\nkernel BUG at fs/ext4/ext4.h:3331!\ninvalid opcode: 0000 [#1] PREEMPT SMP\nCPU: 3 PID: 3227965 Comm: xfs_io Tainted: G W O 6.2.0-rc8-achx\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:ext4_mb_load_buddy_gfp+0x47c/0x570 [ext4]\nRSP: 0018:ffffc90007c03998 EFLAGS: 00010246\nRAX: ffff888004978000 RBX: ffffc90007c03a20 RCX: ffff888041618000\nRDX: 0000000000000000 RSI: 00000000000005a4 RDI: ffffffffa0c99b11\nRBP: ffff888012330000 R08: ffffffffa0c2b7d0 R09: 0000000000000400\nR10: ffffc90007c03950 R11: 0000000000000000 R12: 0000000000000001\nR13: 00000000ffffffff R14: 0000000000000c40 R15: ffff88802678c398\nFS: 00007fdf2020c880(0000) GS:ffff88807e100000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffd318a5fe8 CR3: 000000007f80f001 CR4: 00000000001706e0\nCall Trace:\n <TASK>\n ext4_mballoc_query_range+0x4b/0x210 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]\n ext4_getfsmap_datadev+0x713/0x890 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]\n ext4_getfsmap+0x2b7/0x330 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]\n ext4_ioc_getfsmap+0x153/0x2b0 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]\n __ext4_ioctl+0x2a7/0x17e0 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]\n __x64_sys_ioctl+0x82/0xa0\n do_syscall_64+0x2b/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7fdf20558aff\nRSP: 002b:00007ffd318a9e30 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00000000000200c0 RCX: 00007fdf20558aff\nRDX: 00007fdf1feb2010 RSI: 00000000c0c0583b RDI: 0000000000000003\nRBP: 00005625c0634be0 R08: 00005625c0634c40 R09: 0000000000000001\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fdf1feb2010\nR13: 00005625be70d994 R14: 0000000000000800 R15: 0000000000000000\n\nFor GETFSMAP calls, the caller selects a physical block device by\nwriting its block number into fsmap_head.fmh_keys[01].fmr_device.\nTo query mappings for a subrange of the device, the starting byte of the\nrange is written to fsmap_head.fmh_keys[0].fmr_physical and the last\nbyte of the range goes in fsmap_head.fmh_keys[1].fmr_physical.\n\nIOWs, to query what mappings overlap with bytes 3-14 of /dev/sda, you'd\nset the inputs as follows:\n\n\tfmh_keys[0] = { .fmr_device = major(8, 0), .fmr_physical = 3},\n\tfmh_keys[1] = { .fmr_device = major(8, 0), .fmr_physical = 14},\n\nWhich would return you whatever is mapped in the 12 bytes starting at\nphysical offset 3.\n\nThe crash is due to insufficient range validation of keys[1] in\next4_getfsmap_datadev. On 1k-block filesystems, block 0 is not part of\nthe filesystem, which means that s_first_data_block is nonzero.\next4_get_group_no_and_offset subtracts this quantity from the blocknr\nargument before cracking it into a group number and a block number\nwithin a group. IOWs, block group 0 spans blocks 1-8192 (1-based)\ninstead of 0-8191 (0-based) like what happens with larger blocksizes.\n\nThe net result of this encoding is that blocknr < s_first_data_block is\nnot a valid input to this function. The end_fsb variable is set from\nthe keys that are copied from userspace, which means that in the above\nexample, its value is zero. That leads to an underflow here:\n\n\tblocknr = blocknr - le32_to_cpu(es->s_first_data_block);\n\nThe division then operates on -1:\n\n\toffset = do_div(blocknr, EXT4_BLOCKS_PER_GROUP(sb)) >>\n\t\tEXT4_SB(sb)->s_cluster_bits;\n\nLeaving an impossibly large group number (2^32-1) in blocknr.\next4_getfsmap_check_keys checked that keys[0\n---truncated---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4a4956249dac0b9b0027949907bff0cd1a9b57fa",
"version_value": "a70b49dc7eee5dbe3775a650ce598e3557ff5475"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.13",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.310",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.278",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.237",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.175",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.103",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.20",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.2.7",
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/a70b49dc7eee5dbe3775a650ce598e3557ff5475",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a70b49dc7eee5dbe3775a650ce598e3557ff5475"
},
{
"url": "https://git.kernel.org/stable/c/f16054ac1774915160ca4e1c73ff7a269465a1b9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f16054ac1774915160ca4e1c73ff7a269465a1b9"
},
{
"url": "https://git.kernel.org/stable/c/c24f838493792b5e78a3596b4ca96375aa0af4c2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c24f838493792b5e78a3596b4ca96375aa0af4c2"
},
{
"url": "https://git.kernel.org/stable/c/1d2366624b4c19a2ba6baf67fe57f4a1b0f67c05",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1d2366624b4c19a2ba6baf67fe57f4a1b0f67c05"
},
{
"url": "https://git.kernel.org/stable/c/c5d7c31e17224d847a330180ec1b03bf390632b2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c5d7c31e17224d847a330180ec1b03bf390632b2"
},
{
"url": "https://git.kernel.org/stable/c/eb3a695aa71a514f2e7f5778e05faba3733b70a0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/eb3a695aa71a514f2e7f5778e05faba3733b70a0"
},
{
"url": "https://git.kernel.org/stable/c/15ebade3266b300da9cd1edce4004fe8fd6a2b88",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/15ebade3266b300da9cd1edce4004fe8fd6a2b88"
},
{
"url": "https://git.kernel.org/stable/c/c993799baf9c5861f8df91beb80e1611b12efcbd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c993799baf9c5861f8df91beb80e1611b12efcbd"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}