admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-12-29 03:27:25 +00:00
parent 04f75bcfb3
commit 83679bb6dd
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
13 changed files with 1663 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

199
2024/56xxx/CVE-2024-56690.json
View File

@ -1,18 +1,209 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56690",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY\n\nSince commit 8f4f68e788c3 (\"crypto: pcrypt - Fix hungtask for\nPADATA_RESET\"), the pcrypt encryption and decryption operations return\n-EAGAIN when the CPU goes online or offline. In alg_test(), a WARN is\ngenerated when pcrypt_aead_decrypt() or pcrypt_aead_encrypt() returns\n-EAGAIN, the unnecessary panic will occur when panic_on_warn set 1.\nFix this issue by calling crypto layer directly without parallelization\nin that case."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "039fec48e062504f14845124a1a25eb199b2ddc0",
"version_value": "dd8bf8eb5beba1e7c3b11a9a5a58ccbf345a69e6"
},
{
"version_affected": "<",
"version_name": "c9c1334697301c10e6918d747ed38abfbc0c96e7",
"version_value": "fca8aed12218f96b38e374ff264d78ea1fbd23cc"
},
{
"version_affected": "<",
"version_name": "e97bf4ada7dddacd184c3e196bd063b0dc71b41d",
"version_value": "a92ccd3618e42333ac6f150ecdac14dca298bc7a"
},
{
"version_affected": "<",
"version_name": "546c1796ad1ed0d87dab3c4b5156d75819be2316",
"version_value": "96001f52ae8c70e2c736d3e1e5dc53d5b521e5ca"
},
{
"version_affected": "<",
"version_name": "c55fc098fd9d2dca475b82d00ffbcaf97879d77e",
"version_value": "92834692a539b5b7f409e467a14667d64713b732"
},
{
"version_affected": "<",
"version_name": "372636debe852913529b1716f44addd94fff2d28",
"version_value": "5edae7a9a35606017ee6e05911c290acee9fee5a"
},
{
"version_affected": "<",
"version_name": "8f4f68e788c3a7a696546291258bfa5fdb215523",
"version_value": "a8e0074ffb38c9a5964a221bb998034d016c93a2"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.7",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.325",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.287",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.231",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.174",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.120",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.64",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.11.11",
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.2",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/dd8bf8eb5beba1e7c3b11a9a5a58ccbf345a69e6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dd8bf8eb5beba1e7c3b11a9a5a58ccbf345a69e6"
},
{
"url": "https://git.kernel.org/stable/c/fca8aed12218f96b38e374ff264d78ea1fbd23cc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fca8aed12218f96b38e374ff264d78ea1fbd23cc"
},
{
"url": "https://git.kernel.org/stable/c/a92ccd3618e42333ac6f150ecdac14dca298bc7a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a92ccd3618e42333ac6f150ecdac14dca298bc7a"
},
{
"url": "https://git.kernel.org/stable/c/96001f52ae8c70e2c736d3e1e5dc53d5b521e5ca",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/96001f52ae8c70e2c736d3e1e5dc53d5b521e5ca"
},
{
"url": "https://git.kernel.org/stable/c/92834692a539b5b7f409e467a14667d64713b732",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/92834692a539b5b7f409e467a14667d64713b732"
},
{
"url": "https://git.kernel.org/stable/c/5edae7a9a35606017ee6e05911c290acee9fee5a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5edae7a9a35606017ee6e05911c290acee9fee5a"
},
{
"url": "https://git.kernel.org/stable/c/a8e0074ffb38c9a5964a221bb998034d016c93a2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a8e0074ffb38c9a5964a221bb998034d016c93a2"
},
{
"url": "https://git.kernel.org/stable/c/7ddab756f2de5b7b43c122ebebdf37f400fb2b6f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7ddab756f2de5b7b43c122ebebdf37f400fb2b6f"
},
{
"url": "https://git.kernel.org/stable/c/662f2f13e66d3883b9238b0b96b17886179e60e2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/662f2f13e66d3883b9238b0b96b17886179e60e2"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

158
2024/56xxx/CVE-2024-56691.json
View File

@ -1,18 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56691",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device\n\nWhile design wise the idea of converting the driver to use\nthe hierarchy of the IRQ chips is correct, the implementation\nhas (inherited) flaws. This was unveiled when platform_get_irq()\nhad started WARN() on IRQ 0 that is supposed to be a Linux\nIRQ number (also known as vIRQ).\n\nRework the driver to respect IRQ domain when creating each MFD\ndevice separately, as the domain is not the same for all of them."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9c6235c8633210cc2da0882e2e9d6ff90aa37503",
"version_value": "0997e77c51330c2866a4f39480e762cca92ad953"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.9",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.9",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.287",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.231",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.174",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.120",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.64",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.11.11",
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.2",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0997e77c51330c2866a4f39480e762cca92ad953",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0997e77c51330c2866a4f39480e762cca92ad953"
},
{
"url": "https://git.kernel.org/stable/c/0b648968bfa4f5c9c4983bca9f2de17626ed6fb6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0b648968bfa4f5c9c4983bca9f2de17626ed6fb6"
},
{
"url": "https://git.kernel.org/stable/c/23230ac3c5ca3f154b64849d1cf50583b4e6b98c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/23230ac3c5ca3f154b64849d1cf50583b4e6b98c"
},
{
"url": "https://git.kernel.org/stable/c/c310e6916c0b297011d0fec03f168a6b24e9e984",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c310e6916c0b297011d0fec03f168a6b24e9e984"
},
{
"url": "https://git.kernel.org/stable/c/e1ef62e8d262e3f27446d26742208c1c81e9ee18",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e1ef62e8d262e3f27446d26742208c1c81e9ee18"
},
{
"url": "https://git.kernel.org/stable/c/518e414d24e7037d6cc7198e942bf47fe6f5e8e1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/518e414d24e7037d6cc7198e942bf47fe6f5e8e1"
},
{
"url": "https://git.kernel.org/stable/c/87a07a5b0b296e489c606ca95ffc16c18821975b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/87a07a5b0b296e489c606ca95ffc16c18821975b"
},
{
"url": "https://git.kernel.org/stable/c/686fb77712a4bc94b76a0c5ae74c60118b7a0d79",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/686fb77712a4bc94b76a0c5ae74c60118b7a0d79"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

104
2024/56xxx/CVE-2024-56692.json
View File

@ -1,18 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56692",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on node blkaddr in truncate_node()\n\nsyzbot reports a f2fs bug as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/segment.c:2534!\nRIP: 0010:f2fs_invalidate_blocks+0x35f/0x370 fs/f2fs/segment.c:2534\nCall Trace:\n truncate_node+0x1ae/0x8c0 fs/f2fs/node.c:909\n f2fs_remove_inode_page+0x5c2/0x870 fs/f2fs/node.c:1288\n f2fs_evict_inode+0x879/0x15c0 fs/f2fs/inode.c:856\n evict+0x4e8/0x9b0 fs/inode.c:723\n f2fs_handle_failed_inode+0x271/0x2e0 fs/f2fs/inode.c:986\n f2fs_create+0x357/0x530 fs/f2fs/namei.c:394\n lookup_open fs/namei.c:3595 [inline]\n open_last_lookups fs/namei.c:3694 [inline]\n path_openat+0x1c03/0x3590 fs/namei.c:3930\n do_filp_open+0x235/0x490 fs/namei.c:3960\n do_sys_openat2+0x13e/0x1d0 fs/open.c:1415\n do_sys_open fs/open.c:1430 [inline]\n __do_sys_openat fs/open.c:1446 [inline]\n __se_sys_openat fs/open.c:1441 [inline]\n __x64_sys_openat+0x247/0x2a0 fs/open.c:1441\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0010:f2fs_invalidate_blocks+0x35f/0x370 fs/f2fs/segment.c:2534\n\nThe root cause is: on a fuzzed image, blkaddr in nat entry may be\ncorrupted, then it will cause system panic when using it in\nf2fs_invalidate_blocks(), to avoid this, let's add sanity check on\nnat blkaddr in truncate_node()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "27d6e7eff07f8cce8e83b162d8f21a07458c860d"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6.64",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.11.11",
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.2",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/27d6e7eff07f8cce8e83b162d8f21a07458c860d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/27d6e7eff07f8cce8e83b162d8f21a07458c860d"
},
{
"url": "https://git.kernel.org/stable/c/c1077078ce4589b5e5387f6b0aaa0d4534b9eb57",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c1077078ce4589b5e5387f6b0aaa0d4534b9eb57"
},
{
"url": "https://git.kernel.org/stable/c/0a5c8b3fbf6200f1c66062d307c9a52084917788",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0a5c8b3fbf6200f1c66062d307c9a52084917788"
},
{
"url": "https://git.kernel.org/stable/c/6babe00ccd34fc65b78ef8b99754e32b4385f23d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6babe00ccd34fc65b78ef8b99754e32b4385f23d"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

136
2024/56xxx/CVE-2024-56693.json
View File

@ -1,18 +1,146 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56693",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbrd: defer automatic disk creation until module initialization succeeds\n\nMy colleague Wupeng found the following problems during fault injection:\n\nBUG: unable to handle page fault for address: fffffbfff809d073\nPGD 6e648067 P4D 123ec8067 PUD 123ec4067 PMD 100e38067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 5 UID: 0 PID: 755 Comm: modprobe Not tainted 6.12.0-rc3+ #17\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:__asan_load8+0x4c/0xa0\n...\nCall Trace:\n <TASK>\n blkdev_put_whole+0x41/0x70\n bdev_release+0x1a3/0x250\n blkdev_release+0x11/0x20\n __fput+0x1d7/0x4a0\n task_work_run+0xfc/0x180\n syscall_exit_to_user_mode+0x1de/0x1f0\n do_syscall_64+0x6b/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nloop_init() is calling loop_add() after __register_blkdev() succeeds and\nis ignoring disk_add() failure from loop_add(), for loop_add() failure\nis not fatal and successfully created disks are already visible to\nbdev_open().\n\nbrd_init() is currently calling brd_alloc() before __register_blkdev()\nsucceeds and is releasing successfully created disks when brd_init()\nreturns an error. This can cause UAF for the latter two case:\n\ncase 1:\n T1:\nmodprobe brd\n brd_init\n brd_alloc(0) // success\n add_disk\n disk_scan_partitions\n bdev_file_open_by_dev // alloc file\n fput // won't free until back to userspace\n brd_alloc(1) // failed since mem alloc error inject\n // error path for modprobe will release code segment\n // back to userspace\n __fput\n blkdev_release\n bdev_release\n blkdev_put_whole\n bdev->bd_disk->fops->release // fops is freed now, UAF!\n\ncase 2:\n T1: T2:\nmodprobe brd\n brd_init\n brd_alloc(0) // success\n open(/dev/ram0)\n brd_alloc(1) // fail\n // error path for modprobe\n\n close(/dev/ram0)\n ...\n /* UAF! */\n bdev->bd_disk->fops->release\n\nFix this problem by following what loop_init() does. Besides,\nreintroduce brd_devices_mutex to help serialize modifications to\nbrd_list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7f9b348cb5e94259acdcbafbcaed55d3bb515304",
"version_value": "41219c147df8bbd6591f59af5d695fb6c9a1cbff"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.174",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.120",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.64",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.11.11",
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.2",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/41219c147df8bbd6591f59af5d695fb6c9a1cbff",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/41219c147df8bbd6591f59af5d695fb6c9a1cbff"
},
{
"url": "https://git.kernel.org/stable/c/259bf925583ec9e3781df778cadf00594095090d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/259bf925583ec9e3781df778cadf00594095090d"
},
{
"url": "https://git.kernel.org/stable/c/410896624db639500f24f46478b4bfa05c76bf56",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/410896624db639500f24f46478b4bfa05c76bf56"
},
{
"url": "https://git.kernel.org/stable/c/c0c2744cd2939ec5999c51dbaf2af16886548b7b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c0c2744cd2939ec5999c51dbaf2af16886548b7b"
},
{
"url": "https://git.kernel.org/stable/c/63dfd728b30f79495dacc886127695a379805152",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/63dfd728b30f79495dacc886127695a379805152"
},
{
"url": "https://git.kernel.org/stable/c/826cc42adf44930a633d11a5993676d85ddb0842",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/826cc42adf44930a633d11a5993676d85ddb0842"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

151
2024/56xxx/CVE-2024-56694.json
View File

@ -1,18 +1,161 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56694",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix recursive lock when verdict program return SK_PASS\n\nWhen the stream_verdict program returns SK_PASS, it places the received skb\ninto its own receive queue, but a recursive lock eventually occurs, leading\nto an operating system deadlock. This issue has been present since v6.9.\n\n'''\nsk_psock_strp_data_ready\n write_lock_bh(&sk->sk_callback_lock)\n strp_data_ready\n strp_read_sock\n read_sock -> tcp_read_sock\n strp_recv\n cb.rcv_msg -> sk_psock_strp_read\n # now stream_verdict return SK_PASS without peer sock assign\n __SK_PASS = sk_psock_map_verd(SK_PASS, NULL)\n sk_psock_verdict_apply\n sk_psock_skb_ingress_self\n sk_psock_skb_ingress_enqueue\n sk_psock_data_ready\n read_lock_bh(&sk->sk_callback_lock) <= dead lock\n\n'''\n\nThis topic has been discussed before, but it has not been fixed.\nPrevious discussion:\nhttps://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5965bc7535fb87510b724e5465ccc1a1cf00916d",
"version_value": "6694f7acd625ed854bf6342926e771d65dad7f69"
},
{
"version_affected": "<",
"version_name": "39dc9e1442385d6e9be0b6491ee488dddd55ae27",
"version_value": "386efa339e08563dd33e83bc951aea5d407fe578"
},
{
"version_affected": "<",
"version_name": "b397a0ab8582c533ec0c6b732392f141fc364f87",
"version_value": "da2bc8a0c8f3ac66fdf980fc59936f851a083561"
},
{
"version_affected": "<",
"version_name": "6648e613226e18897231ab5e42ffc29e63fa3365",
"version_value": "01f1b88acfd79103da0610b45471f6c88ea98d72"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.9",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.9",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.174",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.120",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.64",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.11.11",
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.2",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/6694f7acd625ed854bf6342926e771d65dad7f69",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6694f7acd625ed854bf6342926e771d65dad7f69"
},
{
"url": "https://git.kernel.org/stable/c/386efa339e08563dd33e83bc951aea5d407fe578",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/386efa339e08563dd33e83bc951aea5d407fe578"
},
{
"url": "https://git.kernel.org/stable/c/da2bc8a0c8f3ac66fdf980fc59936f851a083561",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/da2bc8a0c8f3ac66fdf980fc59936f851a083561"
},
{
"url": "https://git.kernel.org/stable/c/01f1b88acfd79103da0610b45471f6c88ea98d72",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/01f1b88acfd79103da0610b45471f6c88ea98d72"
},
{
"url": "https://git.kernel.org/stable/c/f84c5ef6ca23cc2f72f3b830d74f67944684bb05",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f84c5ef6ca23cc2f72f3b830d74f67944684bb05"
},
{
"url": "https://git.kernel.org/stable/c/8ca2a1eeadf09862190b2810697702d803ceef2d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8ca2a1eeadf09862190b2810697702d803ceef2d"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

92
2024/56xxx/CVE-2024-56695.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56695",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Use dynamic allocation for CU occupancy array in 'kfd_get_cu_occupancy()'\n\nThe `kfd_get_cu_occupancy` function previously declared a large\n`cu_occupancy` array as a local variable, which could lead to stack\noverflows due to excessive stack usage. This commit replaces the static\narray allocation with dynamic memory allocation using `kcalloc`,\nthereby reducing the stack size.\n\nThis change avoids the risk of stack overflows in kernel space, in\nscenarios where `AMDGPU_MAX_QUEUES` is large. The allocated memory is\nfreed using `kfree` before the function returns to prevent memory\nleaks.\n\nFixes the below with gcc W=1:\ndrivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_process.c: In function \u2018kfd_get_cu_occupancy\u2019:\ndrivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_process.c:322:1: warning: the frame size of 1056 bytes is larger than 1024 bytes [-Wframe-larger-than=]\n 322 | }\n | ^"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6ae9e1aba97e4cdaa31a0bfdc07497ad0e915c84",
"version_value": "6d9f07196389f35a3afebcf1a12c1425725caddd"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.12",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.2",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/6d9f07196389f35a3afebcf1a12c1425725caddd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6d9f07196389f35a3afebcf1a12c1425725caddd"
},
{
"url": "https://git.kernel.org/stable/c/922f0e00017b09d9d47e3efac008c8b20ed546a0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/922f0e00017b09d9d47e3efac008c8b20ed546a0"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

103
2024/56xxx/CVE-2024-56696.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56696",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: core: Fix possible NULL dereference caused by kunit_kzalloc()\n\nkunit_kzalloc() may return a NULL pointer, dereferencing it without\nNULL check may lead to NULL dereference.\nAdd NULL checks for all the kunit_kzalloc() in sound_kunit.c"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3e39acf56ededdebd1033349a16b704839b94b28",
"version_value": "f5486bf8abfe778b368d8fd1aa655dc01d0013ca"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.9",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.9",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.11.11",
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.2",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f5486bf8abfe778b368d8fd1aa655dc01d0013ca",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f5486bf8abfe778b368d8fd1aa655dc01d0013ca"
},
{
"url": "https://git.kernel.org/stable/c/8bfff486ecc79a72e9380e2d5e0ff234d5542d2f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8bfff486ecc79a72e9380e2d5e0ff234d5542d2f"
},
{
"url": "https://git.kernel.org/stable/c/9ad467a2b2716d4ed12f003b041aa6c776a13ff5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9ad467a2b2716d4ed12f003b041aa6c776a13ff5"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

103
2024/56xxx/CVE-2024-56697.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56697",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the memory allocation issue in amdgpu_discovery_get_nps_info()\n\nFix two issues with memory allocation in amdgpu_discovery_get_nps_info()\nfor mem_ranges:\n\n - Add a check for allocation failure to avoid dereferencing a null\n pointer.\n\n - As suggested by Christophe, use kvcalloc() for memory allocation,\n which checks for multiplication overflow.\n\nAdditionally, assign the output parameters nps_type and range_cnt after\nthe kvcalloc() call to prevent modifying the output parameters in case\nof an error return."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "b194d21b9bcc15b50df1bc3ff7428e51c2918a6f",
"version_value": "d14bea4e094871226ea69772d69dab8b7b5f4915"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.11",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.11",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.11.11",
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.2",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d14bea4e094871226ea69772d69dab8b7b5f4915",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d14bea4e094871226ea69772d69dab8b7b5f4915"
},
{
"url": "https://git.kernel.org/stable/c/e8f1dbaa0437eba4e8c1d6a6d81eca2e2ce3d197",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e8f1dbaa0437eba4e8c1d6a6d81eca2e2ce3d197"
},
{
"url": "https://git.kernel.org/stable/c/a1144da794adedb9447437c57d69add56494309d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a1144da794adedb9447437c57d69add56494309d"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

147
2024/56xxx/CVE-2024-56698.json
View File

@ -1,18 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56698",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: gadget: Fix looping of queued SG entries\n\nThe dwc3_request->num_queued_sgs is decremented on completion. If a\npartially completed request is handled, then the\ndwc3_request->num_queued_sgs no longer reflects the total number of\nnum_queued_sgs (it would be cleared).\n\nCorrectly check the number of request SG entries remained to be prepare\nand queued. Failure to do this may cause null pointer dereference when\naccessing non-existent SG entry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "c96e6725db9d6a04ac1bee881e3034b636d9f71c",
"version_value": "8ceb21d76426bbe7072cc3e43281e70c0d664cc7"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.18",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.18",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.231",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.174",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.120",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.64",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.11.11",
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.2",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/8ceb21d76426bbe7072cc3e43281e70c0d664cc7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8ceb21d76426bbe7072cc3e43281e70c0d664cc7"
},
{
"url": "https://git.kernel.org/stable/c/0247da93bf62d33304b7bf97850ebf2a86e06d28",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0247da93bf62d33304b7bf97850ebf2a86e06d28"
},
{
"url": "https://git.kernel.org/stable/c/c9e72352a10ae89a430449f7bfeb043e75c255d9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c9e72352a10ae89a430449f7bfeb043e75c255d9"
},
{
"url": "https://git.kernel.org/stable/c/1534f6f69393aac773465d80d31801b554352627",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1534f6f69393aac773465d80d31801b554352627"
},
{
"url": "https://git.kernel.org/stable/c/b7c3d0b59213ebeedff63d128728ce0b3d7a51ec",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b7c3d0b59213ebeedff63d128728ce0b3d7a51ec"
},
{
"url": "https://git.kernel.org/stable/c/70777a23a54e359cfdfafc625a57cd56434f3859",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/70777a23a54e359cfdfafc625a57cd56434f3859"
},
{
"url": "https://git.kernel.org/stable/c/b7fc65f5141c24785dc8c19249ca4efcf71b3524",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b7fc65f5141c24785dc8c19249ca4efcf71b3524"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

103
2024/56xxx/CVE-2024-56699.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56699",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pci: Fix potential double remove of hotplug slot\n\nIn commit 6ee600bfbe0f (\"s390/pci: remove hotplug slot when releasing the\ndevice\") the zpci_exit_slot() was moved from zpci_device_reserved() to\nzpci_release_device() with the intention of keeping the hotplug slot\naround until the device is actually removed.\n\nNow zpci_release_device() is only called once all references are\ndropped. Since the zPCI subsystem only drops its reference once the\ndevice is in the reserved state it follows that zpci_release_device()\nmust only deal with devices in the reserved state. Despite that it\ncontains code to tear down from both configured and standby state. For\nthe standby case this already includes the removal of the hotplug slot\nso would cause a double removal if a device was ever removed in\neither configured or standby state.\n\nInstead of causing a potential double removal in a case that should\nnever happen explicitly WARN_ON() if a device in non-reserved state is\nreleased and get rid of the dead code cases."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6ee600bfbe0f818ffb7748d99e9b0c89d0d9f02a",
"version_value": "c1489651071ab1be46d2af1da8adb15c9fc3c069"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.9",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.9",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.11.11",
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.2",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/c1489651071ab1be46d2af1da8adb15c9fc3c069",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c1489651071ab1be46d2af1da8adb15c9fc3c069"
},
{
"url": "https://git.kernel.org/stable/c/371bd905599d18da62d75e3974acbf6a41e315c7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/371bd905599d18da62d75e3974acbf6a41e315c7"
},
{
"url": "https://git.kernel.org/stable/c/c4a585e952ca403a370586d3f16e8331a7564901",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c4a585e952ca403a370586d3f16e8331a7564901"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

169
2024/56xxx/CVE-2024-56700.json
View File

@ -1,18 +1,179 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56700",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: wl128x: Fix atomicity violation in fmc_send_cmd()\n\nAtomicity violation occurs when the fmc_send_cmd() function is executed\nsimultaneously with the modification of the fmdev->resp_skb value.\nConsider a scenario where, after passing the validity check within the\nfunction, a non-null fmdev->resp_skb variable is assigned a null value.\nThis results in an invalid fmdev->resp_skb variable passing the validity\ncheck. As seen in the later part of the function, skb = fmdev->resp_skb;\nwhen the invalid fmdev->resp_skb passes the check, a null pointer\ndereference error may occur at line 478, evt_hdr = (void *)skb->data;\n\nTo address this issue, it is recommended to include the validity check of\nfmdev->resp_skb within the locked section of the function. This\nmodification ensures that the value of fmdev->resp_skb does not change\nduring the validation process, thereby maintaining its validity.\n\nThis possible bug is found by an experimental static analysis tool\ndeveloped by our team. This tool analyzes the locking APIs\nto extract function pairs that can be concurrently executed, and then\nanalyzes the instructions in the paired functions to identify possible\nconcurrency bugs including data races and atomicity violations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "e8454ff7b9a4d56f02c095bff12d3c92ef4c7fa6",
"version_value": "d16109c9fdc1b8cea4fe63b42e06e926c3f68990"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.39",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.39",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.325",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.287",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.231",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.174",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.120",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.64",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.11.11",
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.2",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d16109c9fdc1b8cea4fe63b42e06e926c3f68990",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d16109c9fdc1b8cea4fe63b42e06e926c3f68990"
},
{
"url": "https://git.kernel.org/stable/c/3c818ad07e964bca3d27adac1e1f50e1e3c9180e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3c818ad07e964bca3d27adac1e1f50e1e3c9180e"
},
{
"url": "https://git.kernel.org/stable/c/d7408a052aa1b4f6fb6f1c7a8877b84017a07ac9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d7408a052aa1b4f6fb6f1c7a8877b84017a07ac9"
},
{
"url": "https://git.kernel.org/stable/c/ed228b74d8a500380150965d5becabf9a1e33141",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ed228b74d8a500380150965d5becabf9a1e33141"
},
{
"url": "https://git.kernel.org/stable/c/372dc9509122e5d45d4c12978e31c3c7d00aaca4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/372dc9509122e5d45d4c12978e31c3c7d00aaca4"
},
{
"url": "https://git.kernel.org/stable/c/378ce4e08ca2b1ac7bbf1d57b68643ca4226c5f8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/378ce4e08ca2b1ac7bbf1d57b68643ca4226c5f8"
},
{
"url": "https://git.kernel.org/stable/c/2e63c908de357048180516b84740ed62dac0b269",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2e63c908de357048180516b84740ed62dac0b269"
},
{
"url": "https://git.kernel.org/stable/c/80a3b2ee01eecf22dfa06968b3cde92c691dea10",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/80a3b2ee01eecf22dfa06968b3cde92c691dea10"
},
{
"url": "https://git.kernel.org/stable/c/ca59f9956d4519ab18ab2270be47c6b8c6ced091",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ca59f9956d4519ab18ab2270be47c6b8c6ced091"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

147
2024/56xxx/CVE-2024-56701.json
View File

@ -1,18 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56701",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Fix dtl_access_lock to be a rw_semaphore\n\nThe dtl_access_lock needs to be a rw_sempahore, a sleeping lock, because\nthe code calls kmalloc() while holding it, which can sleep:\n\n # echo 1 > /proc/powerpc/vcpudispatch_stats\n BUG: sleeping function called from invalid context at include/linux/sched/mm.h:337\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 199, name: sh\n preempt_count: 1, expected: 0\n 3 locks held by sh/199:\n #0: c00000000a0743f8 (sb_writers#3){.+.+}-{0:0}, at: vfs_write+0x324/0x438\n #1: c0000000028c7058 (dtl_enable_mutex){+.+.}-{3:3}, at: vcpudispatch_stats_write+0xd4/0x5f4\n #2: c0000000028c70b8 (dtl_access_lock){+.+.}-{2:2}, at: vcpudispatch_stats_write+0x220/0x5f4\n CPU: 0 PID: 199 Comm: sh Not tainted 6.10.0-rc4 #152\n Hardware name: IBM pSeries (emulated by qemu) POWER9 (raw) 0x4e1202 0xf000005 of:SLOF,HEAD hv:linux,kvm pSeries\n Call Trace:\n dump_stack_lvl+0x130/0x148 (unreliable)\n __might_resched+0x174/0x410\n kmem_cache_alloc_noprof+0x340/0x3d0\n alloc_dtl_buffers+0x124/0x1ac\n vcpudispatch_stats_write+0x2a8/0x5f4\n proc_reg_write+0xf4/0x150\n vfs_write+0xfc/0x438\n ksys_write+0x88/0x148\n system_call_exception+0x1c4/0x5a0\n system_call_common+0xf4/0x258"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "06220d78f24a20549757be1014e57c382406cc92",
"version_value": "6956c0e7346ce1bbfc726755aa8da10d26e84276"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.3",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.3",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.231",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.174",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.120",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.64",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.11.11",
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.2",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/6956c0e7346ce1bbfc726755aa8da10d26e84276",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6956c0e7346ce1bbfc726755aa8da10d26e84276"
},
{
"url": "https://git.kernel.org/stable/c/f6ec133668757f84e5143f1eb141fd0b83778b9e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f6ec133668757f84e5143f1eb141fd0b83778b9e"
},
{
"url": "https://git.kernel.org/stable/c/fa5b5ea257135e771b489c83a2e93b5935d0108e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fa5b5ea257135e771b489c83a2e93b5935d0108e"
},
{
"url": "https://git.kernel.org/stable/c/a246daa26b717e755ccc9061f47f7cd1c0b358dd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a246daa26b717e755ccc9061f47f7cd1c0b358dd"
},
{
"url": "https://git.kernel.org/stable/c/b125d0cf1adde7b2b47d7337fed7e9133eea3463",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b125d0cf1adde7b2b47d7337fed7e9133eea3463"
},
{
"url": "https://git.kernel.org/stable/c/525e18f1ba7c2b098c8ba587fb397efb34a6574c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/525e18f1ba7c2b098c8ba587fb397efb34a6574c"
},
{
"url": "https://git.kernel.org/stable/c/cadae3a45d23aa4f6485938a67cbc47aaaa25e38",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cadae3a45d23aa4f6485938a67cbc47aaaa25e38"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

103
2024/56xxx/CVE-2024-56702.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56702",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark raw_tp arguments with PTR_MAYBE_NULL\n\nArguments to a raw tracepoint are tagged as trusted, which carries the\nsemantics that the pointer will be non-NULL. However, in certain cases,\na raw tracepoint argument may end up being NULL. More context about this\nissue is available in [0].\n\nThus, there is a discrepancy between the reality, that raw_tp arguments\ncan actually be NULL, and the verifier's knowledge, that they are never\nNULL, causing explicit NULL checks to be deleted, and accesses to such\npointers potentially crashing the kernel.\n\nTo fix this, mark raw_tp arguments as PTR_MAYBE_NULL, and then special\ncase the dereference and pointer arithmetic to permit it, and allow\npassing them into helpers/kfuncs; these exceptions are made for raw_tp\nprograms only. Ensure that we don't do this when ref_obj_id > 0, as in\nthat case this is an acquired object and doesn't need such adjustment.\n\nThe reason we do mask_raw_tp_trusted_reg logic is because other will\nrecheck in places whether the register is a trusted_reg, and then\nconsider our register as untrusted when detecting the presence of the\nPTR_MAYBE_NULL flag.\n\nTo allow safe dereference, we enable PROBE_MEM marking when we see loads\ninto trusted pointers with PTR_MAYBE_NULL.\n\nWhile trusted raw_tp arguments can also be passed into helpers or kfuncs\nwhere such broken assumption may cause issues, a future patch set will\ntackle their case separately, as PTR_TO_BTF_ID (without PTR_TRUSTED) can\nalready be passed into helpers and causes similar problems. Thus, they\nare left alone for now.\n\nIt is possible that these checks also permit passing non-raw_tp args\nthat are trusted PTR_TO_BTF_ID with null marking. In such a case,\nallowing dereference when pointer is NULL expands allowed behavior, so\nwon't regress existing programs, and the case of passing these into\nhelpers is the same as above and will be dealt with later.\n\nAlso update the failure case in tp_btf_nullable selftest to capture the\nnew behavior, as the verifier will no longer cause an error when\ndirectly dereference a raw tracepoint argument marked as __nullable.\n\n [0]: https://lore.kernel.org/bpf/ZrCZS6nisraEqehw@jlelli-thinkpadt14gen4.remote.csb"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3f00c52393445ed49aadc1a567aa502c6333b1a1",
"version_value": "c9b91d2d54175f781ad2c361cb2ac2c0e29b14b6"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.2",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.2",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.11.11",
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.2",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/c9b91d2d54175f781ad2c361cb2ac2c0e29b14b6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c9b91d2d54175f781ad2c361cb2ac2c0e29b14b6"
},
{
"url": "https://git.kernel.org/stable/c/3634d4a310820567fc634bf8f1ee2b91378773e8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3634d4a310820567fc634bf8f1ee2b91378773e8"
},
{
"url": "https://git.kernel.org/stable/c/cb4158ce8ec8a5bb528cc1693356a5eb8058094d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cb4158ce8ec8a5bb528cc1693356a5eb8058094d"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}