admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-06-19 15:00:34 +00:00
parent 99926ad082
commit 8af54bf182
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
62 changed files with 5955 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
2021/47xxx/CVE-2021-47573.json
View File

@ -1,18 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47573",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/blkfront: harden blkfront against event channel storms\n\nThe Xen blkfront driver is still vulnerable for an attack via excessive\nnumber of events sent by the backend. Fix that by using lateeoi event\nchannels.\n\nThis is part of XSA-391"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "3e04b9e6aa7d"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.4.296",
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.9.294",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.259",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.222",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.168",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/3e04b9e6aa7d77287e70a400be83060d2b7b2cfe",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3e04b9e6aa7d77287e70a400be83060d2b7b2cfe"
},
{
"url": "https://git.kernel.org/stable/c/25898389795bd85d8e1520c0c75c3ad906c17da7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/25898389795bd85d8e1520c0c75c3ad906c17da7"
},
{
"url": "https://git.kernel.org/stable/c/5ac3b68b79c9e964dd6f3cf80ff825518e502b79",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5ac3b68b79c9e964dd6f3cf80ff825518e502b79"
},
{
"url": "https://git.kernel.org/stable/c/269d7124bcfad2558d2329d0fe603ca20b20d3f4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/269d7124bcfad2558d2329d0fe603ca20b20d3f4"
},
{
"url": "https://git.kernel.org/stable/c/4ed9f5c511ce95cb8db05ff82026ea901f45fd76",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4ed9f5c511ce95cb8db05ff82026ea901f45fd76"
},
{
"url": "https://git.kernel.org/stable/c/8ac3b6ee7c9ff2df7c99624bb1235e2e55623825",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8ac3b6ee7c9ff2df7c99624bb1235e2e55623825"
},
{
"url": "https://git.kernel.org/stable/c/caf9b51829a50590b84daea924a0fd62d32bc952",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/caf9b51829a50590b84daea924a0fd62d32bc952"
},
{
"url": "https://git.kernel.org/stable/c/0fd08a34e8e3b67ec9bd8287ac0facf8374b844a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0fd08a34e8e3b67ec9bd8287ac0facf8374b844a"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

148
2021/47xxx/CVE-2021-47574.json
View File

@ -1,18 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47574",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/netfront: harden netfront against event channel storms\n\nThe Xen netfront driver is still vulnerable for an attack via excessive\nnumber of events sent by the backend. Fix that by using lateeoi event\nchannels.\n\nFor being able to detect the case of no rx responses being added while\nthe carrier is down a new lock is needed in order to update and test\nrsp_cons and the number of seen unconsumed responses atomically.\n\nThis is part of XSA-391\n\n---\nV2:\n- don't eoi irq in case of interface set broken (Jan Beulich)\n- handle carrier off + no new responses added (Jan Beulich)\nV3:\n- add rx_ prefix to rsp_unconsumed (Jan Beulich)\n- correct xennet_set_rx_rsp_cons() spelling (Jan Beulich)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "81900aa7d7a1"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.4.296",
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.9.294",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.259",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.222",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.168",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/81900aa7d7a130dec4c55b68875e30fb8c9effec",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/81900aa7d7a130dec4c55b68875e30fb8c9effec"
},
{
"url": "https://git.kernel.org/stable/c/99120c8230fdd5e8b72a6e4162db9e1c0a61954a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/99120c8230fdd5e8b72a6e4162db9e1c0a61954a"
},
{
"url": "https://git.kernel.org/stable/c/4bf81386e3d6e5083c93d51eff70260bcec091bb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4bf81386e3d6e5083c93d51eff70260bcec091bb"
},
{
"url": "https://git.kernel.org/stable/c/3559ca594f15fcd23ed10c0056d40d71e5dab8e5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3559ca594f15fcd23ed10c0056d40d71e5dab8e5"
},
{
"url": "https://git.kernel.org/stable/c/3e68d099f09c260a7dee28b99af02fe6977a9e66",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3e68d099f09c260a7dee28b99af02fe6977a9e66"
},
{
"url": "https://git.kernel.org/stable/c/d31b3379179d64724d3bbfa87bd4ada94e3237de",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d31b3379179d64724d3bbfa87bd4ada94e3237de"
},
{
"url": "https://git.kernel.org/stable/c/a29c8b5226eda52e6d6ff151d9343558ea3ad451",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a29c8b5226eda52e6d6ff151d9343558ea3ad451"
},
{
"url": "https://git.kernel.org/stable/c/b27d47950e481f292c0a5ad57357edb9d95d03ba",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b27d47950e481f292c0a5ad57357edb9d95d03ba"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

148
2021/47xxx/CVE-2021-47575.json
View File

@ -1,18 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47575",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/console: harden hvc_xen against event channel storms\n\nThe Xen console driver is still vulnerable for an attack via excessive\nnumber of events sent by the backend. Fix that by using a lateeoi event\nchannel.\n\nFor the normal domU initial console this requires the introduction of\nbind_evtchn_to_irq_lateeoi() as there is no xenbus device available\nat the time the event channel is bound to the irq.\n\nAs the decision whether an interrupt was spurious or not requires to\ntest for bytes having been read from the backend, move sending the\nevent into the if statement, as sending an event without having found\nany bytes to be read is making no sense at all.\n\nThis is part of XSA-391\n\n---\nV2:\n- slightly adapt spurious irq detection (Jan Beulich)\nV3:\n- fix spurious irq detection (Jan Beulich)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "c7eaa5082bcc"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.4.296",
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.9.294",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.259",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.222",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.168",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/c7eaa5082bccfc00dfdb500ac6cc86d6f24ca027",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c7eaa5082bccfc00dfdb500ac6cc86d6f24ca027"
},
{
"url": "https://git.kernel.org/stable/c/728389c21176b2095fa58e858d5ef1d2f2aac429",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/728389c21176b2095fa58e858d5ef1d2f2aac429"
},
{
"url": "https://git.kernel.org/stable/c/68b78f976ca47d52c03c41eded207a312e46b934",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/68b78f976ca47d52c03c41eded207a312e46b934"
},
{
"url": "https://git.kernel.org/stable/c/57e46acb3b48ea4e8efb1e1bea2e89e0c6cc43e2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/57e46acb3b48ea4e8efb1e1bea2e89e0c6cc43e2"
},
{
"url": "https://git.kernel.org/stable/c/560e64413b4a6d9bd6630e350d5f2e6a05f6ffe3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/560e64413b4a6d9bd6630e350d5f2e6a05f6ffe3"
},
{
"url": "https://git.kernel.org/stable/c/8fa3a370cc2af858a9ba662ca4f2bd0917550563",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8fa3a370cc2af858a9ba662ca4f2bd0917550563"
},
{
"url": "https://git.kernel.org/stable/c/153d1ea3272209fc970116f09051002d14422cde",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/153d1ea3272209fc970116f09051002d14422cde"
},
{
"url": "https://git.kernel.org/stable/c/fe415186b43df0db1f17fa3a46275fd92107fe71",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fe415186b43df0db1f17fa3a46275fd92107fe71"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

137
2021/47xxx/CVE-2021-47576.json
View File

@ -1,18 +1,147 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47576",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()\n\nIn resp_mode_select() sanity check the block descriptor len to avoid UAF.\n\nBUG: KASAN: use-after-free in resp_mode_select+0xa4c/0xb40 drivers/scsi/scsi_debug.c:2509\nRead of size 1 at addr ffff888026670f50 by task scsicmd/15032\n\nCPU: 1 PID: 15032 Comm: scsicmd Not tainted 5.15.0-01d0625 #15\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nCall Trace:\n <TASK>\n dump_stack_lvl+0x89/0xb5 lib/dump_stack.c:107\n print_address_description.constprop.9+0x28/0x160 mm/kasan/report.c:257\n kasan_report.cold.14+0x7d/0x117 mm/kasan/report.c:443\n __asan_report_load1_noabort+0x14/0x20 mm/kasan/report_generic.c:306\n resp_mode_select+0xa4c/0xb40 drivers/scsi/scsi_debug.c:2509\n schedule_resp+0x4af/0x1a10 drivers/scsi/scsi_debug.c:5483\n scsi_debug_queuecommand+0x8c9/0x1e70 drivers/scsi/scsi_debug.c:7537\n scsi_queue_rq+0x16b4/0x2d10 drivers/scsi/scsi_lib.c:1521\n blk_mq_dispatch_rq_list+0xb9b/0x2700 block/blk-mq.c:1640\n __blk_mq_sched_dispatch_requests+0x28f/0x590 block/blk-mq-sched.c:325\n blk_mq_sched_dispatch_requests+0x105/0x190 block/blk-mq-sched.c:358\n __blk_mq_run_hw_queue+0xe5/0x150 block/blk-mq.c:1762\n __blk_mq_delay_run_hw_queue+0x4f8/0x5c0 block/blk-mq.c:1839\n blk_mq_run_hw_queue+0x18d/0x350 block/blk-mq.c:1891\n blk_mq_sched_insert_request+0x3db/0x4e0 block/blk-mq-sched.c:474\n blk_execute_rq_nowait+0x16b/0x1c0 block/blk-exec.c:63\n sg_common_write.isra.18+0xeb3/0x2000 drivers/scsi/sg.c:837\n sg_new_write.isra.19+0x570/0x8c0 drivers/scsi/sg.c:775\n sg_ioctl_common+0x14d6/0x2710 drivers/scsi/sg.c:941\n sg_ioctl+0xa2/0x180 drivers/scsi/sg.c:1166\n __x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:52\n do_syscall_64+0x3a/0x80 arch/x86/entry/common.c:50\n entry_SYSCALL_64_after_hwframe+0x44/0xae arch/x86/entry/entry_64.S:113"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "adcecd50da6c"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.9.294",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.259",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.222",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.168",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/adcecd50da6cab7b4957cba0606771dcc846c5a9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/adcecd50da6cab7b4957cba0606771dcc846c5a9"
},
{
"url": "https://git.kernel.org/stable/c/90491283b4064220682e4b0687d07b05df01e3bf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/90491283b4064220682e4b0687d07b05df01e3bf"
},
{
"url": "https://git.kernel.org/stable/c/04181973c38f3d6a353f9246dcf7fee08024fd9e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/04181973c38f3d6a353f9246dcf7fee08024fd9e"
},
{
"url": "https://git.kernel.org/stable/c/b847ecff850719c46c95acd25a0d555dfd16e10d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b847ecff850719c46c95acd25a0d555dfd16e10d"
},
{
"url": "https://git.kernel.org/stable/c/a9078e791426c2cbbdf28a320c3670f6e0a611e6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a9078e791426c2cbbdf28a320c3670f6e0a611e6"
},
{
"url": "https://git.kernel.org/stable/c/dfc3fff63793c571147930b13c0f8c689c4281ac",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dfc3fff63793c571147930b13c0f8c689c4281ac"
},
{
"url": "https://git.kernel.org/stable/c/e0a2c28da11e2c2b963fc01d50acbf03045ac732",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e0a2c28da11e2c2b963fc01d50acbf03045ac732"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

82
2021/47xxx/CVE-2021-47577.json
View File

@ -1,18 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47577",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio-wq: check for wq exit after adding new worker task_work\n\nWe check IO_WQ_BIT_EXIT before attempting to create a new worker, and\nwq exit cancels pending work if we have any. But it's possible to have\na race between the two, where creation checks exit finding it not set,\nbut we're in the process of exiting. The exit side will cancel pending\ncreation task_work, but there's a gap where we add task_work after we've\ncanceled existing creations at exit time.\n\nFix this by checking the EXIT bit post adding the creation task_work.\nIf it's set, run the same cancelation that exit does."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "4b4e5bbf9386"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/4b4e5bbf9386d4ec21d91c0cb0fd60b9bba778ec",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4b4e5bbf9386d4ec21d91c0cb0fd60b9bba778ec"
},
{
"url": "https://git.kernel.org/stable/c/71a85387546e50b1a37b0fa45dadcae3bfb35cf6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/71a85387546e50b1a37b0fa45dadcae3bfb35cf6"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

93
2021/47xxx/CVE-2021-47578.json
View File

@ -1,18 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47578",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_debug: Don't call kcalloc() if size arg is zero\n\nIf the size arg to kcalloc() is zero, it returns ZERO_SIZE_PTR. Because of\nthat, for a following NULL pointer check to work on the returned pointer,\nkcalloc() must not be called with the size arg equal to zero. Return early\nwithout error before the kcalloc() call if size arg is zero.\n\nBUG: KASAN: null-ptr-deref in memcpy include/linux/fortify-string.h:191 [inline]\nBUG: KASAN: null-ptr-deref in sg_copy_buffer+0x138/0x240 lib/scatterlist.c:974\nWrite of size 4 at addr 0000000000000010 by task syz-executor.1/22789\n\nCPU: 1 PID: 22789 Comm: syz-executor.1 Not tainted 5.15.0-syzk #1\nHardware name: Red Hat KVM, BIOS 1.13.0-2\nCall Trace:\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x89/0xb5 lib/dump_stack.c:106\n __kasan_report mm/kasan/report.c:446 [inline]\n kasan_report.cold.14+0x112/0x117 mm/kasan/report.c:459\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0x1a3/0x210 mm/kasan/generic.c:189\n memcpy+0x3b/0x60 mm/kasan/shadow.c:66\n memcpy include/linux/fortify-string.h:191 [inline]\n sg_copy_buffer+0x138/0x240 lib/scatterlist.c:974\n do_dout_fetch drivers/scsi/scsi_debug.c:2954 [inline]\n do_dout_fetch drivers/scsi/scsi_debug.c:2946 [inline]\n resp_verify+0x49e/0x930 drivers/scsi/scsi_debug.c:4276\n schedule_resp+0x4d8/0x1a70 drivers/scsi/scsi_debug.c:5478\n scsi_debug_queuecommand+0x8c9/0x1ec0 drivers/scsi/scsi_debug.c:7533\n scsi_dispatch_cmd drivers/scsi/scsi_lib.c:1520 [inline]\n scsi_queue_rq+0x16b0/0x2d40 drivers/scsi/scsi_lib.c:1699\n blk_mq_dispatch_rq_list+0xb9b/0x2700 block/blk-mq.c:1639\n __blk_mq_sched_dispatch_requests+0x28f/0x590 block/blk-mq-sched.c:325\n blk_mq_sched_dispatch_requests+0x105/0x190 block/blk-mq-sched.c:358\n __blk_mq_run_hw_queue+0xe5/0x150 block/blk-mq.c:1761\n __blk_mq_delay_run_hw_queue+0x4f8/0x5c0 block/blk-mq.c:1838\n blk_mq_run_hw_queue+0x18d/0x350 block/blk-mq.c:1891\n blk_mq_sched_insert_request+0x3db/0x4e0 block/blk-mq-sched.c:474\n blk_execute_rq_nowait+0x16b/0x1c0 block/blk-exec.c:62\n blk_execute_rq+0xdb/0x360 block/blk-exec.c:102\n sg_scsi_ioctl drivers/scsi/scsi_ioctl.c:621 [inline]\n scsi_ioctl+0x8bb/0x15c0 drivers/scsi/scsi_ioctl.c:930\n sg_ioctl_common+0x172d/0x2710 drivers/scsi/sg.c:1112\n sg_ioctl+0xa2/0x180 drivers/scsi/sg.c:1165\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:874 [inline]\n __se_sys_ioctl fs/ioctl.c:860 [inline]\n __x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:860\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3a/0x80 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "aa1f912712a1"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/aa1f912712a109b6306746133de7e5343f016b26",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/aa1f912712a109b6306746133de7e5343f016b26"
},
{
"url": "https://git.kernel.org/stable/c/47d11d35203b0aa13533634e270fe2c3610e531b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/47d11d35203b0aa13533634e270fe2c3610e531b"
},
{
"url": "https://git.kernel.org/stable/c/3344b58b53a76199dae48faa396e9fc37bf86992",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3344b58b53a76199dae48faa396e9fc37bf86992"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

115
2021/47xxx/CVE-2021-47579.json
View File

@ -1,18 +1,125 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47579",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: fix warning in ovl_create_real()\n\nSyzbot triggered the following warning in ovl_workdir_create() ->\novl_create_real():\n\n\tif (!err && WARN_ON(!newdentry->d_inode)) {\n\nThe reason is that the cgroup2 filesystem returns from mkdir without\ninstantiating the new dentry.\n\nWeird filesystems such as this will be rejected by overlayfs at a later\nstage during setup, but to prevent such a warning, call ovl_mkdir_real()\ndirectly from ovl_workdir_create() and reject this case early."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "445d2dc63e58"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.19.222",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.168",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/445d2dc63e5871d218f21b8f62ab29ac72f2e6b8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/445d2dc63e5871d218f21b8f62ab29ac72f2e6b8"
},
{
"url": "https://git.kernel.org/stable/c/f9f300a92297be8250547347fd52216ef0177ae0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f9f300a92297be8250547347fd52216ef0177ae0"
},
{
"url": "https://git.kernel.org/stable/c/6859985a2fbda5d1586bf44538853e1be69e85f7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6859985a2fbda5d1586bf44538853e1be69e85f7"
},
{
"url": "https://git.kernel.org/stable/c/d2ccdd4e4efab06178608a34d7bfb20a54104c02",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d2ccdd4e4efab06178608a34d7bfb20a54104c02"
},
{
"url": "https://git.kernel.org/stable/c/1f5573cfe7a7056e80a92c7a037a3e69f3a13d1c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1f5573cfe7a7056e80a92c7a037a3e69f3a13d1c"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

93
2021/47xxx/CVE-2021-47580.json
View File

@ -1,18 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47580",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_debug: Fix type in min_t to avoid stack OOB\n\nChange min_t() to use type \"u32\" instead of type \"int\" to avoid stack out\nof bounds. With min_t() type \"int\" the values get sign extended and the\nlarger value gets used causing stack out of bounds.\n\nBUG: KASAN: stack-out-of-bounds in memcpy include/linux/fortify-string.h:191 [inline]\nBUG: KASAN: stack-out-of-bounds in sg_copy_buffer+0x1de/0x240 lib/scatterlist.c:976\nRead of size 127 at addr ffff888072607128 by task syz-executor.7/18707\n\nCPU: 1 PID: 18707 Comm: syz-executor.7 Not tainted 5.15.0-syzk #1\nHardware name: Red Hat KVM, BIOS 1.13.0-2\nCall Trace:\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x89/0xb5 lib/dump_stack.c:106\n print_address_description.constprop.9+0x28/0x160 mm/kasan/report.c:256\n __kasan_report mm/kasan/report.c:442 [inline]\n kasan_report.cold.14+0x7d/0x117 mm/kasan/report.c:459\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0x1a3/0x210 mm/kasan/generic.c:189\n memcpy+0x23/0x60 mm/kasan/shadow.c:65\n memcpy include/linux/fortify-string.h:191 [inline]\n sg_copy_buffer+0x1de/0x240 lib/scatterlist.c:976\n sg_copy_from_buffer+0x33/0x40 lib/scatterlist.c:1000\n fill_from_dev_buffer.part.34+0x82/0x130 drivers/scsi/scsi_debug.c:1162\n fill_from_dev_buffer drivers/scsi/scsi_debug.c:1888 [inline]\n resp_readcap16+0x365/0x3b0 drivers/scsi/scsi_debug.c:1887\n schedule_resp+0x4d8/0x1a70 drivers/scsi/scsi_debug.c:5478\n scsi_debug_queuecommand+0x8c9/0x1ec0 drivers/scsi/scsi_debug.c:7533\n scsi_dispatch_cmd drivers/scsi/scsi_lib.c:1520 [inline]\n scsi_queue_rq+0x16b0/0x2d40 drivers/scsi/scsi_lib.c:1699\n blk_mq_dispatch_rq_list+0xb9b/0x2700 block/blk-mq.c:1639\n __blk_mq_sched_dispatch_requests+0x28f/0x590 block/blk-mq-sched.c:325\n blk_mq_sched_dispatch_requests+0x105/0x190 block/blk-mq-sched.c:358\n __blk_mq_run_hw_queue+0xe5/0x150 block/blk-mq.c:1761\n __blk_mq_delay_run_hw_queue+0x4f8/0x5c0 block/blk-mq.c:1838\n blk_mq_run_hw_queue+0x18d/0x350 block/blk-mq.c:1891\n blk_mq_sched_insert_request+0x3db/0x4e0 block/blk-mq-sched.c:474\n blk_execute_rq_nowait+0x16b/0x1c0 block/blk-exec.c:62\n sg_common_write.isra.18+0xeb3/0x2000 drivers/scsi/sg.c:836\n sg_new_write.isra.19+0x570/0x8c0 drivers/scsi/sg.c:774\n sg_ioctl_common+0x14d6/0x2710 drivers/scsi/sg.c:939\n sg_ioctl+0xa2/0x180 drivers/scsi/sg.c:1165\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:874 [inline]\n __se_sys_ioctl fs/ioctl.c:860 [inline]\n __x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:860\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3a/0x80 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "bdb854f134b9"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/bdb854f134b964528fa543e0351022eb45bd7346",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bdb854f134b964528fa543e0351022eb45bd7346"
},
{
"url": "https://git.kernel.org/stable/c/3085147645938eb41f0bc0e25ef9791e71f5ee4b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3085147645938eb41f0bc0e25ef9791e71f5ee4b"
},
{
"url": "https://git.kernel.org/stable/c/36e07d7ede88a1f1ef8f0f209af5b7612324ac2c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/36e07d7ede88a1f1ef8f0f209af5b7612324ac2c"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

158
2021/47xxx/CVE-2021-47581.json
View File

@ -1,18 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47581",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/netback: don't queue unlimited number of packages\n\nIn case a guest isn't consuming incoming network traffic as fast as it\nis coming in, xen-netback is buffering network packages in unlimited\nnumbers today. This can result in host OOM situations.\n\nCommit f48da8b14d04ca8 (\"xen-netback: fix unlimited guest Rx internal\nqueue and carrier flapping\") meant to introduce a mechanism to limit\nthe amount of buffered data by stopping the Tx queue when reaching the\ndata limit, but this doesn't work for cases like UDP.\n\nWhen hitting the limit don't queue further SKBs, but drop them instead.\nIn order to be able to tell Rx packages have been dropped increment the\nrx_dropped statistics counter in this case.\n\nIt should be noted that the old solution to continue queueing SKBs had\nthe additional problem of an overflow of the 32-bit rx_queue_len value\nwould result in intermittent Tx queue enabling.\n\nThis is part of XSA-392"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "f48da8b14d04",
"version_value": "0928efb09178"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.18",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.18",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.4.296",
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.9.294",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.259",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.222",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.168",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0928efb09178e01d3dc8e8849aa1c807436c3c37",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0928efb09178e01d3dc8e8849aa1c807436c3c37"
},
{
"url": "https://git.kernel.org/stable/c/b4226b387436315e7f57465c15335f4f4b5b075d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b4226b387436315e7f57465c15335f4f4b5b075d"
},
{
"url": "https://git.kernel.org/stable/c/9bebb2eedf679b3be4acaa20efda97f32c999d74",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9bebb2eedf679b3be4acaa20efda97f32c999d74"
},
{
"url": "https://git.kernel.org/stable/c/c9f17e92917fd5786be872626a3928979ecc4c39",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c9f17e92917fd5786be872626a3928979ecc4c39"
},
{
"url": "https://git.kernel.org/stable/c/0d99b3c6bd39a0a023e972d8f912fd47698bbbb8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0d99b3c6bd39a0a023e972d8f912fd47698bbbb8"
},
{
"url": "https://git.kernel.org/stable/c/88f20cccbeec9a5e83621df5cc2453b5081454dc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/88f20cccbeec9a5e83621df5cc2453b5081454dc"
},
{
"url": "https://git.kernel.org/stable/c/bd926d189210cd1d5b4e618e45898053be6b4b3b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bd926d189210cd1d5b4e618e45898053be6b4b3b"
},
{
"url": "https://git.kernel.org/stable/c/be81992f9086b230623ae3ebbc85ecee4d00a3d3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/be81992f9086b230623ae3ebbc85ecee4d00a3d3"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

82
2021/47xxx/CVE-2021-47582.json
View File

@ -1,18 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47582",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Make do_proc_control() and do_proc_bulk() killable\n\nThe USBDEVFS_CONTROL and USBDEVFS_BULK ioctls invoke\nusb_start_wait_urb(), which contains an uninterruptible wait with a\nuser-specified timeout value. If timeout value is very large and the\ndevice being accessed does not respond in a reasonable amount of time,\nthe kernel will complain about \"Task X blocked for more than N\nseconds\", as found in testing by syzbot:\n\nINFO: task syz-executor.0:8700 blocked for more than 143 seconds.\n Not tainted 5.14.0-rc7-syzkaller #0\n\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:syz-executor.0 state:D stack:23192 pid: 8700 ppid: 8455 flags:0x00004004\nCall Trace:\n context_switch kernel/sched/core.c:4681 [inline]\n __schedule+0xc07/0x11f0 kernel/sched/core.c:5938\n schedule+0x14b/0x210 kernel/sched/core.c:6017\n schedule_timeout+0x98/0x2f0 kernel/time/timer.c:1857\n do_wait_for_common+0x2da/0x480 kernel/sched/completion.c:85\n __wait_for_common kernel/sched/completion.c:106 [inline]\n wait_for_common kernel/sched/completion.c:117 [inline]\n wait_for_completion_timeout+0x46/0x60 kernel/sched/completion.c:157\n usb_start_wait_urb+0x167/0x550 drivers/usb/core/message.c:63\n do_proc_bulk+0x978/0x1080 drivers/usb/core/devio.c:1236\n proc_bulk drivers/usb/core/devio.c:1273 [inline]\n usbdev_do_ioctl drivers/usb/core/devio.c:2547 [inline]\n usbdev_ioctl+0x3441/0x6b10 drivers/usb/core/devio.c:2713\n...\n\nTo fix this problem, this patch replaces usbfs's calls to\nusb_control_msg() and usb_bulk_msg() with special-purpose code that\ndoes essentially the same thing (as recommended in the comment for\nusb_start_wait_urb()), except that it always uses a killable wait and\nit uses GFP_KERNEL rather than GFP_NOIO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "403716741c6c"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/403716741c6c2c510dce44e88f085a740f535de6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/403716741c6c2c510dce44e88f085a740f535de6"
},
{
"url": "https://git.kernel.org/stable/c/ae8709b296d80c7f45aa1f35c0e7659ad69edce1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ae8709b296d80c7f45aa1f35c0e7659ad69edce1"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

125
2021/47xxx/CVE-2021-47583.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47583",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mxl111sf: change mutex_init() location\n\nSyzbot reported, that mxl111sf_ctrl_msg() uses uninitialized\nmutex. The problem was in wrong mutex_init() location.\n\nPrevious mutex_init(&state->msg_lock) call was in ->init() function, but\ndvb_usbv2_init() has this order of calls:\n\n\tdvb_usbv2_init()\n\t dvb_usbv2_adapter_init()\n\t dvb_usbv2_adapter_frontend_init()\n\t props->frontend_attach()\n\n\t props->init()\n\nSince mxl111sf_* devices call mxl111sf_ctrl_msg() in ->frontend_attach()\ninternally we need to initialize state->msg_lock before\nfrontend_attach(). To achieve it, ->probe() call added to all mxl111sf_*\ndevices, which will simply initiaize mutex."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8572211842af",
"version_value": "4b2d9600b31f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.7",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.222",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.168",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/4b2d9600b31f9ba7adbc9f3c54a068615d27b390",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4b2d9600b31f9ba7adbc9f3c54a068615d27b390"
},
{
"url": "https://git.kernel.org/stable/c/96f182c9f48b984447741f054ec301fdc8517035",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/96f182c9f48b984447741f054ec301fdc8517035"
},
{
"url": "https://git.kernel.org/stable/c/b99bdf127af91d53919e96292c05f737c45ea59a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b99bdf127af91d53919e96292c05f737c45ea59a"
},
{
"url": "https://git.kernel.org/stable/c/8c6fdf62bfe1bc72bfceeaf832ef7499c7ed09ba",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8c6fdf62bfe1bc72bfceeaf832ef7499c7ed09ba"
},
{
"url": "https://git.kernel.org/stable/c/44870a9e7a3c24acbb3f888b2a7cc22c9bdf7e7f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/44870a9e7a3c24acbb3f888b2a7cc22c9bdf7e7f"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

103
2021/47xxx/CVE-2021-47584.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47584",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niocost: Fix divide-by-zero on donation from low hweight cgroup\n\nThe donation calculation logic assumes that the donor has non-zero\nafter-donation hweight, so the lowest active hweight a donating cgroup can\nhave is 2 so that it can donate 1 while keeping the other 1 for itself.\nEarlier, we only donated from cgroups with sizable surpluses so this\ncondition was always true. However, with the precise donation algorithm\nimplemented, f1de2439ec43 (\"blk-iocost: revamp donation amount\ndetermination\") made the donation amount calculation exact enabling even low\nhweight cgroups to donate.\n\nThis means that in rare occasions, a cgroup with active hweight of 1 can\nenter donation calculation triggering the following warning and then a\ndivide-by-zero oops.\n\n WARNING: CPU: 4 PID: 0 at block/blk-iocost.c:1928 transfer_surpluses.cold+0x0/0x53 [884/94867]\n ...\n RIP: 0010:transfer_surpluses.cold+0x0/0x53\n Code: 92 ff 48 c7 c7 28 d1 ab b5 65 48 8b 34 25 00 ae 01 00 48 81 c6 90 06 00 00 e8 8b 3f fe ff 48 c7 c0 ea ff ff ff e9 95 ff 92 ff <0f> 0b 48 c7 c7 30 da ab b5 e8 71 3f fe ff 4c 89 e8 4d 85 ed 74 0\n4\n ...\n Call Trace:\n <IRQ>\n ioc_timer_fn+0x1043/0x1390\n call_timer_fn+0xa1/0x2c0\n __run_timers.part.0+0x1ec/0x2e0\n run_timer_softirq+0x35/0x70\n ...\n iocg: invalid donation weights in /a/b: active=1 donating=1 after=0\n\nFix it by excluding cgroups w/ active hweight < 2 from donating. Excluding\nthese extreme low hweight donations shouldn't affect work conservation in\nany meaningful way."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "f1de2439ec43",
"version_value": "a7c80674538f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.10",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.10",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/a7c80674538f15f85d68138240aae440b8039519",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a7c80674538f15f85d68138240aae440b8039519"
},
{
"url": "https://git.kernel.org/stable/c/3a1a4eb574178c21241a6200f4785572e661c472",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3a1a4eb574178c21241a6200f4785572e661c472"
},
{
"url": "https://git.kernel.org/stable/c/edaa26334c117a584add6053f48d63a988d25a6e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/edaa26334c117a584add6053f48d63a988d25a6e"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

103
2021/47xxx/CVE-2021-47585.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47585",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix memory leak in __add_inode_ref()\n\nLine 1169 (#3) allocates a memory chunk for victim_name by kmalloc(),\nbut when the function returns in line 1184 (#4) victim_name allocated\nby line 1169 (#3) is not freed, which will lead to a memory leak.\nThere is a similar snippet of code in this function as allocating a memory\nchunk for victim_name in line 1104 (#1) as well as releasing the memory\nin line 1116 (#2).\n\nWe should kfree() victim_name when the return value of backref_in_log()\nis less than zero and before the function returns in line 1184 (#4).\n\n1057 static inline int __add_inode_ref(struct btrfs_trans_handle *trans,\n1058 \t\t\t\t struct btrfs_root *root,\n1059 \t\t\t\t struct btrfs_path *path,\n1060 \t\t\t\t struct btrfs_root *log_root,\n1061 \t\t\t\t struct btrfs_inode *dir,\n1062 \t\t\t\t struct btrfs_inode *inode,\n1063 \t\t\t\t u64 inode_objectid, u64 parent_objectid,\n1064 \t\t\t\t u64 ref_index, char *name, int namelen,\n1065 \t\t\t\t int *search_done)\n1066 {\n\n1104 \tvictim_name = kmalloc(victim_name_len, GFP_NOFS);\n\t// #1: kmalloc (victim_name-1)\n1105 \tif (!victim_name)\n1106 \t\treturn -ENOMEM;\n\n1112\tret = backref_in_log(log_root, &search_key,\n1113\t\t\tparent_objectid, victim_name,\n1114\t\t\tvictim_name_len);\n1115\tif (ret < 0) {\n1116\t\tkfree(victim_name); // #2: kfree (victim_name-1)\n1117\t\treturn ret;\n1118\t} else if (!ret) {\n\n1169 \tvictim_name = kmalloc(victim_name_len, GFP_NOFS);\n\t// #3: kmalloc (victim_name-2)\n1170 \tif (!victim_name)\n1171 \t\treturn -ENOMEM;\n\n1180 \tret = backref_in_log(log_root, &search_key,\n1181 \t\t\tparent_objectid, victim_name,\n1182 \t\t\tvictim_name_len);\n1183 \tif (ret < 0) {\n1184 \t\treturn ret; // #4: missing kfree (victim_name-2)\n1185 \t} else if (!ret) {\n\n1241 \treturn 0;\n1242 }"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "d3316c8233bb",
"version_value": "005d9292b5b2"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.5",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.5",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/005d9292b5b2e71a009f911bd85d755009b37242",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/005d9292b5b2e71a009f911bd85d755009b37242"
},
{
"url": "https://git.kernel.org/stable/c/493ff661d434d6bdf02e3a21adae04d7a0b4265d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/493ff661d434d6bdf02e3a21adae04d7a0b4265d"
},
{
"url": "https://git.kernel.org/stable/c/f35838a6930296fc1988764cfa54cb3f705c0665",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f35838a6930296fc1988764cfa54cb3f705c0665"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

92
2021/47xxx/CVE-2021-47586.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47586",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: dwmac-rk: fix oob read in rk_gmac_setup\n\nKASAN reports an out-of-bounds read in rk_gmac_setup on the line:\n\n\twhile (ops->regs[i]) {\n\nThis happens for most platforms since the regs flexible array member is\nempty, so the memory after the ops structure is being read here. It\nseems that mostly this happens to contain zero anyway, so we get lucky\nand everything still works.\n\nTo avoid adding redundant data to nearly all the ops structures, add a\nnew flag to indicate whether the regs field is valid and avoid this loop\nwhen it is not."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3bb3d6b1c195",
"version_value": "0b4a5d1e15ce"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.14",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0b4a5d1e15ce72f69be48f38dc0401dab890ae0f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0b4a5d1e15ce72f69be48f38dc0401dab890ae0f"
},
{
"url": "https://git.kernel.org/stable/c/0546b224cc7717cc8a2db076b0bb069a9c430794",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0546b224cc7717cc8a2db076b0bb069a9c430794"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

158
2021/47xxx/CVE-2021-47587.json
View File

@ -1,18 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47587",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: systemport: Add global locking for descriptor lifecycle\n\nThe descriptor list is a shared resource across all of the transmit queues, and\nthe locking mechanism used today only protects concurrency across a given\ntransmit queue between the transmit and reclaiming. This creates an opportunity\nfor the SYSTEMPORT hardware to work on corrupted descriptors if we have\nmultiple producers at once which is the case when using multiple transmit\nqueues.\n\nThis was particularly noticeable when using multiple flows/transmit queues and\nit showed up in interesting ways in that UDP packets would get a correct UDP\nheader checksum being calculated over an incorrect packet length. Similarly TCP\npackets would get an equally correct checksum computed by the hardware over an\nincorrect packet length.\n\nThe SYSTEMPORT hardware maintains an internal descriptor list that it re-arranges\nwhen the driver produces a new descriptor anytime it writes to the\nWRITE_PORT_{HI,LO} registers, there is however some delay in the hardware to\nre-organize its descriptors and it is possible that concurrent TX queues\neventually break this internal allocation scheme to the point where the\nlength/status part of the descriptor gets used for an incorrect data buffer.\n\nThe fix is to impose a global serialization for all TX queues in the short\nsection where we are writing to the WRITE_PORT_{HI,LO} registers which solves\nthe corruption even with multiple concurrent TX queues being used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "80105befdb4b",
"version_value": "8ed2f5d08d6e"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.16",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.16",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.4.296",
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.9.294",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.259",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.222",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.168",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/8ed2f5d08d6e59f8c78b2869bfb95d0be32c094c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8ed2f5d08d6e59f8c78b2869bfb95d0be32c094c"
},
{
"url": "https://git.kernel.org/stable/c/de57f62f76450b934de8203711bdc4f7953c3421",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/de57f62f76450b934de8203711bdc4f7953c3421"
},
{
"url": "https://git.kernel.org/stable/c/f3fde37d3f0d429f0fcce214cb52588a9e21260e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f3fde37d3f0d429f0fcce214cb52588a9e21260e"
},
{
"url": "https://git.kernel.org/stable/c/595a684fa6f23b21958379a18cfa83862c73c2e1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/595a684fa6f23b21958379a18cfa83862c73c2e1"
},
{
"url": "https://git.kernel.org/stable/c/c675256a7f131f5ba3f331efb715e8f31ea0e392",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c675256a7f131f5ba3f331efb715e8f31ea0e392"
},
{
"url": "https://git.kernel.org/stable/c/6e1011cd183faae8daff275c72444edcdfe0d473",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6e1011cd183faae8daff275c72444edcdfe0d473"
},
{
"url": "https://git.kernel.org/stable/c/eb4687c7442942e115420a30185f8d83faf37696",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/eb4687c7442942e115420a30185f8d83faf37696"
},
{
"url": "https://git.kernel.org/stable/c/8b8e6e782456f1ce02a7ae914bbd5b1053f0b034",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8b8e6e782456f1ce02a7ae914bbd5b1053f0b034"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

136
2021/47xxx/CVE-2021-47588.json
View File

@ -1,18 +1,146 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47588",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsit: do not call ipip6_dev_free() from sit_init_net()\n\nipip6_dev_free is sit dev->priv_destructor, already called\nby register_netdevice() if something goes wrong.\n\nAlternative would be to make ipip6_dev_free() robust against\nmultiple invocations, but other drivers do not implement this\nstrategy.\n\nsyzbot reported:\n\ndst_release underflow\nWARNING: CPU: 0 PID: 5059 at net/core/dst.c:173 dst_release+0xd8/0xe0 net/core/dst.c:173\nModules linked in:\nCPU: 1 PID: 5059 Comm: syz-executor.4 Not tainted 5.16.0-rc5-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nRIP: 0010:dst_release+0xd8/0xe0 net/core/dst.c:173\nCode: 4c 89 f2 89 d9 31 c0 5b 41 5e 5d e9 da d5 44 f9 e8 1d 90 5f f9 c6 05 87 48 c6 05 01 48 c7 c7 80 44 99 8b 31 c0 e8 e8 67 29 f9 <0f> 0b eb 85 0f 1f 40 00 53 48 89 fb e8 f7 8f 5f f9 48 83 c3 a8 48\nRSP: 0018:ffffc9000aa5faa0 EFLAGS: 00010246\nRAX: d6894a925dd15a00 RBX: 00000000ffffffff RCX: 0000000000040000\nRDX: ffffc90005e19000 RSI: 000000000003ffff RDI: 0000000000040000\nRBP: 0000000000000000 R08: ffffffff816a1f42 R09: ffffed1017344f2c\nR10: ffffed1017344f2c R11: 0000000000000000 R12: 0000607f462b1358\nR13: 1ffffffff1bfd305 R14: ffffe8ffffcb1358 R15: dffffc0000000000\nFS: 00007f66c71a2700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f88aaed5058 CR3: 0000000023e0f000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n dst_cache_destroy+0x107/0x1e0 net/core/dst_cache.c:160\n ipip6_dev_free net/ipv6/sit.c:1414 [inline]\n sit_init_net+0x229/0x550 net/ipv6/sit.c:1936\n ops_init+0x313/0x430 net/core/net_namespace.c:140\n setup_net+0x35b/0x9d0 net/core/net_namespace.c:326\n copy_net_ns+0x359/0x5c0 net/core/net_namespace.c:470\n create_new_namespaces+0x4ce/0xa00 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0x11e/0x180 kernel/nsproxy.c:226\n ksys_unshare+0x57d/0xb50 kernel/fork.c:3075\n __do_sys_unshare kernel/fork.c:3146 [inline]\n __se_sys_unshare kernel/fork.c:3144 [inline]\n __x64_sys_unshare+0x34/0x40 kernel/fork.c:3144\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f66c882ce99\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f66c71a2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00007f66c893ff60 RCX: 00007f66c882ce99\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000048040200\nRBP: 00007f66c8886ff1 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fff6634832f R14: 00007f66c71a2300 R15: 0000000000022000\n </TASK>"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "cf124db566e6",
"version_value": "4e1797914d8f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.12",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.259",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.222",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.168",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/4e1797914d8f223726ff6ae5ece4f97d73f21bab",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4e1797914d8f223726ff6ae5ece4f97d73f21bab"
},
{
"url": "https://git.kernel.org/stable/c/e56b65c1e74d7f706d74b51baba15187be2fb4b5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e56b65c1e74d7f706d74b51baba15187be2fb4b5"
},
{
"url": "https://git.kernel.org/stable/c/ad0ed314d6167b212939e3839428ba0c8bb16adb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ad0ed314d6167b212939e3839428ba0c8bb16adb"
},
{
"url": "https://git.kernel.org/stable/c/6f46c59e60b64620d5d386c8ee2eaa11ebe3b595",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6f46c59e60b64620d5d386c8ee2eaa11ebe3b595"
},
{
"url": "https://git.kernel.org/stable/c/44a6c846bc3a7efe7d394bab8b2ae3b7f580e190",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/44a6c846bc3a7efe7d394bab8b2ae3b7f580e190"
},
{
"url": "https://git.kernel.org/stable/c/e28587cc491ef0f3c51258fdc87fbc386b1d4c59",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e28587cc491ef0f3c51258fdc87fbc386b1d4c59"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

158
2021/47xxx/CVE-2021-47589.json
View File

@ -1,18 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47589",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigbvf: fix double free in `igbvf_probe`\n\nIn `igbvf_probe`, if register_netdev() fails, the program will go to\nlabel err_hw_init, and then to label err_ioremap. In free_netdev() which\nis just below label err_ioremap, there is `list_for_each_entry_safe` and\n`netif_napi_del` which aims to delete all entries in `dev->napi_list`.\nThe program has added an entry `adapter->rx_ring->napi` which is added by\n`netif_napi_add` in igbvf_alloc_queues(). However, adapter->rx_ring has\nbeen freed below label err_hw_init. So this a UAF.\n\nIn terms of how to patch the problem, we can refer to igbvf_remove() and\ndelete the entry before `adapter->rx_ring`.\n\nThe KASAN logs are as follows:\n\n[ 35.126075] BUG: KASAN: use-after-free in free_netdev+0x1fd/0x450\n[ 35.127170] Read of size 8 at addr ffff88810126d990 by task modprobe/366\n[ 35.128360]\n[ 35.128643] CPU: 1 PID: 366 Comm: modprobe Not tainted 5.15.0-rc2+ #14\n[ 35.129789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014\n[ 35.131749] Call Trace:\n[ 35.132199] dump_stack_lvl+0x59/0x7b\n[ 35.132865] print_address_description+0x7c/0x3b0\n[ 35.133707] ? free_netdev+0x1fd/0x450\n[ 35.134378] __kasan_report+0x160/0x1c0\n[ 35.135063] ? free_netdev+0x1fd/0x450\n[ 35.135738] kasan_report+0x4b/0x70\n[ 35.136367] free_netdev+0x1fd/0x450\n[ 35.137006] igbvf_probe+0x121d/0x1a10 [igbvf]\n[ 35.137808] ? igbvf_vlan_rx_add_vid+0x100/0x100 [igbvf]\n[ 35.138751] local_pci_probe+0x13c/0x1f0\n[ 35.139461] pci_device_probe+0x37e/0x6c0\n[ 35.165526]\n[ 35.165806] Allocated by task 366:\n[ 35.166414] ____kasan_kmalloc+0xc4/0xf0\n[ 35.167117] foo_kmem_cache_alloc_trace+0x3c/0x50 [igbvf]\n[ 35.168078] igbvf_probe+0x9c5/0x1a10 [igbvf]\n[ 35.168866] local_pci_probe+0x13c/0x1f0\n[ 35.169565] pci_device_probe+0x37e/0x6c0\n[ 35.179713]\n[ 35.179993] Freed by task 366:\n[ 35.180539] kasan_set_track+0x4c/0x80\n[ 35.181211] kasan_set_free_info+0x1f/0x40\n[ 35.181942] ____kasan_slab_free+0x103/0x140\n[ 35.182703] kfree+0xe3/0x250\n[ 35.183239] igbvf_probe+0x1173/0x1a10 [igbvf]\n[ 35.184040] local_pci_probe+0x13c/0x1f0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "d4e0fe01a38a",
"version_value": "ffe1695b6787"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.30",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.30",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.4.296",
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.9.294",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.259",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.222",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.168",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/ffe1695b678729edec04037e691007900a2b2beb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ffe1695b678729edec04037e691007900a2b2beb"
},
{
"url": "https://git.kernel.org/stable/c/79d9b092035dcdbe636b70433149df9cc6db1e49",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/79d9b092035dcdbe636b70433149df9cc6db1e49"
},
{
"url": "https://git.kernel.org/stable/c/8d0c927a9fb2b4065230936b77b54f857a3754fc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8d0c927a9fb2b4065230936b77b54f857a3754fc"
},
{
"url": "https://git.kernel.org/stable/c/cc9b655bb84f1be283293dfea94dff9a31b106ac",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cc9b655bb84f1be283293dfea94dff9a31b106ac"
},
{
"url": "https://git.kernel.org/stable/c/8addba6cab94ce01686ea2e80ed1530f9dc33a9a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8addba6cab94ce01686ea2e80ed1530f9dc33a9a"
},
{
"url": "https://git.kernel.org/stable/c/74a16e062b23332d8db017ff4a41e16279c44411",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/74a16e062b23332d8db017ff4a41e16279c44411"
},
{
"url": "https://git.kernel.org/stable/c/944b8be08131f5faf2cd2440aa1c24a39a163a54",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/944b8be08131f5faf2cd2440aa1c24a39a163a54"
},
{
"url": "https://git.kernel.org/stable/c/b6d335a60dc624c0d279333b22c737faa765b028",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b6d335a60dc624c0d279333b22c737faa765b028"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

92
2021/47xxx/CVE-2021-47590.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47590",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix deadlock in __mptcp_push_pending()\n\n__mptcp_push_pending() may call mptcp_flush_join_list() with subflow\nsocket lock held. If such call hits mptcp_sockopt_sync_all() then\nsubsequently __mptcp_sockopt_sync() could try to lock the subflow\nsocket for itself, causing a deadlock.\n\nsysrq: Show Blocked State\ntask:ss-server state:D stack: 0 pid: 938 ppid: 1 flags:0x00000000\nCall Trace:\n <TASK>\n __schedule+0x2d6/0x10c0\n ? __mod_memcg_state+0x4d/0x70\n ? csum_partial+0xd/0x20\n ? _raw_spin_lock_irqsave+0x26/0x50\n schedule+0x4e/0xc0\n __lock_sock+0x69/0x90\n ? do_wait_intr_irq+0xa0/0xa0\n __lock_sock_fast+0x35/0x50\n mptcp_sockopt_sync_all+0x38/0xc0\n __mptcp_push_pending+0x105/0x200\n mptcp_sendmsg+0x466/0x490\n sock_sendmsg+0x57/0x60\n __sys_sendto+0xf0/0x160\n ? do_wait_intr_irq+0xa0/0xa0\n ? fpregs_restore_userregs+0x12/0xd0\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f9ba546c2d0\nRSP: 002b:00007ffdc3b762d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 00007f9ba56c8060 RCX: 00007f9ba546c2d0\nRDX: 000000000000077a RSI: 0000000000e5e180 RDI: 0000000000000234\nRBP: 0000000000cc57f0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007f9ba56c8060\nR13: 0000000000b6ba60 R14: 0000000000cc7840 R15: 41d8685b1d7901b8\n </TASK>\n\nFix the issue by using __mptcp_flush_join_list() instead of plain\nmptcp_flush_join_list() inside __mptcp_push_pending(), as suggested by\nFlorian. The sockopt sync will be deferred to the workqueue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1b3e7ede1365",
"version_value": "23311b92755f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.13",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/23311b92755ffa9087332d1bb8c71c0f6a10cc08",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/23311b92755ffa9087332d1bb8c71c0f6a10cc08"
},
{
"url": "https://git.kernel.org/stable/c/3d79e3756ca90f7a6087b77b62c1d9c0801e0820",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3d79e3756ca90f7a6087b77b62c1d9c0801e0820"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

92
2021/47xxx/CVE-2021-47591.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47591",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: remove tcp ulp setsockopt support\n\nTCP_ULP setsockopt cannot be used for mptcp because its already\nused internally to plumb subflow (tcp) sockets to the mptcp layer.\n\nsyzbot managed to trigger a crash for mptcp connections that are\nin fallback mode:\n\nKASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]\nCPU: 1 PID: 1083 Comm: syz-executor.3 Not tainted 5.16.0-rc2-syzkaller #0\nRIP: 0010:tls_build_proto net/tls/tls_main.c:776 [inline]\n[..]\n __tcp_set_ulp net/ipv4/tcp_ulp.c:139 [inline]\n tcp_set_ulp+0x428/0x4c0 net/ipv4/tcp_ulp.c:160\n do_tcp_setsockopt+0x455/0x37c0 net/ipv4/tcp.c:3391\n mptcp_setsockopt+0x1b47/0x2400 net/mptcp/sockopt.c:638\n\nRemove support for TCP_ULP setsockopt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "d9e4c1291810",
"version_value": "3de0c86d42f8"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.13",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/3de0c86d42f841d1d64f316cd949e65c566f0734",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3de0c86d42f841d1d64f316cd949e65c566f0734"
},
{
"url": "https://git.kernel.org/stable/c/404cd9a22150f24acf23a8df2ad0c094ba379f57",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/404cd9a22150f24acf23a8df2ad0c094ba379f57"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

92
2021/47xxx/CVE-2021-47592.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47592",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix tc flower deletion for VLAN priority Rx steering\n\nTo replicate the issue:-\n\n1) Add 1 flower filter for VLAN Priority based frame steering:-\n$ IFDEVNAME=eth0\n$ tc qdisc add dev $IFDEVNAME ingress\n$ tc qdisc add dev $IFDEVNAME root mqprio num_tc 8 \\\n map 0 1 2 3 4 5 6 7 0 0 0 0 0 0 0 0 \\\n queues 1@0 1@1 1@2 1@3 1@4 1@5 1@6 1@7 hw 0\n$ tc filter add dev $IFDEVNAME parent ffff: protocol 802.1Q \\\n flower vlan_prio 0 hw_tc 0\n\n2) Get the 'pref' id\n$ tc filter show dev $IFDEVNAME ingress\n\n3) Delete a specific tc flower record (say pref 49151)\n$ tc filter del dev $IFDEVNAME parent ffff: pref 49151\n\nFrom dmesg, we will observe kernel NULL pointer ooops\n\n[ 197.170464] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 197.171367] #PF: supervisor read access in kernel mode\n[ 197.171367] #PF: error_code(0x0000) - not-present page\n[ 197.171367] PGD 0 P4D 0\n[ 197.171367] Oops: 0000 [#1] PREEMPT SMP NOPTI\n\n<snip>\n\n[ 197.171367] RIP: 0010:tc_setup_cls+0x20b/0x4a0 [stmmac]\n\n<snip>\n\n[ 197.171367] Call Trace:\n[ 197.171367] <TASK>\n[ 197.171367] ? __stmmac_disable_all_queues+0xa8/0xe0 [stmmac]\n[ 197.171367] stmmac_setup_tc_block_cb+0x70/0x110 [stmmac]\n[ 197.171367] tc_setup_cb_destroy+0xb3/0x180\n[ 197.171367] fl_hw_destroy_filter+0x94/0xc0 [cls_flower]\n\nThe above issue is due to previous incorrect implementation of\ntc_del_vlan_flow(), shown below, that uses flow_cls_offload_flow_rule()\nto get struct flow_rule *rule which is no longer valid for tc filter\ndelete operation.\n\n struct flow_rule *rule = flow_cls_offload_flow_rule(cls);\n struct flow_dissector *dissector = rule->match.dissector;\n\nSo, to ensure tc_del_vlan_flow() deletes the right VLAN cls record for\nearlier configured RX queue (configured by hw_tc) in tc_add_vlan_flow(),\nthis patch introduces stmmac_rfs_entry as driver-side flow_cls_offload\nrecord for 'RX frame steering' tc flower, currently used for VLAN\npriority. The implementation has taken consideration for future extension\nto include other type RX frame steering such as EtherType based.\n\nv2:\n - Clean up overly extensive backtrace and rewrite git message to better\n explain the kernel NULL pointer issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0e039f5cf86c",
"version_value": "97cb5c82aa1d"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.13",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/97cb5c82aa1dd85a39b1bd021c8b5f18af623779",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/97cb5c82aa1dd85a39b1bd021c8b5f18af623779"
},
{
"url": "https://git.kernel.org/stable/c/aeb7c75cb77478fdbf821628e9c95c4baa9adc63",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/aeb7c75cb77478fdbf821628e9c95c4baa9adc63"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

103
2021/47xxx/CVE-2021-47593.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47593",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: clear 'kern' flag from fallback sockets\n\nThe mptcp ULP extension relies on sk->sk_sock_kern being set correctly:\nIt prevents setsockopt(fd, IPPROTO_TCP, TCP_ULP, \"mptcp\", 6); from\nworking for plain tcp sockets (any userspace-exposed socket).\n\nBut in case of fallback, accept() can return a plain tcp sk.\nIn such case, sk is still tagged as 'kernel' and setsockopt will work.\n\nThis will crash the kernel, The subflow extension has a NULL ctx->conn\nmptcp socket:\n\nBUG: KASAN: null-ptr-deref in subflow_data_ready+0x181/0x2b0\nCall Trace:\n tcp_data_ready+0xf8/0x370\n [..]"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "cf7da0d66cc1",
"version_value": "451f1eded7f5"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.6",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/451f1eded7f56e93aaf52eb547ba97742d9c0e97",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/451f1eded7f56e93aaf52eb547ba97742d9c0e97"
},
{
"url": "https://git.kernel.org/stable/c/c26ac0ea3a91c210cf90452e625dc441adf3e549",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c26ac0ea3a91c210cf90452e625dc441adf3e549"
},
{
"url": "https://git.kernel.org/stable/c/d6692b3b97bdc165d150f4c1505751a323a80717",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d6692b3b97bdc165d150f4c1505751a323a80717"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

92
2021/47xxx/CVE-2021-47594.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47594",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: never allow the PM to close a listener subflow\n\nCurrently, when deleting an endpoint the netlink PM treverses\nall the local MPTCP sockets, regardless of their status.\n\nIf an MPTCP listener socket is bound to the IP matching the\ndelete endpoint, the listener TCP socket will be closed.\nThat is unexpected, the PM should only affect data subflows.\n\nAdditionally, syzbot was able to trigger a NULL ptr dereference\ndue to the above:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\nCPU: 1 PID: 6550 Comm: syz-executor122 Not tainted 5.16.0-rc4-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nRIP: 0010:__lock_acquire+0xd7d/0x54a0 kernel/locking/lockdep.c:4897\nCode: 0f 0e 41 be 01 00 00 00 0f 86 c8 00 00 00 89 05 69 cc 0f 0e e9 bd 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 f3 2f 00 00 48 81 3b 20 75 17 8f 0f 84 52 f3 ff\nRSP: 0018:ffffc90001f2f818 EFLAGS: 00010016\nRAX: dffffc0000000000 RBX: 0000000000000018 RCX: 0000000000000000\nRDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001\nR10: 0000000000000000 R11: 000000000000000a R12: 0000000000000000\nR13: ffff88801b98d700 R14: 0000000000000000 R15: 0000000000000001\nFS: 00007f177cd3d700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f177cd1b268 CR3: 000000001dd55000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n lock_acquire kernel/locking/lockdep.c:5637 [inline]\n lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162\n finish_wait+0xc0/0x270 kernel/sched/wait.c:400\n inet_csk_wait_for_connect net/ipv4/inet_connection_sock.c:464 [inline]\n inet_csk_accept+0x7de/0x9d0 net/ipv4/inet_connection_sock.c:497\n mptcp_accept+0xe5/0x500 net/mptcp/protocol.c:2865\n inet_accept+0xe4/0x7b0 net/ipv4/af_inet.c:739\n mptcp_stream_accept+0x2e7/0x10e0 net/mptcp/protocol.c:3345\n do_accept+0x382/0x510 net/socket.c:1773\n __sys_accept4_file+0x7e/0xe0 net/socket.c:1816\n __sys_accept4+0xb0/0x100 net/socket.c:1846\n __do_sys_accept net/socket.c:1864 [inline]\n __se_sys_accept net/socket.c:1861 [inline]\n __x64_sys_accept+0x71/0xb0 net/socket.c:1861\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f177cd8b8e9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f177cd3d308 EFLAGS: 00000246 ORIG_RAX: 000000000000002b\nRAX: ffffffffffffffda RBX: 00007f177ce13408 RCX: 00007f177cd8b8e9\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007f177ce13400 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007f177ce1340c\nR13: 00007f177cde1004 R14: 6d705f706374706d R15: 0000000000022000\n </TASK>\n\nFix the issue explicitly skipping MPTCP socket in TCP_LISTEN\nstatus."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "740d798e8767",
"version_value": "1456a0004cc5"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.13",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/1456a0004cc54c58adb2501cb0c95dc8b3c83e9e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1456a0004cc54c58adb2501cb0c95dc8b3c83e9e"
},
{
"url": "https://git.kernel.org/stable/c/b0cdc5dbcf2ba0d99785da5aabf1b17943805b8a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b0cdc5dbcf2ba0d99785da5aabf1b17943805b8a"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

87
2021/47xxx/CVE-2021-47595.json
View File

@ -1,18 +1,97 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47595",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_ets: don't remove idle classes from the round-robin list\n\nShuang reported that the following script:\n\n 1) tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7\n 2) mausezahn ddd0 -A 10.10.10.1 -B 10.10.10.2 -c 0 -a own -b 00:c1:a0:c1:a0:00 -t udp &\n 3) tc qdisc change dev ddd0 handle 10: ets bands 4 strict 2 quanta 2500 2500 priomap 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3\n\ncrashes systematically when line 2) is commented:\n\n list_del corruption, ffff8e028404bd30->next is LIST_POISON1 (dead000000000100)\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:47!\n invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 0 PID: 954 Comm: tc Not tainted 5.16.0-rc4+ #478\n Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014\n RIP: 0010:__list_del_entry_valid.cold.1+0x12/0x47\n Code: fe ff 0f 0b 48 89 c1 4c 89 c6 48 c7 c7 08 42 1b 87 e8 1d c5 fe ff 0f 0b 48 89 fe 48 89 c2 48 c7 c7 98 42 1b 87 e8 09 c5 fe ff <0f> 0b 48 c7 c7 48 43 1b 87 e8 fb c4 fe ff 0f 0b 48 89 f2 48 89 fe\n RSP: 0018:ffffae46807a3888 EFLAGS: 00010246\n RAX: 000000000000004e RBX: 0000000000000007 RCX: 0000000000000202\n RDX: 0000000000000000 RSI: ffffffff871ac536 RDI: 00000000ffffffff\n RBP: ffffae46807a3a10 R08: 0000000000000000 R09: c0000000ffff7fff\n R10: 0000000000000001 R11: ffffae46807a36a8 R12: ffff8e028404b800\n R13: ffff8e028404bd30 R14: dead000000000100 R15: ffff8e02fafa2400\n FS: 00007efdc92e4480(0000) GS:ffff8e02fb600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000682f48 CR3: 00000001058be000 CR4: 0000000000350ef0\n Call Trace:\n <TASK>\n ets_qdisc_change+0x58b/0xa70 [sch_ets]\n tc_modify_qdisc+0x323/0x880\n rtnetlink_rcv_msg+0x169/0x4a0\n netlink_rcv_skb+0x50/0x100\n netlink_unicast+0x1a5/0x280\n netlink_sendmsg+0x257/0x4d0\n sock_sendmsg+0x5b/0x60\n ____sys_sendmsg+0x1f2/0x260\n ___sys_sendmsg+0x7c/0xc0\n __sys_sendmsg+0x57/0xa0\n do_syscall_64+0x3a/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7efdc8031338\n Code: 89 02 48 c7 c0 ff ff ff ff eb b5 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 8d 05 25 43 2c 00 8b 00 85 c0 75 17 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 41 89 d4 55\n RSP: 002b:00007ffdf1ce9828 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 0000000061b37a97 RCX: 00007efdc8031338\n RDX: 0000000000000000 RSI: 00007ffdf1ce9890 RDI: 0000000000000003\n RBP: 0000000000000000 R08: 0000000000000001 R09: 000000000078a940\n R10: 000000000000000c R11: 0000000000000246 R12: 0000000000000001\n R13: 0000000000688880 R14: 0000000000000000 R15: 0000000000000000\n </TASK>\n Modules linked in: sch_ets sch_tbf dummy rfkill iTCO_wdt iTCO_vendor_support intel_rapl_msr intel_rapl_common joydev pcspkr i2c_i801 virtio_balloon i2c_smbus lpc_ich ip_tables xfs libcrc32c crct10dif_pclmul crc32_pclmul crc32c_intel serio_raw ghash_clmulni_intel ahci libahci libata virtio_blk virtio_console virtio_net net_failover failover sunrpc dm_mirror dm_region_hash dm_log dm_mod [last unloaded: sch_ets]\n ---[ end trace f35878d1912655c2 ]---\n RIP: 0010:__list_del_entry_valid.cold.1+0x12/0x47\n Code: fe ff 0f 0b 48 89 c1 4c 89 c6 48 c7 c7 08 42 1b 87 e8 1d c5 fe ff 0f 0b 48 89 fe 48 89 c2 48 c7 c7 98 42 1b 87 e8 09 c5 fe ff <0f> 0b 48 c7 c7 48 43 1b 87 e8 fb c4 fe ff 0f 0b 48 89 f2 48 89 fe\n RSP: 0018:ffffae46807a3888 EFLAGS: 00010246\n RAX: 000000000000004e RBX: 0000000000000007 RCX: 0000000000000202\n RDX: 0000000000000000 RSI: ffffffff871ac536 RDI: 00000000ffffffff\n RBP: ffffae46807a3a10 R08: 0000000000000000 R09: c0000000ffff7fff\n R10: 0000000000000001 R11: ffffae46807a36a8 R12: ffff8e028404b800\n R13: ffff8e028404bd30 R14: dead000000000100 R15: ffff8e02fafa2400\n FS: 00007efdc92e4480(0000) GS:ffff8e02fb600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000\n---truncated---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ae2659d2c670",
"version_value": "81fbdd45652d"
},
{
"version_affected": "<",
"version_name": "e25bdbc7e951",
"version_value": "491c1253441e"
},
{
"version_affected": "<",
"version_name": "de6d25924c2a",
"version_value": "c062f2a0b04d"
},
{
"version_affected": "<",
"version_name": "5.10.83",
"version_value": "5.10.88"
},
{
"version_affected": "<",
"version_name": "5.15.6",
"version_value": "5.15.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/81fbdd45652d8605a029e78ef14a6aaa529c4e72",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/81fbdd45652d8605a029e78ef14a6aaa529c4e72"
},
{
"url": "https://git.kernel.org/stable/c/491c1253441e2fdc8f6a6f4976e3f13440419b7a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/491c1253441e2fdc8f6a6f4976e3f13440419b7a"
},
{
"url": "https://git.kernel.org/stable/c/c062f2a0b04d86c5b8c9d973bea43493eaca3d32",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c062f2a0b04d86c5b8c9d973bea43493eaca3d32"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

103
2021/47xxx/CVE-2021-47596.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47596",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix use-after-free bug in hclgevf_send_mbx_msg\n\nCurrently, the hns3_remove function firstly uninstall client instance,\nand then uninstall acceletion engine device. The netdevice is freed in\nclient instance uninstall process, but acceletion engine device uninstall\nprocess still use it to trace runtime information. This causes a use after\nfree problem.\n\nSo fixes it by check the instance register state to avoid use after free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "d8355240cf8f",
"version_value": "12512bc8f25b"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.8",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/12512bc8f25b8ba9795dfbae0e9ca57ff13fd542",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/12512bc8f25b8ba9795dfbae0e9ca57ff13fd542"
},
{
"url": "https://git.kernel.org/stable/c/4f4a353f6fe033807cd026a5de81c67469ff19b0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4f4a353f6fe033807cd026a5de81c67469ff19b0"
},
{
"url": "https://git.kernel.org/stable/c/27cbf64a766e86f068ce6214f04c00ceb4db1af4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/27cbf64a766e86f068ce6214f04c00ceb4db1af4"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

114
2021/47xxx/CVE-2021-47597.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47597",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninet_diag: fix kernel-infoleak for UDP sockets\n\nKMSAN reported a kernel-infoleak [1], that can exploited\nby unpriv users.\n\nAfter analysis it turned out UDP was not initializing\nr->idiag_expires. Other users of inet_sk_diag_fill()\nmight make the same mistake in the future, so fix this\nin inet_sk_diag_fill().\n\n[1]\nBUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline]\nBUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:156 [inline]\nBUG: KMSAN: kernel-infoleak in _copy_to_iter+0x69d/0x25c0 lib/iov_iter.c:670\n instrument_copy_to_user include/linux/instrumented.h:121 [inline]\n copyout lib/iov_iter.c:156 [inline]\n _copy_to_iter+0x69d/0x25c0 lib/iov_iter.c:670\n copy_to_iter include/linux/uio.h:155 [inline]\n simple_copy_to_iter+0xf3/0x140 net/core/datagram.c:519\n __skb_datagram_iter+0x2cb/0x1280 net/core/datagram.c:425\n skb_copy_datagram_iter+0xdc/0x270 net/core/datagram.c:533\n skb_copy_datagram_msg include/linux/skbuff.h:3657 [inline]\n netlink_recvmsg+0x660/0x1c60 net/netlink/af_netlink.c:1974\n sock_recvmsg_nosec net/socket.c:944 [inline]\n sock_recvmsg net/socket.c:962 [inline]\n sock_read_iter+0x5a9/0x630 net/socket.c:1035\n call_read_iter include/linux/fs.h:2156 [inline]\n new_sync_read fs/read_write.c:400 [inline]\n vfs_read+0x1631/0x1980 fs/read_write.c:481\n ksys_read+0x28c/0x520 fs/read_write.c:619\n __do_sys_read fs/read_write.c:629 [inline]\n __se_sys_read fs/read_write.c:627 [inline]\n __x64_sys_read+0xdb/0x120 fs/read_write.c:627\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nUninit was created at:\n slab_post_alloc_hook mm/slab.h:524 [inline]\n slab_alloc_node mm/slub.c:3251 [inline]\n __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974\n kmalloc_reserve net/core/skbuff.c:354 [inline]\n __alloc_skb+0x545/0xf90 net/core/skbuff.c:426\n alloc_skb include/linux/skbuff.h:1126 [inline]\n netlink_dump+0x3d5/0x16a0 net/netlink/af_netlink.c:2245\n __netlink_dump_start+0xd1c/0xee0 net/netlink/af_netlink.c:2370\n netlink_dump_start include/linux/netlink.h:254 [inline]\n inet_diag_handler_cmd+0x2e7/0x400 net/ipv4/inet_diag.c:1343\n sock_diag_rcv_msg+0x24a/0x620\n netlink_rcv_skb+0x447/0x800 net/netlink/af_netlink.c:2491\n sock_diag_rcv+0x63/0x80 net/core/sock_diag.c:276\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x1095/0x1360 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x16f3/0x1870 net/netlink/af_netlink.c:1916\n sock_sendmsg_nosec net/socket.c:704 [inline]\n sock_sendmsg net/socket.c:724 [inline]\n sock_write_iter+0x594/0x690 net/socket.c:1057\n do_iter_readv_writev+0xa7f/0xc70\n do_iter_write+0x52c/0x1500 fs/read_write.c:851\n vfs_writev fs/read_write.c:924 [inline]\n do_writev+0x63f/0xe30 fs/read_write.c:967\n __do_sys_writev fs/read_write.c:1040 [inline]\n __se_sys_writev fs/read_write.c:1037 [inline]\n __x64_sys_writev+0xe5/0x120 fs/read_write.c:1037\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nBytes 68-71 of 312 are uninitialized\nMemory access of size 312 starts at ffff88812ab54000\nData copied to user address 0000000020001440\n\nCPU: 1 PID: 6365 Comm: syz-executor801 Not tainted 5.16.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3c4d05c80567",
"version_value": "7b5596e53125"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.3",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.3",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.168",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/7b5596e531253ce84213d9daa7120b71c9d83198",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7b5596e531253ce84213d9daa7120b71c9d83198"
},
{
"url": "https://git.kernel.org/stable/c/3a4f6dba1eb98101abc012ef968a8b10dac1ce50",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3a4f6dba1eb98101abc012ef968a8b10dac1ce50"
},
{
"url": "https://git.kernel.org/stable/c/e5d28205bf1de7082d904ed277ceb2db2879e302",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e5d28205bf1de7082d904ed277ceb2db2879e302"
},
{
"url": "https://git.kernel.org/stable/c/71ddeac8cd1d217744a0e060ff520e147c9328d1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/71ddeac8cd1d217744a0e060ff520e147c9328d1"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

125
2021/47xxx/CVE-2021-47598.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47598",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch_cake: do not call cake_destroy() from cake_init()\n\nqdiscs are not supposed to call their own destroy() method\nfrom init(), because core stack already does that.\n\nsyzbot was able to trigger use after free:\n\nDEBUG_LOCKS_WARN_ON(lock->magic != lock)\nWARNING: CPU: 0 PID: 21902 at kernel/locking/mutex.c:586 __mutex_lock_common kernel/locking/mutex.c:586 [inline]\nWARNING: CPU: 0 PID: 21902 at kernel/locking/mutex.c:586 __mutex_lock+0x9ec/0x12f0 kernel/locking/mutex.c:740\nModules linked in:\nCPU: 0 PID: 21902 Comm: syz-executor189 Not tainted 5.16.0-rc4-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nRIP: 0010:__mutex_lock_common kernel/locking/mutex.c:586 [inline]\nRIP: 0010:__mutex_lock+0x9ec/0x12f0 kernel/locking/mutex.c:740\nCode: 08 84 d2 0f 85 19 08 00 00 8b 05 97 38 4b 04 85 c0 0f 85 27 f7 ff ff 48 c7 c6 20 00 ac 89 48 c7 c7 a0 fe ab 89 e8 bf 76 ba ff <0f> 0b e9 0d f7 ff ff 48 8b 44 24 40 48 8d b8 c8 08 00 00 48 89 f8\nRSP: 0018:ffffc9000627f290 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\nRDX: ffff88802315d700 RSI: ffffffff815f1db8 RDI: fffff52000c4fe44\nRBP: ffff88818f28e000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffffffff815ebb5e R11: 0000000000000000 R12: 0000000000000000\nR13: dffffc0000000000 R14: ffffc9000627f458 R15: 0000000093c30000\nFS: 0000555556abc400(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fda689c3303 CR3: 000000001cfbb000 CR4: 0000000000350ef0\nCall Trace:\n <TASK>\n tcf_chain0_head_change_cb_del+0x2e/0x3d0 net/sched/cls_api.c:810\n tcf_block_put_ext net/sched/cls_api.c:1381 [inline]\n tcf_block_put_ext net/sched/cls_api.c:1376 [inline]\n tcf_block_put+0xbc/0x130 net/sched/cls_api.c:1394\n cake_destroy+0x3f/0x80 net/sched/sch_cake.c:2695\n qdisc_create.constprop.0+0x9da/0x10f0 net/sched/sch_api.c:1293\n tc_modify_qdisc+0x4c5/0x1980 net/sched/sch_api.c:1660\n rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5571\n netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2496\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x904/0xdf0 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/socket.c:704 [inline]\n sock_sendmsg+0xcf/0x120 net/socket.c:724\n ____sys_sendmsg+0x6e8/0x810 net/socket.c:2409\n ___sys_sendmsg+0xf3/0x170 net/socket.c:2463\n __sys_sendmsg+0xe5/0x1b0 net/socket.c:2492\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f1bb06badb9\nCode: Unable to access opcode bytes at RIP 0x7f1bb06bad8f.\nRSP: 002b:00007fff3012a658 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f1bb06badb9\nRDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000003\nR10: 0000000000000003 R11: 0000000000000246 R12: 00007fff3012a688\nR13: 00007fff3012a6a0 R14: 00007fff3012a6e0 R15: 00000000000013c2\n </TASK>"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "046f6fd5daef",
"version_value": "4e388232e630"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.19",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.19",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.222",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.168",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/4e388232e630ebe4f94b4a0715ec98c0e2b314a3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4e388232e630ebe4f94b4a0715ec98c0e2b314a3"
},
{
"url": "https://git.kernel.org/stable/c/0d80462fbdcafd536dcad7569e65d3d14a7e9f2f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0d80462fbdcafd536dcad7569e65d3d14a7e9f2f"
},
{
"url": "https://git.kernel.org/stable/c/20ad1ef02f9ad5e1dda9eeb113e4c158b4806986",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/20ad1ef02f9ad5e1dda9eeb113e4c158b4806986"
},
{
"url": "https://git.kernel.org/stable/c/f6deae2e2d83bd267e1986f5d71d8c458e18fd99",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f6deae2e2d83bd267e1986f5d71d8c458e18fd99"
},
{
"url": "https://git.kernel.org/stable/c/ab443c53916730862cec202078d36fd4008bea79",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ab443c53916730862cec202078d36fd4008bea79"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

82
2021/47xxx/CVE-2021-47599.json
View File

@ -1,18 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47599",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: use latest_dev in btrfs_show_devname\n\nThe test case btrfs/238 reports the warning below:\n\n WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs]\n CPU: 2 PID: 1 Comm: systemd Tainted: G W O 5.14.0-rc1-custom #72\n Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n Call trace:\n btrfs_show_devname+0x108/0x1b4 [btrfs]\n show_mountinfo+0x234/0x2c4\n m_show+0x28/0x34\n seq_read_iter+0x12c/0x3c4\n vfs_read+0x29c/0x2c8\n ksys_read+0x80/0xec\n __arm64_sys_read+0x28/0x34\n invoke_syscall+0x50/0xf8\n do_el0_svc+0x88/0x138\n el0_svc+0x2c/0x8c\n el0t_64_sync_handler+0x84/0xe4\n el0t_64_sync+0x198/0x19c\n\nReason:\nWhile btrfs_prepare_sprout() moves the fs_devices::devices into\nfs_devices::seed_list, the btrfs_show_devname() searches for the devices\nand found none, leading to the warning as in above.\n\nFix:\nlatest_dev is updated according to the changes to the device list.\nThat means we could use the latest_dev->name to show the device name in\n/proc/self/mounts, the pointer will be always valid as it's assigned\nbefore the device is deleted from the list in remove or replace.\nThe RCU protection is sufficient as the device structure is freed after\nsynchronization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "e342c2558016"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e342c2558016ead462f376b6c6c2ac5efc17f3b1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e342c2558016ead462f376b6c6c2ac5efc17f3b1"
},
{
"url": "https://git.kernel.org/stable/c/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

148
2021/47xxx/CVE-2021-47600.json
View File

@ -1,18 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47600",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm btree remove: fix use after free in rebalance_children()\n\nMove dm_tm_unlock() after dm_tm_dec()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "a48f6a2bf337"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.4.296",
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.9.294",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.259",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.222",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.168",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/a48f6a2bf33734ec5669ee03067dfb6c5b4818d6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a48f6a2bf33734ec5669ee03067dfb6c5b4818d6"
},
{
"url": "https://git.kernel.org/stable/c/66ea642af6fd4eacb5d0271a922130fcf8700424",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/66ea642af6fd4eacb5d0271a922130fcf8700424"
},
{
"url": "https://git.kernel.org/stable/c/b03abd0aa09c05099f537cb05b8460c4298f0861",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b03abd0aa09c05099f537cb05b8460c4298f0861"
},
{
"url": "https://git.kernel.org/stable/c/293f957be5e39720778fb1851ced7f5fba6d51c3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/293f957be5e39720778fb1851ced7f5fba6d51c3"
},
{
"url": "https://git.kernel.org/stable/c/501ecd90efdc9b2edc6c28852ecd098a4adf8f00",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/501ecd90efdc9b2edc6c28852ecd098a4adf8f00"
},
{
"url": "https://git.kernel.org/stable/c/0e21e6cd5eebfc929ac5fa3b97ca2d4ace3cb6a3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0e21e6cd5eebfc929ac5fa3b97ca2d4ace3cb6a3"
},
{
"url": "https://git.kernel.org/stable/c/607beb420b3fe23b948a9bf447d993521a02fbbb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/607beb420b3fe23b948a9bf447d993521a02fbbb"
},
{
"url": "https://git.kernel.org/stable/c/1b8d2789dad0005fd5e7d35dab26a8e1203fb6da",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1b8d2789dad0005fd5e7d35dab26a8e1203fb6da"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

103
2021/47xxx/CVE-2021-47601.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47601",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: amdtee: fix an IS_ERR() vs NULL bug\n\nThe __get_free_pages() function does not return error pointers it returns\nNULL so fix this condition to avoid a NULL dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "757cc3e9ff1d",
"version_value": "640e28d618e8"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.6",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/640e28d618e82be78fb43b4bf5113bc90d6aa442",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/640e28d618e82be78fb43b4bf5113bc90d6aa442"
},
{
"url": "https://git.kernel.org/stable/c/832f3655c6138c23576ed268e31cc76e0f05f2b1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/832f3655c6138c23576ed268e31cc76e0f05f2b1"
},
{
"url": "https://git.kernel.org/stable/c/9d7482771fac8d8e38e763263f2ca0ca12dd22c6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9d7482771fac8d8e38e763263f2ca0ca12dd22c6"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

125
2021/47xxx/CVE-2021-47602.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47602",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: track only QoS data frames for admission control\n\nFor admission control, obviously all of that only works for\nQoS data frames, otherwise we cannot even access the QoS\nfield in the header.\n\nSyzbot reported (see below) an uninitialized value here due\nto a status of a non-QoS nullfunc packet, which isn't even\nlong enough to contain the QoS header.\n\nFix this to only do anything for QoS data packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "02219b3abca5",
"version_value": "69f054d6642c"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.19",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.19",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.222",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.168",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/69f054d6642c8f6173724ce17e7ee3ff66b8f682",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/69f054d6642c8f6173724ce17e7ee3ff66b8f682"
},
{
"url": "https://git.kernel.org/stable/c/46b9e29db2012a4d2a40a26101862e002ccf387b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/46b9e29db2012a4d2a40a26101862e002ccf387b"
},
{
"url": "https://git.kernel.org/stable/c/eed897a22230e3231a740eddd7d6d95ba476625f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/eed897a22230e3231a740eddd7d6d95ba476625f"
},
{
"url": "https://git.kernel.org/stable/c/42d08e97b196479f593499e887a9ab81446a34b9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/42d08e97b196479f593499e887a9ab81446a34b9"
},
{
"url": "https://git.kernel.org/stable/c/d5e568c3a4ec2ddd23e7dc5ad5b0c64e4f22981a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d5e568c3a4ec2ddd23e7dc5ad5b0c64e4f22981a"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

136
2021/47xxx/CVE-2021-47603.json
View File

@ -1,18 +1,146 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47603",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\naudit: improve robustness of the audit queue handling\n\nIf the audit daemon were ever to get stuck in a stopped state the\nkernel's kauditd_thread() could get blocked attempting to send audit\nrecords to the userspace audit daemon. With the kernel thread\nblocked it is possible that the audit queue could grow unbounded as\ncertain audit record generating events must be exempt from the queue\nlimits else the system enter a deadlock state.\n\nThis patch resolves this problem by lowering the kernel thread's\nsocket sending timeout from MAX_SCHEDULE_TIMEOUT to HZ/10 and tweaks\nthe kauditd_send_queue() function to better manage the various audit\nqueues when connection problems occur between the kernel and the\naudit daemon. With this patch, the backlog may temporarily grow\nbeyond the defined limits when the audit daemon is stopped and the\nsystem is under heavy audit pressure, but kauditd_thread() will\ncontinue to make progress and drain the queues as it would for other\nconnection problems. For example, with the audit daemon put into a\nstopped state and the system configured to audit every syscall it\nwas still possible to shutdown the system without a kernel panic,\ndeadlock, etc.; granted, the system was slow to shutdown but that is\nto be expected given the extreme pressure of recording every syscall.\n\nThe timeout value of HZ/10 was chosen primarily through\nexperimentation and this developer's \"gut feeling\". There is likely\nno one perfect value, but as this scenario is limited in scope (root\nprivileges would be needed to send SIGSTOP to the audit daemon), it\nis likely not worth exposing this as a tunable at present. This can\nalways be done at a later date if it proves necessary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5b52330bbfe6",
"version_value": "75fdb751f847"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.11",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.11",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.259",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.222",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.168",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/75fdb751f84727d614deea0571a1490c3225d83a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/75fdb751f84727d614deea0571a1490c3225d83a"
},
{
"url": "https://git.kernel.org/stable/c/8389f50ceb854cb437fefb9330d5024ed3c7c1f5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8389f50ceb854cb437fefb9330d5024ed3c7c1f5"
},
{
"url": "https://git.kernel.org/stable/c/0d3277eabd542fb662be23696e5ec9f390d688e1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0d3277eabd542fb662be23696e5ec9f390d688e1"
},
{
"url": "https://git.kernel.org/stable/c/4cc6badff97f74d0fce65f9784b5df3b64e4250b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4cc6badff97f74d0fce65f9784b5df3b64e4250b"
},
{
"url": "https://git.kernel.org/stable/c/a5f4d17daf2e6cd7c1d9676b476147f6b4ac53f2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a5f4d17daf2e6cd7c1d9676b476147f6b4ac53f2"
},
{
"url": "https://git.kernel.org/stable/c/f4b3ee3c85551d2d343a3ba159304066523f730f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f4b3ee3c85551d2d343a3ba159304066523f730f"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

92
2021/47xxx/CVE-2021-47604.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47604",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvduse: check that offset is within bounds in get_config()\n\nThis condition checks \"len\" but it does not check \"offset\" and that\ncould result in an out of bounds read if \"offset > dev->config_size\".\nThe problem is that since both variables are unsigned the\n\"dev->config_size - offset\" subtraction would result in a very high\nunsigned value.\n\nI think these checks might not be necessary because \"len\" and \"offset\"\nare supposed to already have been validated using the\nvhost_vdpa_config_validate() function. But I do not know the code\nperfectly, and I like to be safe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "c8a6153b6c59",
"version_value": "ebbbc5fea3f6"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.15",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/ebbbc5fea3f648175df1aa3f127c78eb0252cc2a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ebbbc5fea3f648175df1aa3f127c78eb0252cc2a"
},
{
"url": "https://git.kernel.org/stable/c/dc1db0060c02d119fd4196924eff2d1129e9a442",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dc1db0060c02d119fd4196924eff2d1129e9a442"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

92
2021/47xxx/CVE-2021-47605.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47605",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvduse: fix memory corruption in vduse_dev_ioctl()\n\nThe \"config.offset\" comes from the user. There needs to a check to\nprevent it being out of bounds. The \"config.offset\" and\n\"dev->config_size\" variables are both type u32. So if the offset if\nout of bounds then the \"dev->config_size - config.offset\" subtraction\nresults in a very high u32 value. The out of bounds offset can result\nin memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "c8a6153b6c59",
"version_value": "e6c67560b434"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.15",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e6c67560b4341914bec32ec536e931c22062af65",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e6c67560b4341914bec32ec536e931c22062af65"
},
{
"url": "https://git.kernel.org/stable/c/ff9f9c6e74848170fcb45c8403c80d661484c8c9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ff9f9c6e74848170fcb45c8403c80d661484c8c9"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

148
2021/47xxx/CVE-2021-47606.json
View File

@ -1,18 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47606",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: netlink: af_netlink: Prevent empty skb by adding a check on len.\n\nAdding a check on len parameter to avoid empty skb. This prevents a\ndivision error in netem_enqueue function which is caused when skb->len=0\nand skb->data_len=0 in the randomized corruption step as shown below.\n\nskb->data[prandom_u32() % skb_headlen(skb)] ^= 1<<(prandom_u32() % 8);\n\nCrash Report:\n[ 343.170349] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family\n0 port 6081 - 0\n[ 343.216110] netem: version 1.3\n[ 343.235841] divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\n[ 343.236680] CPU: 3 PID: 4288 Comm: reproducer Not tainted 5.16.0-rc1+\n[ 343.237569] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS 1.11.0-2.el7 04/01/2014\n[ 343.238707] RIP: 0010:netem_enqueue+0x1590/0x33c0 [sch_netem]\n[ 343.239499] Code: 89 85 58 ff ff ff e8 5f 5d e9 d3 48 8b b5 48 ff ff\nff 8b 8d 50 ff ff ff 8b 85 58 ff ff ff 48 8b bd 70 ff ff ff 31 d2 2b 4f\n74 <f7> f1 48 b8 00 00 00 00 00 fc ff df 49 01 d5 4c 89 e9 48 c1 e9 03\n[ 343.241883] RSP: 0018:ffff88800bcd7368 EFLAGS: 00010246\n[ 343.242589] RAX: 00000000ba7c0a9c RBX: 0000000000000001 RCX:\n0000000000000000\n[ 343.243542] RDX: 0000000000000000 RSI: ffff88800f8edb10 RDI:\nffff88800f8eda40\n[ 343.244474] RBP: ffff88800bcd7458 R08: 0000000000000000 R09:\nffffffff94fb8445\n[ 343.245403] R10: ffffffff94fb8336 R11: ffffffff94fb8445 R12:\n0000000000000000\n[ 343.246355] R13: ffff88800a5a7000 R14: ffff88800a5b5800 R15:\n0000000000000020\n[ 343.247291] FS: 00007fdde2bd7700(0000) GS:ffff888109780000(0000)\nknlGS:0000000000000000\n[ 343.248350] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 343.249120] CR2: 00000000200000c0 CR3: 000000000ef4c000 CR4:\n00000000000006e0\n[ 343.250076] Call Trace:\n[ 343.250423] <TASK>\n[ 343.250713] ? memcpy+0x4d/0x60\n[ 343.251162] ? netem_init+0xa0/0xa0 [sch_netem]\n[ 343.251795] ? __sanitizer_cov_trace_pc+0x21/0x60\n[ 343.252443] netem_enqueue+0xe28/0x33c0 [sch_netem]\n[ 343.253102] ? stack_trace_save+0x87/0xb0\n[ 343.253655] ? filter_irq_stacks+0xb0/0xb0\n[ 343.254220] ? netem_init+0xa0/0xa0 [sch_netem]\n[ 343.254837] ? __kasan_check_write+0x14/0x20\n[ 343.255418] ? _raw_spin_lock+0x88/0xd6\n[ 343.255953] dev_qdisc_enqueue+0x50/0x180\n[ 343.256508] __dev_queue_xmit+0x1a7e/0x3090\n[ 343.257083] ? netdev_core_pick_tx+0x300/0x300\n[ 343.257690] ? check_kcov_mode+0x10/0x40\n[ 343.258219] ? _raw_spin_unlock_irqrestore+0x29/0x40\n[ 343.258899] ? __kasan_init_slab_obj+0x24/0x30\n[ 343.259529] ? setup_object.isra.71+0x23/0x90\n[ 343.260121] ? new_slab+0x26e/0x4b0\n[ 343.260609] ? kasan_poison+0x3a/0x50\n[ 343.261118] ? kasan_unpoison+0x28/0x50\n[ 343.261637] ? __kasan_slab_alloc+0x71/0x90\n[ 343.262214] ? memcpy+0x4d/0x60\n[ 343.262674] ? write_comp_data+0x2f/0x90\n[ 343.263209] ? __kasan_check_write+0x14/0x20\n[ 343.263802] ? __skb_clone+0x5d6/0x840\n[ 343.264329] ? __sanitizer_cov_trace_pc+0x21/0x60\n[ 343.264958] dev_queue_xmit+0x1c/0x20\n[ 343.265470] netlink_deliver_tap+0x652/0x9c0\n[ 343.266067] netlink_unicast+0x5a0/0x7f0\n[ 343.266608] ? netlink_attachskb+0x860/0x860\n[ 343.267183] ? __sanitizer_cov_trace_pc+0x21/0x60\n[ 343.267820] ? write_comp_data+0x2f/0x90\n[ 343.268367] netlink_sendmsg+0x922/0xe80\n[ 343.268899] ? netlink_unicast+0x7f0/0x7f0\n[ 343.269472] ? __sanitizer_cov_trace_pc+0x21/0x60\n[ 343.270099] ? write_comp_data+0x2f/0x90\n[ 343.270644] ? netlink_unicast+0x7f0/0x7f0\n[ 343.271210] sock_sendmsg+0x155/0x190\n[ 343.271721] ____sys_sendmsg+0x75f/0x8f0\n[ 343.272262] ? kernel_sendmsg+0x60/0x60\n[ 343.272788] ? write_comp_data+0x2f/0x90\n[ 343.273332] ? write_comp_data+0x2f/0x90\n[ 343.273869] ___sys_sendmsg+0x10f/0x190\n[ 343.274405] ? sendmsg_copy_msghdr+0x80/0x80\n[ 343.274984] ? slab_post_alloc_hook+0x70/0x230\n[ 343.275597] ? futex_wait_setup+0x240/0x240\n[ 343.276175] ? security_file_alloc+0x3e/0x170\n[ 343.276779] ? write_comp_d\n---truncated---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "c54a60c8fbaa"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.4.296",
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.9.294",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.259",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.222",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.167",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.87",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.10",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/c54a60c8fbaa774f828e26df79f66229a8a0e010",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c54a60c8fbaa774f828e26df79f66229a8a0e010"
},
{
"url": "https://git.kernel.org/stable/c/40cf2e058832d9cfaae98dfd77334926275598b6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/40cf2e058832d9cfaae98dfd77334926275598b6"
},
{
"url": "https://git.kernel.org/stable/c/54e785f7d5c197bc06dbb8053700df7e2a093ced",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/54e785f7d5c197bc06dbb8053700df7e2a093ced"
},
{
"url": "https://git.kernel.org/stable/c/ff3f517bf7138e01a17369042908a3f345c0ee41",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ff3f517bf7138e01a17369042908a3f345c0ee41"
},
{
"url": "https://git.kernel.org/stable/c/c0315e93552e0d840e9edc6abd71c7db82ec8f51",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c0315e93552e0d840e9edc6abd71c7db82ec8f51"
},
{
"url": "https://git.kernel.org/stable/c/dadce61247c6230489527cc5e343b6002d1114c5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dadce61247c6230489527cc5e343b6002d1114c5"
},
{
"url": "https://git.kernel.org/stable/c/4c986072a8c9249b9398c7a18f216dc26a9f0e35",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4c986072a8c9249b9398c7a18f216dc26a9f0e35"
},
{
"url": "https://git.kernel.org/stable/c/f123cffdd8fe8ea6c7fded4b88516a42798797d0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f123cffdd8fe8ea6c7fded4b88516a42798797d0"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

92
2021/47xxx/CVE-2021-47607.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47607",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg\n\nThe implementation of BPF_CMPXCHG on a high level has the following parameters:\n\n .-[old-val] .-[new-val]\n BPF_R0 = cmpxchg{32,64}(DST_REG + insn->off, BPF_R0, SRC_REG)\n `-[mem-loc] `-[old-val]\n\nGiven a BPF insn can only have two registers (dst, src), the R0 is fixed and\nused as an auxilliary register for input (old value) as well as output (returning\nold value from memory location). While the verifier performs a number of safety\nchecks, it misses to reject unprivileged programs where R0 contains a pointer as\nold value.\n\nThrough brute-forcing it takes about ~16sec on my machine to leak a kernel pointer\nwith BPF_CMPXCHG. The PoC is basically probing for kernel addresses by storing the\nguessed address into the map slot as a scalar, and using the map value pointer as\nR0 while SRC_REG has a canary value to detect a matching address.\n\nFix it by checking R0 for pointers, and reject if that's the case for unprivileged\nprograms."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5ffa25502b5a",
"version_value": "f87a6c160ecc"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.12",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f87a6c160ecc8c7b417d25f508d3f076fe346136",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f87a6c160ecc8c7b417d25f508d3f076fe346136"
},
{
"url": "https://git.kernel.org/stable/c/a82fe085f344ef20b452cd5f481010ff96b5c4cd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a82fe085f344ef20b452cd5f481010ff96b5c4cd"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

92
2021/47xxx/CVE-2021-47608.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47608",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix kernel address leakage in atomic fetch\n\nThe change in commit 37086bfdc737 (\"bpf: Propagate stack bounds to registers\nin atomics w/ BPF_FETCH\") around check_mem_access() handling is buggy since\nthis would allow for unprivileged users to leak kernel pointers. For example,\nan atomic fetch/and with -1 on a stack destination which holds a spilled\npointer will migrate the spilled register type into a scalar, which can then\nbe exported out of the program (since scalar != pointer) by dumping it into\na map value.\n\nThe original implementation of XADD was preventing this situation by using\na double call to check_mem_access() one with BPF_READ and a subsequent one\nwith BPF_WRITE, in both cases passing -1 as a placeholder value instead of\nregister as per XADD semantics since it didn't contain a value fetch. The\nBPF_READ also included a check in check_stack_read_fixed_off() which rejects\nthe program if the stack slot is of __is_pointer_value() if dst_regno < 0.\nThe latter is to distinguish whether we're dealing with a regular stack spill/\nfill or some arithmetical operation which is disallowed on non-scalars, see\nalso 6e7e63cbb023 (\"bpf: Forbid XADD on spilled pointers for unprivileged\nusers\") for more context on check_mem_access() and its handling of placeholder\nvalue -1.\n\nOne minimally intrusive option to fix the leak is for the BPF_FETCH case to\ninitially check the BPF_READ case via check_mem_access() with -1 as register,\nfollowed by the actual load case with non-negative load_reg to propagate\nstack bounds to registers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "37086bfdc737",
"version_value": "423628125a48"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.12",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/423628125a484538111c2c6d9bb1588eb086053b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/423628125a484538111c2c6d9bb1588eb086053b"
},
{
"url": "https://git.kernel.org/stable/c/7d3baf0afa3aa9102d6a521a8e4c41888bb79882",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7d3baf0afa3aa9102d6a521a8e4c41888bb79882"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

157
2021/47xxx/CVE-2021-47609.json Normal file
View File

@ -0,0 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-47609",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scpi: Fix string overflow in SCPI genpd driver\n\nWithout the bound checks for scpi_pd->name, it could result in the buffer\noverflow when copying the SCPI device name from the corresponding device\ntree node as the name string is set at maximum size of 30.\n\nLet us fix it by using devm_kasprintf so that the string buffer is\nallocated dynamically."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8bec4337ad40",
"version_value": "639901b9429a"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.8",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.9.294",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.259",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.222",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.168",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/639901b9429a3195e0fead981ed74b51f5f31538",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/639901b9429a3195e0fead981ed74b51f5f31538"
},
{
"url": "https://git.kernel.org/stable/c/4694b1ec425a2d20d6f8ca3db594829fdf5f2672",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4694b1ec425a2d20d6f8ca3db594829fdf5f2672"
},
{
"url": "https://git.kernel.org/stable/c/7e8645ca2c0046f7cd2f0f7d569fc036c8abaedb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7e8645ca2c0046f7cd2f0f7d569fc036c8abaedb"
},
{
"url": "https://git.kernel.org/stable/c/802a1a8501563714a5fe8824f4ed27fec04a0719",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/802a1a8501563714a5fe8824f4ed27fec04a0719"
},
{
"url": "https://git.kernel.org/stable/c/f0f484714f35d24ffa0ecb4afe3df1c5b225411d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f0f484714f35d24ffa0ecb4afe3df1c5b225411d"
},
{
"url": "https://git.kernel.org/stable/c/976389cbb16cee46847e5d06250a3a0b5506781e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/976389cbb16cee46847e5d06250a3a0b5506781e"
},
{
"url": "https://git.kernel.org/stable/c/865ed67ab955428b9aa771d8b4f1e4fb7fd08945",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/865ed67ab955428b9aa771d8b4f1e4fb7fd08945"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

92
2021/47xxx/CVE-2021-47610.json Normal file
View File

@ -0,0 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-47610",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix null ptr access msm_ioctl_gem_submit()\n\nFix the below null pointer dereference in msm_ioctl_gem_submit():\n\n 26545.260705: Call trace:\n 26545.263223: kref_put+0x1c/0x60\n 26545.266452: msm_ioctl_gem_submit+0x254/0x744\n 26545.270937: drm_ioctl_kernel+0xa8/0x124\n 26545.274976: drm_ioctl+0x21c/0x33c\n 26545.278478: drm_compat_ioctl+0xdc/0xf0\n 26545.282428: __arm64_compat_sys_ioctl+0xc8/0x100\n 26545.287169: el0_svc_common+0xf8/0x250\n 26545.291025: do_el0_svc_compat+0x28/0x54\n 26545.295066: el0_svc_compat+0x10/0x1c\n 26545.298838: el0_sync_compat_handler+0xa8/0xcc\n 26545.303403: el0_sync_compat+0x188/0x1c0\n 26545.307445: Code: d503201f d503201f 52800028 4b0803e8 (b8680008)\n 26545.318799: Kernel panic - not syncing: Oops: Fatal exception"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "f6db3d98f876"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15.10",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f6db3d98f876870c35e96693cfd54752f6199e59",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f6db3d98f876870c35e96693cfd54752f6199e59"
},
{
"url": "https://git.kernel.org/stable/c/26d776fd0f79f093a5d0ce1a4c7c7a992bc3264c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/26d776fd0f79f093a5d0ce1a4c7c7a992bc3264c"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

135
2021/47xxx/CVE-2021-47611.json Normal file
View File

@ -0,0 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-47611",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: validate extended element ID is present\n\nBefore attempting to parse an extended element, verify that\nthe extended element ID is present."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "41cbb0f5a295",
"version_value": "03029bb044cc"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.19",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.19",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.222",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.168",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.88",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.11",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/03029bb044ccee60adbc93e70713f3ae58abc3a1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/03029bb044ccee60adbc93e70713f3ae58abc3a1"
},
{
"url": "https://git.kernel.org/stable/c/a19cf6844b509d44ecbd536f33d314d91ecdd2b5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a19cf6844b509d44ecbd536f33d314d91ecdd2b5"
},
{
"url": "https://git.kernel.org/stable/c/7fd214fc7f2ee3a89f91e717e3cfad55f5a27045",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7fd214fc7f2ee3a89f91e717e3cfad55f5a27045"
},
{
"url": "https://git.kernel.org/stable/c/c62b16f98688ae7bc0ab23a6490481f4ce9b3a49",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c62b16f98688ae7bc0ab23a6490481f4ce9b3a49"
},
{
"url": "https://git.kernel.org/stable/c/768c0b19b50665e337c96858aa2b7928d6dcf756",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/768c0b19b50665e337c96858aa2b7928d6dcf756"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

158
2021/47xxx/CVE-2021-47612.json Normal file
View File

@ -0,0 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-47612",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: fix segfault in nfc_genl_dump_devices_done\n\nWhen kmalloc in nfc_genl_dump_devices() fails then\nnfc_genl_dump_devices_done() segfaults as below\n\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 25 Comm: kworker/0:1 Not tainted 5.16.0-rc4-01180-g2a987e65025e-dirty #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-6.fc35 04/01/2014\nWorkqueue: events netlink_sock_destruct_work\nRIP: 0010:klist_iter_exit+0x26/0x80\nCall Trace:\n<TASK>\nclass_dev_iter_exit+0x15/0x20\nnfc_genl_dump_devices_done+0x3b/0x50\ngenl_lock_done+0x84/0xd0\nnetlink_sock_destruct+0x8f/0x270\n__sk_destruct+0x64/0x3b0\nsk_destruct+0xa8/0xd0\n__sk_free+0x2e8/0x3d0\nsk_free+0x51/0x90\nnetlink_sock_destruct_work+0x1c/0x20\nprocess_one_work+0x411/0x710\nworker_thread+0x6fd/0xa80"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "ea55b3797878"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.4.296",
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.9.294",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.259",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.222",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.167",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.87",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.10",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/ea55b3797878752aa076b118afb727dcf79cac34",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ea55b3797878752aa076b118afb727dcf79cac34"
},
{
"url": "https://git.kernel.org/stable/c/214af18abbe39db05beb305b2d11e87d09a6529c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/214af18abbe39db05beb305b2d11e87d09a6529c"
},
{
"url": "https://git.kernel.org/stable/c/6644989642844de830f9b072cd65c553cb55946c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6644989642844de830f9b072cd65c553cb55946c"
},
{
"url": "https://git.kernel.org/stable/c/2a8845b9603c545fddd17862282dc4c4ce0971e3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2a8845b9603c545fddd17862282dc4c4ce0971e3"
},
{
"url": "https://git.kernel.org/stable/c/d731ecc6f2eaec68f4ad1542283bbc7d07bd0112",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d731ecc6f2eaec68f4ad1542283bbc7d07bd0112"
},
{
"url": "https://git.kernel.org/stable/c/c602863ad28ec86794cb4ab4edea5324f555f181",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c602863ad28ec86794cb4ab4edea5324f555f181"
},
{
"url": "https://git.kernel.org/stable/c/d89e4211b51752daf063d638af50abed2fd5f96d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d89e4211b51752daf063d638af50abed2fd5f96d"
},
{
"url": "https://git.kernel.org/stable/c/fd79a0cbf0b2e34bcc45b13acf962e2032a82203",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fd79a0cbf0b2e34bcc45b13acf962e2032a82203"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

102
2021/47xxx/CVE-2021-47613.json Normal file
View File

@ -0,0 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-47613",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: virtio: fix completion handling\n\nThe driver currently assumes that the notify callback is only received\nwhen the device is done with all the queued buffers.\n\nHowever, this is not true, since the notify callback could be called\nwithout any of the queued buffers being completed (for example, with\nvirtio-pci and shared interrupts) or with only some of the buffers being\ncompleted (since the driver makes them available to the device in\nmultiple separate virtqueue_add_sgs() calls).\n\nThis can lead to incorrect data on the I2C bus or memory corruption in\nthe guest if the device operates on buffers which are have been freed by\nthe driver. (The WARN_ON in the driver is also triggered.)\n\n BUG kmalloc-128 (Tainted: G W ): Poison overwritten\n First byte 0x0 instead of 0x6b\n Allocated in i2cdev_ioctl_rdwr+0x9d/0x1de age=243 cpu=0 pid=28\n \tmemdup_user+0x2e/0xbd\n \ti2cdev_ioctl_rdwr+0x9d/0x1de\n \ti2cdev_ioctl+0x247/0x2ed\n \tvfs_ioctl+0x21/0x30\n \tsys_ioctl+0xb18/0xb41\n Freed in i2cdev_ioctl_rdwr+0x1bb/0x1de age=68 cpu=0 pid=28\n \tkfree+0x1bd/0x1cc\n \ti2cdev_ioctl_rdwr+0x1bb/0x1de\n \ti2cdev_ioctl+0x247/0x2ed\n \tvfs_ioctl+0x21/0x30\n \tsys_ioctl+0xb18/0xb41\n\nFix this by calling virtio_get_buf() from the notify handler like other\nvirtio drivers and by actually waiting for all the buffers to be\ncompleted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3cfc88380413",
"version_value": "9cbb957441ed"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.15",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.10",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/9cbb957441ed8873577d7d313a3d79d69f1dad5c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9cbb957441ed8873577d7d313a3d79d69f1dad5c"
},
{
"url": "https://git.kernel.org/stable/c/b503de239f62eca898cfb7e820d9a35499137d22",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b503de239f62eca898cfb7e820d9a35499137d22"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

102
2021/47xxx/CVE-2021-47614.json Normal file
View File

@ -0,0 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-47614",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix a user-after-free in add_pble_prm\n\nWhen irdma_hmc_sd_one fails, 'chunk' is freed while its still on the PBLE\ninfo list.\n\nAdd the chunk entry to the PBLE info list only after successful setting of\nthe SD in irdma_hmc_sd_one."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "e8c4dbc2fcac",
"version_value": "11eebcf63e98"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.14",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.10",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/11eebcf63e98fcf047a876a51d76afdabc3b8b9b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/11eebcf63e98fcf047a876a51d76afdabc3b8b9b"
},
{
"url": "https://git.kernel.org/stable/c/1e11a39a82e95ce86f849f40dda0d9c0498cebd9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1e11a39a82e95ce86f849f40dda0d9c0498cebd9"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

113
2021/47xxx/CVE-2021-47615.json Normal file
View File

@ -0,0 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-47615",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix releasing unallocated memory in dereg MR flow\n\nFor the case of IB_MR_TYPE_DM the mr does doesn't have a umem, even though\nit is a user MR. This causes function mlx5_free_priv_descs() to think that\nit is a kernel MR, leading to wrongly accessing mr->descs that will get\nwrong values in the union which leads to attempt to release resources that\nwere not allocated in the first place.\n\nFor example:\n DMA-API: mlx5_core 0000:08:00.1: device driver tries to free DMA memory it has not allocated [device address=0x0000000000000000] [size=0 bytes]\n WARNING: CPU: 8 PID: 1021 at kernel/dma/debug.c:961 check_unmap+0x54f/0x8b0\n RIP: 0010:check_unmap+0x54f/0x8b0\n Call Trace:\n debug_dma_unmap_page+0x57/0x60\n mlx5_free_priv_descs+0x57/0x70 [mlx5_ib]\n mlx5_ib_dereg_mr+0x1fb/0x3d0 [mlx5_ib]\n ib_dereg_mr_user+0x60/0x140 [ib_core]\n uverbs_destroy_uobject+0x59/0x210 [ib_uverbs]\n uobj_destroy+0x3f/0x80 [ib_uverbs]\n ib_uverbs_cmd_verbs+0x435/0xd10 [ib_uverbs]\n ? uverbs_finalize_object+0x50/0x50 [ib_uverbs]\n ? lock_acquire+0xc4/0x2e0\n ? lock_acquired+0x12/0x380\n ? lock_acquire+0xc4/0x2e0\n ? lock_acquire+0xc4/0x2e0\n ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n ? lock_release+0x28a/0x400\n ib_uverbs_ioctl+0xc0/0x140 [ib_uverbs]\n ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n __x64_sys_ioctl+0x7f/0xb0\n do_syscall_64+0x38/0x90\n\nFix it by reorganizing the dereg flow and mlx5_ib_mr structure:\n - Move the ib_umem field into the user MRs structure in the union as it's\n applicable only there.\n - Function mlx5_ib_dereg_mr() will now call mlx5_free_priv_descs() only\n in case there isn't udata, which indicates that this isn't a user MR."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "f18ec4223117",
"version_value": "e3bc4d4b50ca"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.13",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.10",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.14",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701"
},
{
"url": "https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9"
},
{
"url": "https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

18
2021/47xxx/CVE-2021-47616.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47616",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/47xxx/CVE-2021-47617.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47617",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/47xxx/CVE-2021-47618.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47618",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

85
2022/45xxx/CVE-2022-45832.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-45832",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in Hennessey Digital Attorney.This issue affects Attorney: from n/a through 3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hennessey Digital",
"product": {
"product_data": [
{
"product_name": "Attorney",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/attorney/wordpress-attorney-theme-3-unauth-arbitrary-content-deletion-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/attorney/wordpress-attorney-theme-3-unauth-arbitrary-content-deletion-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Dave Jong (Patchstack)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

113
2023/25xxx/CVE-2023-25697.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25697",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 2.5.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GamiPress",
"product": {
"product_data": [
{
"product_name": "GamiPress",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "2.5.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.5.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/gamipress/wordpress-gamipress-plugin-2-5-6-csrf-leading-to-settings-change-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/gamipress/wordpress-gamipress-plugin-2-5-6-csrf-leading-to-settings-change-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.5.7 or a higher version."
}
],
"value": "Update to 2.5.7 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Dave Jong (Patchstack)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

113
2023/36xxx/CVE-2023-36515.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36515",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ThimPress",
"product": {
"product_data": [
{
"product_name": "LearnPress",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "4.2.3.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.2.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-plugin-4-2-3-unauthenticated-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-plugin-4-2-3-unauthenticated-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.2.3.1 or a higher version."
}
],
"value": "Update to 4.2.3.1 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Rafie Muhammad (Patchstack)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

113
2023/36xxx/CVE-2023-36516.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36516",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ThimPress",
"product": {
"product_data": [
{
"product_name": "LearnPress",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "4.2.3.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.2.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-plugin-4-2-3-authenticated-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-plugin-4-2-3-authenticated-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.2.3.1 or a higher version."
}
],
"value": "Update to 4.2.3.1 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Rafie Muhammad (Patchstack)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
]
}

113
2023/38xxx/CVE-2023-38393.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-38393",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Saturday Drive",
"product": {
"product_data": [
{
"product_name": "Ninja Forms",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "3.6.26",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.6.25",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-6-25-subscriber-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-6-25-subscriber-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.6.26 or a higher version."
}
],
"value": "Update to 3.6.26 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Rafie Muhammad (Patchstack)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
]
}

113
2023/38xxx/CVE-2023-38394.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-38394",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from 3.0.0 through 3.3.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Artbees",
"product": {
"product_data": [
{
"product_name": "JupiterX Core",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "3.3.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.3.0",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/jupiterx-core/wordpress-jupiter-x-core-plugin-3-3-0-multiple-subscriber-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/jupiterx-core/wordpress-jupiter-x-core-plugin-3-3-0-multiple-subscriber-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.3.5 or a higher version."
}
],
"value": "Update to 3.3.5 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Rafie Muhammad (Patchstack)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

113
2023/39xxx/CVE-2023-39310.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-39310",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ThemeFusion",
"product": {
"product_data": [
{
"product_name": "Fusion Builder",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "3.11.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/fusion-builder/wordpress-avada-builder-plugin-3-11-1-authenticated-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/fusion-builder/wordpress-avada-builder-plugin-3-11-1-authenticated-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.11.2 or a higher version."
}
],
"value": "Update to 3.11.2 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Rafie Muhammad (Patchstack)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

113
2023/39xxx/CVE-2023-39312.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-39312",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ThemeFusion",
"product": {
"product_data": [
{
"product_name": "Avada",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "7.11.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/avada/wordpress-avada-theme-7-11-1-authenticated-author-unrestricted-zip-extraction-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/avada/wordpress-avada-theme-7-11-1-authenticated-author-unrestricted-zip-extraction-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 7.11.2 or a higher version."
}
],
"value": "Update to 7.11.2 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Rafie Muhammad (Patchstack)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

77
2024/22xxx/CVE-2024-22263.json
View File

@ -1,17 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22263",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api can use a crafted upload request to write arbitrary file to any location on file system, may even compromises the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper sanitization for upload path"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Spring by VMware Tanzu",
"product": {
"product_data": [
{
"product_name": "Spring Cloud Skipper",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.11.0 - 2.11.2, 2.10.x"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://spring.io/security/cve-2024-22263",
"refsource": "MISC",
"name": "https://spring.io/security/cve-2024-22263"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

113
2024/34xxx/CVE-2024-34443.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-34443",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution allows Stored XSS.This issue affects Slider Revolution: from n/a before 6.7.11."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ThemePunch OHG",
"product": {
"product_data": [
{
"product_name": "Slider Revolution",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "6.7.11",
"status": "unaffected"
}
],
"lessThan": "6.7.11",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/revslider/wordpress-slider-revolution-plugin-6-7-11-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/revslider/wordpress-slider-revolution-plugin-6-7-11-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 6.7.11 or a higher version."
}
],
"value": "Update to 6.7.11 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Rafie Muhammad (Patchstack)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

5
2024/38xxx/CVE-2024-38439.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/Netatalk/netatalk/issues/1096",
"refsource": "MISC",
"name": "https://github.com/Netatalk/netatalk/issues/1096"
},
{
"refsource": "MISC",
"name": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_pam.c#L316",
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_pam.c#L316"
}
]
}

7
2024/38xxx/CVE-2024-38440.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c."
"value": "Netatalk 3.2.0 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) contains a security vulnerability. This vulnerability arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. ... The vulnerability is located in the FPLoginExt operation of Netatalk, in the BN_bin2bn function found in /etc/uams/uams_dhx_pam.c ... if (!(bn = BN_bin2bn((unsigned char *)ibuf, KEYSIZE, NULL))) ... threads ... [#0] Id 1, Name: \"afpd\", stopped 0x7ffff4304e58 in ?? (), reason: SIGSEGV ... [#0] 0x7ffff4304e58 mov BYTE PTR [r14+0x8], 0x0 ... mov rdx, QWORD PTR [rsp+0x18] ... afp_login_ext(obj=<optimized out>, ibuf=0x62d000010424 \"\", ibuflen=0xffffffffffff0015, rbuf=<optimized out>, rbuflen=<optimized out>) ... afp_over_dsi(obj=0x5555556154c0 <obj>).'"
}
]
},
@ -56,6 +56,11 @@
"url": "https://github.com/Netatalk/netatalk/issues/1097",
"refsource": "MISC",
"name": "https://github.com/Netatalk/netatalk/issues/1097"
},
{
"refsource": "MISC",
"name": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_dhx_pam.c#L199-L200",
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_dhx_pam.c#L199-L200"
}
]
}

7
2024/38xxx/CVE-2024-38441.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\\0' in FPMapName in afp_mapname in etc/afp/directory.c."
"value": "Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\\0' in FPMapName in afp_mapname in etc/afpd/directory.c."
}
]
},
@ -56,6 +56,11 @@
"url": "https://github.com/Netatalk/netatalk/issues/1098",
"refsource": "MISC",
"name": "https://github.com/Netatalk/netatalk/issues/1098"
},
{
"refsource": "MISC",
"name": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333",
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333"
}
]
}

18
2024/6xxx/CVE-2024-6163.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6163",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/6xxx/CVE-2024-6164.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6164",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/6xxx/CVE-2024-6165.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6165",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}