From 8fd35f45b1a7535c1c251878d6527a8740d34763 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2024 09:01:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/52xxx/CVE-2023-52605.json | 144 ++++++++++++++++++++++++++++++++- 2024/0xxx/CVE-2024-0044.json | 18 +---- 2 files changed, 143 insertions(+), 19 deletions(-) diff --git a/2023/52xxx/CVE-2023-52605.json b/2023/52xxx/CVE-2023-52605.json index b0c2a78fea8..c5058121d9e 100644 --- a/2023/52xxx/CVE-2023-52605.json +++ b/2023/52xxx/CVE-2023-52605.json @@ -5,14 +5,154 @@ "CVE_data_meta": { "ID": "CVE-2023-52605", "ASSIGNER": "cve@kernel.org", - "STATE": "REJECT" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: extlog: fix NULL pointer dereference check\n\nThe gcc plugin -fanalyzer [1] tries to detect various\npatterns of incorrect behaviour. The tool reports:\n\ndrivers/acpi/acpi_extlog.c: In function \u2018extlog_exit\u2019:\ndrivers/acpi/acpi_extlog.c:307:12: warning: check of \u2018extlog_l1_addr\u2019 for NULL after already dereferencing it [-Wanalyzer-deref-before-check]\n |\n | 306 | ((struct extlog_l1_head *)extlog_l1_addr)->flags &= ~FLAG_OS_OPTIN;\n | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~\n | | |\n | | (1) pointer \u2018extlog_l1_addr\u2019 is dereferenced here\n | 307 | if (extlog_l1_addr)\n | | ~\n | | |\n | | (2) pointer \u2018extlog_l1_addr\u2019 is checked for NULL here but it was already dereferenced at (1)\n |\n\nFix the NULL pointer dereference check in extlog_exit()." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "b7b33627be06" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.19.307", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.269", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.210", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.149", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.77", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.16", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.4", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/b7b33627be0626b16ca321b982d6a2261ef7f703", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b7b33627be0626b16ca321b982d6a2261ef7f703" + }, + { + "url": "https://git.kernel.org/stable/c/d2049af7ddbc361702c3e1f09bd6c5e9488454ca", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d2049af7ddbc361702c3e1f09bd6c5e9488454ca" + }, + { + "url": "https://git.kernel.org/stable/c/b17a71435e7e153e949df018244a98b4ede04069", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b17a71435e7e153e949df018244a98b4ede04069" + }, + { + "url": "https://git.kernel.org/stable/c/5457b0cbaa0238fc56b855c4ef2c0b9cc9c559ab", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5457b0cbaa0238fc56b855c4ef2c0b9cc9c559ab" + }, + { + "url": "https://git.kernel.org/stable/c/33650372e3ead97c5ab3b84d9ad97737bc5e00c0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/33650372e3ead97c5ab3b84d9ad97737bc5e00c0" + }, + { + "url": "https://git.kernel.org/stable/c/f066171de33d71ff0f7c46bd17636a5a26db3fb6", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f066171de33d71ff0f7c46bd17636a5a26db3fb6" + }, + { + "url": "https://git.kernel.org/stable/c/77846571b3ba6a6125a20ad109bb8514ba884cf9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/77846571b3ba6a6125a20ad109bb8514ba884cf9" + }, + { + "url": "https://git.kernel.org/stable/c/72d9b9747e78979510e9aafdd32eb99c7aa30dd1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/72d9b9747e78979510e9aafdd32eb99c7aa30dd1" + } + ] + }, + "generator": { + "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2024/0xxx/CVE-2024-0044.json b/2024/0xxx/CVE-2024-0044.json index 00f92e49633..d08ad2fc56f 100644 --- a/2024/0xxx/CVE-2024-0044.json +++ b/2024/0xxx/CVE-2024-0044.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + "value": "In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] }, @@ -74,23 +74,7 @@ "url": "https://source.android.com/security/bulletin/2024-03-01", "refsource": "MISC", "name": "https://source.android.com/security/bulletin/2024-03-01" - }, - { - "url": "https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html", - "refsource": "MISC", - "name": "https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html" - }, - { - "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2", - "refsource": "MISC", - "name": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2" } ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" } } \ No newline at end of file