admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 11:37:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-02-26 02:02:01 +00:00
parent 11516bb539
commit b5c18b369e
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 727 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
2022/49xxx/CVE-2022-49149.json
View File

@ -1,18 +1,135 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-49149", "ID": "CVE-2022-49149",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@kernel.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix call timer start racing with call destruction\n\nThe rxrpc_call struct has a timer used to handle various timed events\nrelating to a call. This timer can get started from the packet input\nroutines that are run in softirq mode with just the RCU read lock held.\nUnfortunately, because only the RCU read lock is held - and neither ref or\nother lock is taken - the call can start getting destroyed at the same time\na packet comes in addressed to that call. This causes the timer - which\nwas already stopped - to get restarted. Later, the timer dispatch code may\nthen oops if the timer got deallocated first.\n\nFix this by trying to take a ref on the rxrpc_call struct and, if\nsuccessful, passing that ref along to the timer. If the timer was already\nrunning, the ref is discarded.\n\nThe timer completion routine can then pass the ref along to the call's work\nitem when it queues it. If the timer or work item where already\nqueued/running, the extra ref is discarded."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "a158bdd3247b9656df36ba133235fff702e9fdc3",
"version_value": "051360e51341cd17738d82c15a8226010c7cb7f6"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.15",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.15",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.110",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.33",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.16.19",
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.17.2",
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.18",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/051360e51341cd17738d82c15a8226010c7cb7f6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/051360e51341cd17738d82c15a8226010c7cb7f6"
},
{
"url": "https://git.kernel.org/stable/c/8cbf4ae7a2833767d63114573e5f9a45740cc975",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8cbf4ae7a2833767d63114573e5f9a45740cc975"
},
{
"url": "https://git.kernel.org/stable/c/54df5a37f1d951ed27fd47bf9b15a42279582110",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/54df5a37f1d951ed27fd47bf9b15a42279582110"
},
{
"url": "https://git.kernel.org/stable/c/5e3c11144e557a9dbf9a2f6abe444689ef9d8aae",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5e3c11144e557a9dbf9a2f6abe444689ef9d8aae"
},
{
"url": "https://git.kernel.org/stable/c/4a7f62f91933c8ae5308f9127fd8ea48188b6bc3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4a7f62f91933c8ae5308f9127fd8ea48188b6bc3"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
} }
} }

92
2022/49xxx/CVE-2022-49150.json
View File

@ -1,18 +1,102 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-49150", "ID": "CVE-2022-49150",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@kernel.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: gamecube: Fix refcount leak in gamecube_rtc_read_offset_from_sram\n\nThe of_find_compatible_node() function returns a node pointer with\nrefcount incremented, We should use of_node_put() on it when done\nAdd the missing of_node_put() to release the refcount."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "86559400b3ef9de93ba50523cffe767c35cd531a",
"version_value": "de66e4f28dfd11f954966c447b4430529ed040a2"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.17",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.17",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.17.2",
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.18",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/de66e4f28dfd11f954966c447b4430529ed040a2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/de66e4f28dfd11f954966c447b4430529ed040a2"
},
{
"url": "https://git.kernel.org/stable/c/4b2dc39ca024990abe36ad5d145c4fe0c06afd34",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4b2dc39ca024990abe36ad5d145c4fe0c06afd34"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
} }
} }

158
2022/49xxx/CVE-2022-49151.json
View File

@ -1,18 +1,168 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-49151", "ID": "CVE-2022-49151",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@kernel.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcba_usb: properly check endpoint type\n\nSyzbot reported warning in usb_submit_urb() which is caused by wrong\nendpoint type. We should check that in endpoint is actually present to\nprevent this warning.\n\nFound pipes are now saved to struct mcba_priv and code uses them\ndirectly instead of making pipes in place.\n\nFail log:\n\n| usb 5-1: BOGUS urb xfer, pipe 3 != type 1\n| WARNING: CPU: 1 PID: 49 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\n| Modules linked in:\n| CPU: 1 PID: 49 Comm: kworker/1:2 Not tainted 5.17.0-rc6-syzkaller-00184-g38f80f42147f #0\n| Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\n| Workqueue: usb_hub_wq hub_event\n| RIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\n| ...\n| Call Trace:\n| <TASK>\n| mcba_usb_start drivers/net/can/usb/mcba_usb.c:662 [inline]\n| mcba_usb_probe+0x8a3/0xc50 drivers/net/can/usb/mcba_usb.c:858\n| usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396\n| call_driver_probe drivers/base/dd.c:517 [inline]"
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "51f3baad7de943780ce0c17bd7975df567dd6e14",
"version_value": "5598442edc29e8f6f2380e4b471dc1a3fcd80508"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.12",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.276",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.238",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.189",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.110",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.33",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.16.19",
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.17.2",
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.18",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/5598442edc29e8f6f2380e4b471dc1a3fcd80508",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5598442edc29e8f6f2380e4b471dc1a3fcd80508"
},
{
"url": "https://git.kernel.org/stable/c/b48d1bb3f1ca337ad653022aefb5a40a47dfe5cd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b48d1bb3f1ca337ad653022aefb5a40a47dfe5cd"
},
{
"url": "https://git.kernel.org/stable/c/cbd110b8dd7ad763bf413f71c0484116ae9302d4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cbd110b8dd7ad763bf413f71c0484116ae9302d4"
},
{
"url": "https://git.kernel.org/stable/c/ef0acc514123140157b19a9ff2e2de5d91d612bc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ef0acc514123140157b19a9ff2e2de5d91d612bc"
},
{
"url": "https://git.kernel.org/stable/c/fa9c1f14002dc0d5293e16a2007bd89b6e79207b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fa9c1f14002dc0d5293e16a2007bd89b6e79207b"
},
{
"url": "https://git.kernel.org/stable/c/88272b4a37913bdf6f339162a7920bd8e9b49de2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/88272b4a37913bdf6f339162a7920bd8e9b49de2"
},
{
"url": "https://git.kernel.org/stable/c/f2ec3cd0f34f8c3f94bc21fbba14868301c9c49d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f2ec3cd0f34f8c3f94bc21fbba14868301c9c49d"
},
{
"url": "https://git.kernel.org/stable/c/136bed0bfd3bc9c95c88aafff2d22ecb3a919f23",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/136bed0bfd3bc9c95c88aafff2d22ecb3a919f23"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
} }
} }

136
2022/49xxx/CVE-2022-49152.json
View File

@ -1,18 +1,146 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-49152", "ID": "CVE-2022-49152",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@kernel.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nXArray: Fix xas_create_range() when multi-order entry present\n\nIf there is already an entry present that is of order >= XA_CHUNK_SHIFT\nwhen we call xas_create_range(), xas_create_range() will misinterpret\nthat entry as a node and dereference xa_node->parent, generally leading\nto a crash that looks something like this:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001:\n0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 32 Comm: khugepaged Not tainted 5.17.0-rc8-syzkaller-00003-g56e337f2cf13 #0\nRIP: 0010:xa_parent_locked include/linux/xarray.h:1207 [inline]\nRIP: 0010:xas_create_range+0x2d9/0x6e0 lib/xarray.c:725\n\nIt's deterministically reproducable once you know what the problem is,\nbut producing it in a live kernel requires khugepaged to hit a race.\nWhile the problem has been present since xas_create_range() was\nintroduced, I'm not aware of a way to hit it before the page cache was\nconverted to use multi-index entries."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6b24ca4a1a8d4ee3221d6d44ddbb99f542e4bda3",
"version_value": "3e2852eda19ee1a400cd809d7a9322680f34a262"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.17",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.17",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.189",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.110",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.33",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.16.19",
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.17.2",
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.18",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/3e2852eda19ee1a400cd809d7a9322680f34a262",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3e2852eda19ee1a400cd809d7a9322680f34a262"
},
{
"url": "https://git.kernel.org/stable/c/1ac49c8fd49fdf53d3cd8b77eb8ffda08d7fbe22",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1ac49c8fd49fdf53d3cd8b77eb8ffda08d7fbe22"
},
{
"url": "https://git.kernel.org/stable/c/7521a97b1929042604bef6859f62fa8b4bbc077b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7521a97b1929042604bef6859f62fa8b4bbc077b"
},
{
"url": "https://git.kernel.org/stable/c/29968329b926d238e3107ec071a250397555d264",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/29968329b926d238e3107ec071a250397555d264"
},
{
"url": "https://git.kernel.org/stable/c/18f13edf3424b3b61814b69d5269b2e14584800c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/18f13edf3424b3b61814b69d5269b2e14584800c"
},
{
"url": "https://git.kernel.org/stable/c/3e3c658055c002900982513e289398a1aad4a488",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3e3c658055c002900982513e289398a1aad4a488"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
} }
} }

125
2022/49xxx/CVE-2022-49153.json
View File

@ -1,18 +1,135 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-49153", "ID": "CVE-2022-49153",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@kernel.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: socket: free skb in send6 when ipv6 is disabled\n\nI got a memory leak report:\n\nunreferenced object 0xffff8881191fc040 (size 232):\n comm \"kworker/u17:0\", pid 23193, jiffies 4295238848 (age 3464.870s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<ffffffff814c3ef4>] slab_post_alloc_hook+0x84/0x3b0\n [<ffffffff814c8977>] kmem_cache_alloc_node+0x167/0x340\n [<ffffffff832974fb>] __alloc_skb+0x1db/0x200\n [<ffffffff82612b5d>] wg_socket_send_buffer_to_peer+0x3d/0xc0\n [<ffffffff8260e94a>] wg_packet_send_handshake_initiation+0xfa/0x110\n [<ffffffff8260ec81>] wg_packet_handshake_send_worker+0x21/0x30\n [<ffffffff8119c558>] process_one_work+0x2e8/0x770\n [<ffffffff8119ca2a>] worker_thread+0x4a/0x4b0\n [<ffffffff811a88e0>] kthread+0x120/0x160\n [<ffffffff8100242f>] ret_from_fork+0x1f/0x30\n\nIn function wg_socket_send_buffer_as_reply_to_skb() or wg_socket_send_\nbuffer_to_peer(), the semantics of send6() is required to free skb. But\nwhen CONFIG_IPV6 is disable, kfree_skb() is missing. This patch adds it\nto fix this bug."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"version_value": "096f9d35cac0a0c95ffafc00db84786b665a4837"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.6",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.110",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.33",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.16.19",
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.17.2",
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.18",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/096f9d35cac0a0c95ffafc00db84786b665a4837",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/096f9d35cac0a0c95ffafc00db84786b665a4837"
},
{
"url": "https://git.kernel.org/stable/c/402991a9771587acc2947cf6c4d689c5397f2258",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/402991a9771587acc2947cf6c4d689c5397f2258"
},
{
"url": "https://git.kernel.org/stable/c/ebcc492f4ba14bae54b898f1016a37b4282558d1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ebcc492f4ba14bae54b898f1016a37b4282558d1"
},
{
"url": "https://git.kernel.org/stable/c/0b19bcb753dbfb74710d12bb2761ec5ed706c726",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0b19bcb753dbfb74710d12bb2761ec5ed706c726"
},
{
"url": "https://git.kernel.org/stable/c/bbbf962d9460194993ee1943a793a0a0af4a7fbf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bbbf962d9460194993ee1943a793a0a0af4a7fbf"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
} }
} }

115
2022/49xxx/CVE-2022-49154.json
View File

@ -1,18 +1,125 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-49154", "ID": "CVE-2022-49154",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@kernel.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: fix panic on out-of-bounds guest IRQ\n\nAs guest_irq is coming from KVM_IRQFD API call, it may trigger\ncrash in svm_update_pi_irte() due to out-of-bounds:\n\ncrash> bt\nPID: 22218 TASK: ffff951a6ad74980 CPU: 73 COMMAND: \"vcpu8\"\n #0 [ffffb1ba6707fa40] machine_kexec at ffffffff8565b397\n #1 [ffffb1ba6707fa90] __crash_kexec at ffffffff85788a6d\n #2 [ffffb1ba6707fb58] crash_kexec at ffffffff8578995d\n #3 [ffffb1ba6707fb70] oops_end at ffffffff85623c0d\n #4 [ffffb1ba6707fb90] no_context at ffffffff856692c9\n #5 [ffffb1ba6707fbf8] exc_page_fault at ffffffff85f95b51\n #6 [ffffb1ba6707fc50] asm_exc_page_fault at ffffffff86000ace\n [exception RIP: svm_update_pi_irte+227]\n RIP: ffffffffc0761b53 RSP: ffffb1ba6707fd08 RFLAGS: 00010086\n RAX: ffffb1ba6707fd78 RBX: ffffb1ba66d91000 RCX: 0000000000000001\n RDX: 00003c803f63f1c0 RSI: 000000000000019a RDI: ffffb1ba66db2ab8\n RBP: 000000000000019a R8: 0000000000000040 R9: ffff94ca41b82200\n R10: ffffffffffffffcf R11: 0000000000000001 R12: 0000000000000001\n R13: 0000000000000001 R14: ffffffffffffffcf R15: 000000000000005f\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n #7 [ffffb1ba6707fdb8] kvm_irq_routing_update at ffffffffc09f19a1 [kvm]\n #8 [ffffb1ba6707fde0] kvm_set_irq_routing at ffffffffc09f2133 [kvm]\n #9 [ffffb1ba6707fe18] kvm_vm_ioctl at ffffffffc09ef544 [kvm]\n RIP: 00007f143c36488b RSP: 00007f143a4e04b8 RFLAGS: 00000246\n RAX: ffffffffffffffda RBX: 00007f05780041d0 RCX: 00007f143c36488b\n RDX: 00007f05780041d0 RSI: 000000004008ae6a RDI: 0000000000000020\n RBP: 00000000000004e8 R8: 0000000000000008 R9: 00007f05780041e0\n R10: 00007f0578004560 R11: 0000000000000246 R12: 00000000000004e0\n R13: 000000000000001a R14: 00007f1424001c60 R15: 00007f0578003bc0\n ORIG_RAX: 0000000000000010 CS: 0033 SS: 002b\n\nVmx have been fix this in commit 3a8b0677fc61 (KVM: VMX: Do not BUG() on\nout-of-bounds guest IRQ), so we can just copy source from that to fix\nthis."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "0fb470eb48892e131d10aa3be6915239e65758f3"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.10.110",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.33",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.16.19",
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.17.2",
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.18",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0fb470eb48892e131d10aa3be6915239e65758f3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0fb470eb48892e131d10aa3be6915239e65758f3"
},
{
"url": "https://git.kernel.org/stable/c/3fa2d747960521a646fc1aad7aea82e95e139a68",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3fa2d747960521a646fc1aad7aea82e95e139a68"
},
{
"url": "https://git.kernel.org/stable/c/e4d153d53d9648513481eb4ef8c212e7f1f8173d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e4d153d53d9648513481eb4ef8c212e7f1f8173d"
},
{
"url": "https://git.kernel.org/stable/c/a6ffdebfb6a9c2ffeed902b544b96fe67498210e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a6ffdebfb6a9c2ffeed902b544b96fe67498210e"
},
{
"url": "https://git.kernel.org/stable/c/a80ced6ea514000d34bf1239d47553de0d1ee89e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a80ced6ea514000d34bf1239d47553de0d1ee89e"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
} }
} }