admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-02-27 19:01:03 +00:00
parent 0702807a90
commit b70dbd11b2
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
51 changed files with 4271 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
2021/46xxx/CVE-2021-46943.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46943",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: staging/intel-ipu3: Fix set_fmt error handling\n\nIf there in an error during a set_fmt, do not overwrite the previous\nsizes with the invalid config.\n\nWithout this patch, v4l2-compliance ends up allocating 4GiB of RAM and\ncausing the following OOPs\n\n[ 38.662975] ipu3-imgu 0000:00:05.0: swiotlb buffer is full (sz: 4096 bytes)\n[ 38.662980] DMA: Out of SW-IOMMU space for 4096 bytes at device 0000:00:05.0\n[ 38.663010] general protection fault: 0000 [#1] PREEMPT SMP"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6d5f26f2e045",
"version_value": "a03fb1e8a110"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.2",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.2",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.118",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.36",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/a03fb1e8a110658215a4cefc3e2ad53279e496a6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a03fb1e8a110658215a4cefc3e2ad53279e496a6"
},
{
"url": "https://git.kernel.org/stable/c/c6b81b897f6f9445d57f8d47c4e060ec21556137",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c6b81b897f6f9445d57f8d47c4e060ec21556137"
},
{
"url": "https://git.kernel.org/stable/c/34892ea938387d83ffcfb7775ec55f0f80767916",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/34892ea938387d83ffcfb7775ec55f0f80767916"
},
{
"url": "https://git.kernel.org/stable/c/6fb617e37a39db0a3eca4489431359d0bdf3b9bc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6fb617e37a39db0a3eca4489431359d0bdf3b9bc"
},
{
"url": "https://git.kernel.org/stable/c/ad91849996f9dd79741a961fd03585a683b08356",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ad91849996f9dd79741a961fd03585a683b08356"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

125
2021/46xxx/CVE-2021-46944.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46944",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: staging/intel-ipu3: Fix memory leak in imu_fmt\n\nWe are losing the reference to an allocated memory if try. Change the\norder of the check to avoid that."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6d5f26f2e045",
"version_value": "ff792ae52005"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.2",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.2",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.118",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.36",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/ff792ae52005c85a2d829c153e08d99a356e007d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ff792ae52005c85a2d829c153e08d99a356e007d"
},
{
"url": "https://git.kernel.org/stable/c/517f6f570566a863c2422b843c8b7d099474f6a9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/517f6f570566a863c2422b843c8b7d099474f6a9"
},
{
"url": "https://git.kernel.org/stable/c/14d0e99c3ef6b0648535a31bf2eaabb4eff97b9e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/14d0e99c3ef6b0648535a31bf2eaabb4eff97b9e"
},
{
"url": "https://git.kernel.org/stable/c/74ba0adb5e983503b18a96121d965cad34ac7ce3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/74ba0adb5e983503b18a96121d965cad34ac7ce3"
},
{
"url": "https://git.kernel.org/stable/c/3630901933afba1d16c462b04d569b7576339223",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3630901933afba1d16c462b04d569b7576339223"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

103
2021/46xxx/CVE-2021-46945.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46945",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: always panic when errors=panic is specified\n\nBefore commit 014c9caa29d3 (\"ext4: make ext4_abort() use\n__ext4_error()\"), the following series of commands would trigger a\npanic:\n\n1. mount /dev/sda -o ro,errors=panic test\n2. mount /dev/sda -o remount,abort test\n\nAfter commit 014c9caa29d3, remounting a file system using the test\nmount option \"abort\" will no longer trigger a panic. This commit will\nrestore the behaviour immediately before commit 014c9caa29d3.\n(However, note that the Linux kernel's behavior has not been\nconsistent; some previous kernel versions, including 5.4 and 4.19\nsimilarly did not panic after using the mount option \"abort\".)\n\nThis also makes a change to long-standing behaviour; namely, the\nfollowing series commands will now cause a panic, when previously it\ndid not:\n\n1. mount /dev/sda -o ro,errors=panic test\n2. echo test > /sys/fs/ext4/sda/trigger_fs_error\n\nHowever, this makes ext4's behaviour much more consistent, so this is\na good thing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "014c9caa29d3",
"version_value": "64e1eebe2131"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.11",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.11",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/64e1eebe2131183174f4fbb6b1491355f96c6cde",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/64e1eebe2131183174f4fbb6b1491355f96c6cde"
},
{
"url": "https://git.kernel.org/stable/c/1e9ea8f4637026b8e965128953f2da061ccae9c4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1e9ea8f4637026b8e965128953f2da061ccae9c4"
},
{
"url": "https://git.kernel.org/stable/c/ac2f7ca51b0929461ea49918f27c11b680f28995",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ac2f7ca51b0929461ea49918f27c11b680f28995"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

174
2021/46xxx/CVE-2021-46946.json
View File

@ -1,18 +1,184 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46946",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix check to prevent false positive report of incorrect used inodes\n\nCommit <50122847007> (\"ext4: fix check to prevent initializing reserved\ninodes\") check the block group zero and prevent initializing reserved\ninodes. But in some special cases, the reserved inode may not all belong\nto the group zero, it may exist into the second group if we format\nfilesystem below.\n\n mkfs.ext4 -b 4096 -g 8192 -N 1024 -I 4096 /dev/sda\n\nSo, it will end up triggering a false positive report of a corrupted\nfile system. This patch fix it by avoid check reserved inodes if no free\ninode blocks will be zeroed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7736fcede789",
"version_value": "539ba4ebc467"
},
{
"version_affected": "<",
"version_name": "954e572ae2f2",
"version_value": "d2e121be8d31"
},
{
"version_affected": "<",
"version_name": "f547aa20b4f6",
"version_value": "e70db6e43286"
},
{
"version_affected": "<",
"version_name": "50122847007",
"version_value": "7687f5aba0f5"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.4.269",
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.9.269",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.233",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.191",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.118",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.36",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/539ba4ebc467260225898e67ea53cbb73308f894",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/539ba4ebc467260225898e67ea53cbb73308f894"
},
{
"url": "https://git.kernel.org/stable/c/d2e121be8d318524a61e13ca15b5bfab2d0b63c7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d2e121be8d318524a61e13ca15b5bfab2d0b63c7"
},
{
"url": "https://git.kernel.org/stable/c/e70db6e43286a17c3dfc840fcee662de183b6a81",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e70db6e43286a17c3dfc840fcee662de183b6a81"
},
{
"url": "https://git.kernel.org/stable/c/7687f5aba0f50c7ff8040e506bae184e59c8e7b8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7687f5aba0f50c7ff8040e506bae184e59c8e7b8"
},
{
"url": "https://git.kernel.org/stable/c/9c61387630a54e35b96a90608aafd369ffb86f39",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9c61387630a54e35b96a90608aafd369ffb86f39"
},
{
"url": "https://git.kernel.org/stable/c/098b257563b959f4ca6c1d82fde0ee727792cb19",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/098b257563b959f4ca6c1d82fde0ee727792cb19"
},
{
"url": "https://git.kernel.org/stable/c/f42789ee5f96743cdb5f69445cab3609458733f7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f42789ee5f96743cdb5f69445cab3609458733f7"
},
{
"url": "https://git.kernel.org/stable/c/e18d76a12b34791bc0318a0e0c0fa5863cd8dabf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e18d76a12b34791bc0318a0e0c0fa5863cd8dabf"
},
{
"url": "https://git.kernel.org/stable/c/a149d2a5cabbf6507a7832a1c4fd2593c55fd450",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a149d2a5cabbf6507a7832a1c4fd2593c55fd450"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

92
2021/46xxx/CVE-2021-46947.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46947",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: adjust efx->xdp_tx_queue_count with the real number of initialized queues\n\nefx->xdp_tx_queue_count is initially initialized to num_possible_cpus() and is\nlater used to allocate and traverse efx->xdp_tx_queues lookup array. However,\nwe may end up not initializing all the array slots with real queues during\nprobing. This results, for example, in a NULL pointer dereference, when running\n\"# ethtool -S <iface>\", similar to below\n\n[2570283.664955][T4126959] BUG: kernel NULL pointer dereference, address: 00000000000000f8\n[2570283.681283][T4126959] #PF: supervisor read access in kernel mode\n[2570283.695678][T4126959] #PF: error_code(0x0000) - not-present page\n[2570283.710013][T4126959] PGD 0 P4D 0\n[2570283.721649][T4126959] Oops: 0000 [#1] SMP PTI\n[2570283.734108][T4126959] CPU: 23 PID: 4126959 Comm: ethtool Tainted: G O 5.10.20-cloudflare-2021.3.1 #1\n[2570283.752641][T4126959] Hardware name: <redacted>\n[2570283.781408][T4126959] RIP: 0010:efx_ethtool_get_stats+0x2ca/0x330 [sfc]\n[2570283.796073][T4126959] Code: 00 85 c0 74 39 48 8b 95 a8 0f 00 00 48 85 d2 74 2d 31 c0 eb 07 48 8b 95 a8 0f 00 00 48 63 c8 49 83 c4 08 83 c0 01 48 8b 14 ca <48> 8b 92 f8 00 00 00 49 89 54 24 f8 39 85 a0 0f 00 00 77 d7 48 8b\n[2570283.831259][T4126959] RSP: 0018:ffffb79a77657ce8 EFLAGS: 00010202\n[2570283.845121][T4126959] RAX: 0000000000000019 RBX: ffffb799cd0c9280 RCX: 0000000000000018\n[2570283.860872][T4126959] RDX: 0000000000000000 RSI: ffff96dd970ce000 RDI: 0000000000000005\n[2570283.876525][T4126959] RBP: ffff96dd86f0a000 R08: ffff96dd970ce480 R09: 000000000000005f\n[2570283.892014][T4126959] R10: ffffb799cd0c9fff R11: ffffb799cd0c9000 R12: ffffb799cd0c94f8\n[2570283.907406][T4126959] R13: ffffffffc11b1090 R14: ffff96dd970ce000 R15: ffffffffc11cd66c\n[2570283.922705][T4126959] FS: 00007fa7723f8740(0000) GS:ffff96f51fac0000(0000) knlGS:0000000000000000\n[2570283.938848][T4126959] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[2570283.952524][T4126959] CR2: 00000000000000f8 CR3: 0000001a73e6e006 CR4: 00000000007706e0\n[2570283.967529][T4126959] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[2570283.982400][T4126959] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[2570283.997308][T4126959] PKRU: 55555554\n[2570284.007649][T4126959] Call Trace:\n[2570284.017598][T4126959] dev_ethtool+0x1832/0x2830\n\nFix this by adjusting efx->xdp_tx_queue_count after probing to reflect the true\nvalue of initialized slots in efx->xdp_tx_queues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "e26ca4b53582",
"version_value": "ebeac958b690"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.12",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/ebeac958b690123a0b40aa61f688f2f170035fad",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ebeac958b690123a0b40aa61f688f2f170035fad"
},
{
"url": "https://git.kernel.org/stable/c/99ba0ea616aabdc8e26259fd722503e012199a76",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/99ba0ea616aabdc8e26259fd722503e012199a76"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

114
2021/46xxx/CVE-2021-46948.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46948",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: farch: fix TX queue lookup in TX event handling\n\nWe're starting from a TXQ label, not a TXQ type, so\n efx_channel_get_tx_queue() is inappropriate (and could return NULL,\n leading to panics)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "12804793b17c",
"version_value": "bf2b941d0a6f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.10",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.10",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.36",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/bf2b941d0a6f2d3b9f5fa3c4c21bdd54f71ce253",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bf2b941d0a6f2d3b9f5fa3c4c21bdd54f71ce253"
},
{
"url": "https://git.kernel.org/stable/c/35c7a83ad1bb1d48ae249346e61b1132bcbf9052",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/35c7a83ad1bb1d48ae249346e61b1132bcbf9052"
},
{
"url": "https://git.kernel.org/stable/c/e531db1ea6f98c9612cb2de093a107c7eadfb96c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e531db1ea6f98c9612cb2de093a107c7eadfb96c"
},
{
"url": "https://git.kernel.org/stable/c/83b09a1807415608b387c7bc748d329fefc5617e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/83b09a1807415608b387c7bc748d329fefc5617e"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

114
2021/46xxx/CVE-2021-46949.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46949",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: farch: fix TX queue lookup in TX flush done handling\n\nWe're starting from a TXQ instance number ('qid'), not a TXQ type, so\n efx_get_tx_queue() is inappropriate (and could return NULL, leading\n to panics)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "12804793b17c",
"version_value": "fb791572d674"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.10",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.10",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.36",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/fb791572d6747ef385f628450f8d57cd132e6e5a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fb791572d6747ef385f628450f8d57cd132e6e5a"
},
{
"url": "https://git.kernel.org/stable/c/a1570985ec04116cc665b760faf666a104154170",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a1570985ec04116cc665b760faf666a104154170"
},
{
"url": "https://git.kernel.org/stable/c/98d91180748986bfb6dfb3e72765f3225719a647",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/98d91180748986bfb6dfb3e72765f3225719a647"
},
{
"url": "https://git.kernel.org/stable/c/5b1faa92289b53cad654123ed2bc8e10f6ddd4ac",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5b1faa92289b53cad654123ed2bc8e10f6ddd4ac"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

147
2021/46xxx/CVE-2021-46950.json
View File

@ -1,18 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46950",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid1: properly indicate failure when ending a failed write request\n\nThis patch addresses a data corruption bug in raid1 arrays using bitmaps.\nWithout this fix, the bitmap bits for the failed I/O end up being cleared.\n\nSince we are in the failure leg of raid1_end_write_request, the request\neither needs to be retried (R1BIO_WriteError) or failed (R1BIO_Degraded)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "900c531899f5",
"version_value": "12216d0919b6"
},
{
"version_affected": "<",
"version_name": "1cd972e0a107",
"version_value": "a6e17cab00fc"
},
{
"version_affected": "<",
"version_name": "eeba6809d8d5",
"version_value": "6920cef604fa"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.14.233",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.191",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.118",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.36",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/12216d0919b64ee2ea5dc7a50e455670f44383d5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/12216d0919b64ee2ea5dc7a50e455670f44383d5"
},
{
"url": "https://git.kernel.org/stable/c/a6e17cab00fc5bf85472434c52ac751426257c6f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a6e17cab00fc5bf85472434c52ac751426257c6f"
},
{
"url": "https://git.kernel.org/stable/c/6920cef604fa57f9409e3960413e9cc11f5c5a40",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6920cef604fa57f9409e3960413e9cc11f5c5a40"
},
{
"url": "https://git.kernel.org/stable/c/661061a45e32d8b2cc0e306da9f169ad44011382",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/661061a45e32d8b2cc0e306da9f169ad44011382"
},
{
"url": "https://git.kernel.org/stable/c/59452e551784b7a57a45d971727e9db63b192515",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/59452e551784b7a57a45d971727e9db63b192515"
},
{
"url": "https://git.kernel.org/stable/c/538244fba59fde17186322776247cd9c05be86dd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/538244fba59fde17186322776247cd9c05be86dd"
},
{
"url": "https://git.kernel.org/stable/c/2417b9869b81882ab90fd5ed1081a1cb2d4db1dd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2417b9869b81882ab90fd5ed1081a1cb2d4db1dd"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

125
2021/46xxx/CVE-2021-46951.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46951",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: efi: Use local variable for calculating final log size\n\nWhen tpm_read_log_efi is called multiple times, which happens when\none loads and unloads a TPM2 driver multiple times, then the global\nvariable efi_tpm_final_log_size will at some point become a negative\nnumber due to the subtraction of final_events_preboot_size occurring\neach time. Use a local variable to avoid this integer underflow.\n\nThe following issue is now resolved:\n\nMar 8 15:35:12 hibinst kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\nMar 8 15:35:12 hibinst kernel: Workqueue: tpm-vtpm vtpm_proxy_work [tpm_vtpm_proxy]\nMar 8 15:35:12 hibinst kernel: RIP: 0010:__memcpy+0x12/0x20\nMar 8 15:35:12 hibinst kernel: Code: 00 b8 01 00 00 00 85 d2 74 0a c7 05 44 7b ef 00 0f 00 00 00 c3 cc cc cc 66 66 90 66 90 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 f3 a4\nMar 8 15:35:12 hibinst kernel: RSP: 0018:ffff9ac4c0fcfde0 EFLAGS: 00010206\nMar 8 15:35:12 hibinst kernel: RAX: ffff88f878cefed5 RBX: ffff88f878ce9000 RCX: 1ffffffffffffe0f\nMar 8 15:35:12 hibinst kernel: RDX: 0000000000000003 RSI: ffff9ac4c003bff9 RDI: ffff88f878cf0e4d\nMar 8 15:35:12 hibinst kernel: RBP: ffff9ac4c003b000 R08: 0000000000001000 R09: 000000007e9d6073\nMar 8 15:35:12 hibinst kernel: R10: ffff9ac4c003b000 R11: ffff88f879ad3500 R12: 0000000000000ed5\nMar 8 15:35:12 hibinst kernel: R13: ffff88f878ce9760 R14: 0000000000000002 R15: ffff88f77de7f018\nMar 8 15:35:12 hibinst kernel: FS: 0000000000000000(0000) GS:ffff88f87bd00000(0000) knlGS:0000000000000000\nMar 8 15:35:12 hibinst kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nMar 8 15:35:12 hibinst kernel: CR2: ffff9ac4c003c000 CR3: 00000001785a6004 CR4: 0000000000060ee0\nMar 8 15:35:12 hibinst kernel: Call Trace:\nMar 8 15:35:12 hibinst kernel: tpm_read_log_efi+0x152/0x1a7\nMar 8 15:35:12 hibinst kernel: tpm_bios_log_setup+0xc8/0x1c0\nMar 8 15:35:12 hibinst kernel: tpm_chip_register+0x8f/0x260\nMar 8 15:35:12 hibinst kernel: vtpm_proxy_work+0x16/0x60 [tpm_vtpm_proxy]\nMar 8 15:35:12 hibinst kernel: process_one_work+0x1b4/0x370\nMar 8 15:35:12 hibinst kernel: worker_thread+0x53/0x3e0\nMar 8 15:35:12 hibinst kernel: ? process_one_work+0x370/0x370"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "166a2809d65b",
"version_value": "2f12258b5224"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.3",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.3",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.118",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.36",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/2f12258b5224cfaa808c54fd29345f3c1cbfca76",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2f12258b5224cfaa808c54fd29345f3c1cbfca76"
},
{
"url": "https://git.kernel.org/stable/c/60a01ecc9f68067e4314a0b55148e39e5d58a51b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/60a01ecc9f68067e4314a0b55148e39e5d58a51b"
},
{
"url": "https://git.kernel.org/stable/c/3818b753277f5ca0c170bf5b98e0a5a225542fcb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3818b753277f5ca0c170bf5b98e0a5a225542fcb"
},
{
"url": "https://git.kernel.org/stable/c/ac07c557ca12ec9276c0375517bac7ae5be4e50c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ac07c557ca12ec9276c0375517bac7ae5be4e50c"
},
{
"url": "https://git.kernel.org/stable/c/48cff270b037022e37835d93361646205ca25101",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/48cff270b037022e37835d93361646205ca25101"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

114
2021/46xxx/CVE-2021-46952.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46952",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: fs_context: validate UDP retrans to prevent shift out-of-bounds\n\nFix shift out-of-bounds in xprt_calc_majortimeo(). This is caused\nby a garbage timeout (retrans) mount option being passed to nfs mount,\nin this case from syzkaller.\n\nIf the protocol is XPRT_TRANSPORT_UDP, then 'retrans' is a shift\nvalue for a 64-bit long integer, so 'retrans' cannot be >= 64.\nIf it is >= 64, fail the mount and return an error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9954bf92c0cd",
"version_value": "96fa26b74cdc"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.6",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.36",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/96fa26b74cdcf9f5c98996bf36bec9fb5b19ffe2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/96fa26b74cdcf9f5c98996bf36bec9fb5b19ffe2"
},
{
"url": "https://git.kernel.org/stable/c/2f3380121d49e829fb73ba86240c181bc32ad897",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2f3380121d49e829fb73ba86240c181bc32ad897"
},
{
"url": "https://git.kernel.org/stable/c/3d0163821c035040a46d816a42c0780f0f0a30a8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3d0163821c035040a46d816a42c0780f0f0a30a8"
},
{
"url": "https://git.kernel.org/stable/c/c09f11ef35955785f92369e25819bf0629df2e59",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c09f11ef35955785f92369e25819bf0629df2e59"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

147
2021/46xxx/CVE-2021-46953.json
View File

@ -1,18 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46953",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure\n\nWhen failing the driver probe because of invalid firmware properties,\nthe GTDT driver unmaps the interrupt that it mapped earlier.\n\nHowever, it never checks whether the mapping of the interrupt actially\nsucceeded. Even more, should the firmware report an illegal interrupt\nnumber that overlaps with the GIC SGI range, this can result in an\nIPI being unmapped, and subsequent fireworks (as reported by Dann\nFrazier).\n\nRework the driver to have a slightly saner behaviour and actually\ncheck whether the interrupt has been mapped before unmapping things."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ca9ae5ec4ef0",
"version_value": "c3385a9122f8"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.12",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.233",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.191",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.118",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.36",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/c3385a9122f8db15b453e07bfc88117fce7f3724",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c3385a9122f8db15b453e07bfc88117fce7f3724"
},
{
"url": "https://git.kernel.org/stable/c/7b2162db1498c71962a4bb2f776fa4e76d4d305b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7b2162db1498c71962a4bb2f776fa4e76d4d305b"
},
{
"url": "https://git.kernel.org/stable/c/504632a3577a049dd9bb7aabae5b4476f9c586b4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/504632a3577a049dd9bb7aabae5b4476f9c586b4"
},
{
"url": "https://git.kernel.org/stable/c/e0f2d86481eaa83df33b0793f75212919db7a19d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e0f2d86481eaa83df33b0793f75212919db7a19d"
},
{
"url": "https://git.kernel.org/stable/c/42e69521ee1fa5abf21f478d147d06bbfe6bf6a8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/42e69521ee1fa5abf21f478d147d06bbfe6bf6a8"
},
{
"url": "https://git.kernel.org/stable/c/596e079c362ac17ed02aa1b99fdc444d62072a01",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/596e079c362ac17ed02aa1b99fdc444d62072a01"
},
{
"url": "https://git.kernel.org/stable/c/1ecd5b129252249b9bc03d7645a7bda512747277",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1ecd5b129252249b9bc03d7645a7bda512747277"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

103
2021/46xxx/CVE-2021-46954.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46954",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_frag: fix stack OOB read while fragmenting IPv4 packets\n\nwhen 'act_mirred' tries to fragment IPv4 packets that had been previously\nre-assembled using 'act_ct', splats like the following can be observed on\nkernels built with KASAN:\n\n BUG: KASAN: stack-out-of-bounds in ip_do_fragment+0x1b03/0x1f60\n Read of size 1 at addr ffff888147009574 by task ping/947\n\n CPU: 0 PID: 947 Comm: ping Not tainted 5.12.0-rc6+ #418\n Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014\n Call Trace:\n <IRQ>\n dump_stack+0x92/0xc1\n print_address_description.constprop.7+0x1a/0x150\n kasan_report.cold.13+0x7f/0x111\n ip_do_fragment+0x1b03/0x1f60\n sch_fragment+0x4bf/0xe40\n tcf_mirred_act+0xc3d/0x11a0 [act_mirred]\n tcf_action_exec+0x104/0x3e0\n fl_classify+0x49a/0x5e0 [cls_flower]\n tcf_classify_ingress+0x18a/0x820\n __netif_receive_skb_core+0xae7/0x3340\n __netif_receive_skb_one_core+0xb6/0x1b0\n process_backlog+0x1ef/0x6c0\n __napi_poll+0xaa/0x500\n net_rx_action+0x702/0xac0\n __do_softirq+0x1e4/0x97f\n do_softirq+0x71/0x90\n </IRQ>\n __local_bh_enable_ip+0xdb/0xf0\n ip_finish_output2+0x760/0x2120\n ip_do_fragment+0x15a5/0x1f60\n __ip_finish_output+0x4c2/0xea0\n ip_output+0x1ca/0x4d0\n ip_send_skb+0x37/0xa0\n raw_sendmsg+0x1c4b/0x2d00\n sock_sendmsg+0xdb/0x110\n __sys_sendto+0x1d7/0x2b0\n __x64_sys_sendto+0xdd/0x1b0\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7f82e13853eb\n Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 48 8d 05 75 42 2c 00 41 89 ca 8b 00 85 c0 75 14 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 75 c3 0f 1f 40 00 41 57 4d 89 c7 41 56 41 89\n RSP: 002b:00007ffe01fad888 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\n RAX: ffffffffffffffda RBX: 00005571aac13700 RCX: 00007f82e13853eb\n RDX: 0000000000002330 RSI: 00005571aac13700 RDI: 0000000000000003\n RBP: 0000000000002330 R08: 00005571aac10500 R09: 0000000000000010\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe01faefb0\n R13: 00007ffe01fad890 R14: 00007ffe01fad980 R15: 00005571aac0f0a0\n\n The buggy address belongs to the page:\n page:000000001dff2e03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x147009\n flags: 0x17ffffc0001000(reserved)\n raw: 0017ffffc0001000 ffffea00051c0248 ffffea00051c0248 0000000000000000\n raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff888147009400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff888147009480: f1 f1 f1 f1 04 f2 f2 f2 f2 f2 f2 f2 00 00 00 00\n >ffff888147009500: 00 00 00 00 00 00 00 00 00 00 f2 f2 f2 f2 f2 f2\n ^\n ffff888147009580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff888147009600: 00 00 00 00 00 00 00 00 00 00 00 00 00 f2 f2 f2\n\nfor IPv4 packets, sch_fragment() uses a temporary struct dst_entry. Then,\nin the following call graph:\n\n ip_do_fragment()\n ip_skb_dst_mtu()\n ip_dst_mtu_maybe_forward()\n ip_mtu_locked()\n\nthe pointer to struct dst_entry is used as pointer to struct rtable: this\nturns the access to struct members like rt_mtu_locked into an OOB read in\nthe stack. Fix this changing the temporary variable used for IPv4 packets\nin sch_fragment(), similarly to what is done for IPv6 few lines below."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "c129412f74e9",
"version_value": "018bb8da5b58"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.11",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.11",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/018bb8da5b5888e19585f9b802f036afe643fcef",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/018bb8da5b5888e19585f9b802f036afe643fcef"
},
{
"url": "https://git.kernel.org/stable/c/8e6dfb7beeb6489ac1365b8a71052e737f5da76e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8e6dfb7beeb6489ac1365b8a71052e737f5da76e"
},
{
"url": "https://git.kernel.org/stable/c/31fe34a0118e0acc958c802e830ad5d37ef6b1d3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/31fe34a0118e0acc958c802e830ad5d37ef6b1d3"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

174
2021/46xxx/CVE-2021-46955.json
View File

@ -1,18 +1,184 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46955",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix stack OOB read while fragmenting IPv4 packets\n\nrunning openvswitch on kernels built with KASAN, it's possible to see the\nfollowing splat while testing fragmentation of IPv4 packets:\n\n BUG: KASAN: stack-out-of-bounds in ip_do_fragment+0x1b03/0x1f60\n Read of size 1 at addr ffff888112fc713c by task handler2/1367\n\n CPU: 0 PID: 1367 Comm: handler2 Not tainted 5.12.0-rc6+ #418\n Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014\n Call Trace:\n dump_stack+0x92/0xc1\n print_address_description.constprop.7+0x1a/0x150\n kasan_report.cold.13+0x7f/0x111\n ip_do_fragment+0x1b03/0x1f60\n ovs_fragment+0x5bf/0x840 [openvswitch]\n do_execute_actions+0x1bd5/0x2400 [openvswitch]\n ovs_execute_actions+0xc8/0x3d0 [openvswitch]\n ovs_packet_cmd_execute+0xa39/0x1150 [openvswitch]\n genl_family_rcv_msg_doit.isra.15+0x227/0x2d0\n genl_rcv_msg+0x287/0x490\n netlink_rcv_skb+0x120/0x380\n genl_rcv+0x24/0x40\n netlink_unicast+0x439/0x630\n netlink_sendmsg+0x719/0xbf0\n sock_sendmsg+0xe2/0x110\n ____sys_sendmsg+0x5ba/0x890\n ___sys_sendmsg+0xe9/0x160\n __sys_sendmsg+0xd3/0x170\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7f957079db07\n Code: c3 66 90 41 54 41 89 d4 55 48 89 f5 53 89 fb 48 83 ec 10 e8 eb ec ff ff 44 89 e2 48 89 ee 89 df 41 89 c0 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 48 89 44 24 08 e8 24 ed ff ff 48\n RSP: 002b:00007f956ce35a50 EFLAGS: 00000293 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 0000000000000019 RCX: 00007f957079db07\n RDX: 0000000000000000 RSI: 00007f956ce35ae0 RDI: 0000000000000019\n RBP: 00007f956ce35ae0 R08: 0000000000000000 R09: 00007f9558006730\n R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000\n R13: 00007f956ce37308 R14: 00007f956ce35f80 R15: 00007f956ce35ae0\n\n The buggy address belongs to the page:\n page:00000000af2a1d93 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112fc7\n flags: 0x17ffffc0000000()\n raw: 0017ffffc0000000 0000000000000000 dead000000000122 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n addr ffff888112fc713c is located in stack of task handler2/1367 at offset 180 in frame:\n ovs_fragment+0x0/0x840 [openvswitch]\n\n this frame has 2 objects:\n [32, 144) 'ovs_dst'\n [192, 424) 'ovs_rt'\n\n Memory state around the buggy address:\n ffff888112fc7000: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff888112fc7080: 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 00\n >ffff888112fc7100: 00 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00\n ^\n ffff888112fc7180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff888112fc7200: 00 00 00 00 00 00 f2 f2 f2 00 00 00 00 00 00 00\n\nfor IPv4 packets, ovs_fragment() uses a temporary struct dst_entry. Then,\nin the following call graph:\n\n ip_do_fragment()\n ip_skb_dst_mtu()\n ip_dst_mtu_maybe_forward()\n ip_mtu_locked()\n\nthe pointer to struct dst_entry is used as pointer to struct rtable: this\nturns the access to struct members like rt_mtu_locked into an OOB read in\nthe stack. Fix this changing the temporary variable used for IPv4 packets\nin ovs_fragment(), similarly to what is done for IPv6 few lines below."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "119bbaa6795a",
"version_value": "b1d7280f9ba1"
},
{
"version_affected": "<",
"version_name": "d543907a4730",
"version_value": "23e17ec1a5eb"
},
{
"version_affected": "<",
"version_name": "8387fbac8e18",
"version_value": "5a52fa8ad45b"
},
{
"version_affected": "<",
"version_name": "d52e5a7e7ca4",
"version_value": "df9e900de246"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.4.269",
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.9.269",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.233",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.191",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.118",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.36",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b1d7280f9ba1bfdbc3af5bdb82e51f014854f26f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b1d7280f9ba1bfdbc3af5bdb82e51f014854f26f"
},
{
"url": "https://git.kernel.org/stable/c/23e17ec1a5eb53fe39cc34fa5592686d5acd0dac",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/23e17ec1a5eb53fe39cc34fa5592686d5acd0dac"
},
{
"url": "https://git.kernel.org/stable/c/5a52fa8ad45b5a593ed416adf326538638454ff1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5a52fa8ad45b5a593ed416adf326538638454ff1"
},
{
"url": "https://git.kernel.org/stable/c/df9e900de24637be41879e2c50afb713ec4e8b2e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/df9e900de24637be41879e2c50afb713ec4e8b2e"
},
{
"url": "https://git.kernel.org/stable/c/490ad0a2390442d0a7b8c00972a83dbb09cab142",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/490ad0a2390442d0a7b8c00972a83dbb09cab142"
},
{
"url": "https://git.kernel.org/stable/c/a1478374b0bda89b4277a8afd39208271faad4be",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a1478374b0bda89b4277a8afd39208271faad4be"
},
{
"url": "https://git.kernel.org/stable/c/d841d3cf5297fde4ce6a41ff35451d0e82917f3e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d841d3cf5297fde4ce6a41ff35451d0e82917f3e"
},
{
"url": "https://git.kernel.org/stable/c/b3502b04e84ac5349be95fc033c17bd701d2787a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b3502b04e84ac5349be95fc033c17bd701d2787a"
},
{
"url": "https://git.kernel.org/stable/c/7c0ea5930c1c211931819d83cfb157bff1539a4c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7c0ea5930c1c211931819d83cfb157bff1539a4c"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

125
2021/46xxx/CVE-2021-46956.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46956",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtiofs: fix memory leak in virtio_fs_probe()\n\nWhen accidentally passing twice the same tag to qemu, kmemleak ended up\nreporting a memory leak in virtiofs. Also, looking at the log I saw the\nfollowing error (that's when I realised the duplicated tag):\n\n virtiofs: probe of virtio5 failed with error -17\n\nHere's the kmemleak log for reference:\n\nunreferenced object 0xffff888103d47800 (size 1024):\n comm \"systemd-udevd\", pid 118, jiffies 4294893780 (age 18.340s)\n hex dump (first 32 bytes):\n 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\n ff ff ff ff ff ff ff ff 80 90 02 a0 ff ff ff ff ................\n backtrace:\n [<000000000ebb87c1>] virtio_fs_probe+0x171/0x7ae [virtiofs]\n [<00000000f8aca419>] virtio_dev_probe+0x15f/0x210\n [<000000004d6baf3c>] really_probe+0xea/0x430\n [<00000000a6ceeac8>] device_driver_attach+0xa8/0xb0\n [<00000000196f47a7>] __driver_attach+0x98/0x140\n [<000000000b20601d>] bus_for_each_dev+0x7b/0xc0\n [<00000000399c7b7f>] bus_add_driver+0x11b/0x1f0\n [<0000000032b09ba7>] driver_register+0x8f/0xe0\n [<00000000cdd55998>] 0xffffffffa002c013\n [<000000000ea196a2>] do_one_initcall+0x64/0x2e0\n [<0000000008f727ce>] do_init_module+0x5c/0x260\n [<000000003cdedab6>] __do_sys_finit_module+0xb5/0x120\n [<00000000ad2f48c6>] do_syscall_64+0x33/0x40\n [<00000000809526b5>] entry_SYSCALL_64_after_hwframe+0x44/0xae"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "a62a8ef9d97d",
"version_value": "310efc95c72c"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.4",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.4",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.118",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.36",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/310efc95c72c13faf855c692d19cd4d054d827c8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/310efc95c72c13faf855c692d19cd4d054d827c8"
},
{
"url": "https://git.kernel.org/stable/c/d19555ff225d0896a33246a49279e6d578095f15",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d19555ff225d0896a33246a49279e6d578095f15"
},
{
"url": "https://git.kernel.org/stable/c/9b9d60c0eb8ada99cce2a9ab5c15dffc523b01ae",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9b9d60c0eb8ada99cce2a9ab5c15dffc523b01ae"
},
{
"url": "https://git.kernel.org/stable/c/5116e79fc6e6725b8acdad8b7e928a83ab7b47e6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5116e79fc6e6725b8acdad8b7e928a83ab7b47e6"
},
{
"url": "https://git.kernel.org/stable/c/c79c5e0178922a9e092ec8fed026750f39dcaef4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c79c5e0178922a9e092ec8fed026750f39dcaef4"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

92
2021/46xxx/CVE-2021-46957.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46957",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe\n\nThe execution of sys_read end up hitting a BUG_ON() in __find_get_block\nafter installing kprobe at sys_read, the BUG message like the following:\n\n[ 65.708663] ------------[ cut here ]------------\n[ 65.709987] kernel BUG at fs/buffer.c:1251!\n[ 65.711283] Kernel BUG [#1]\n[ 65.712032] Modules linked in:\n[ 65.712925] CPU: 0 PID: 51 Comm: sh Not tainted 5.12.0-rc4 #1\n[ 65.714407] Hardware name: riscv-virtio,qemu (DT)\n[ 65.715696] epc : __find_get_block+0x218/0x2c8\n[ 65.716835] ra : __getblk_gfp+0x1c/0x4a\n[ 65.717831] epc : ffffffe00019f11e ra : ffffffe00019f56a sp : ffffffe002437930\n[ 65.719553] gp : ffffffe000f06030 tp : ffffffe0015abc00 t0 : ffffffe00191e038\n[ 65.721290] t1 : ffffffe00191e038 t2 : 000000000000000a s0 : ffffffe002437960\n[ 65.723051] s1 : ffffffe00160ad00 a0 : ffffffe00160ad00 a1 : 000000000000012a\n[ 65.724772] a2 : 0000000000000400 a3 : 0000000000000008 a4 : 0000000000000040\n[ 65.726545] a5 : 0000000000000000 a6 : ffffffe00191e000 a7 : 0000000000000000\n[ 65.728308] s2 : 000000000000012a s3 : 0000000000000400 s4 : 0000000000000008\n[ 65.730049] s5 : 000000000000006c s6 : ffffffe00240f800 s7 : ffffffe000f080a8\n[ 65.731802] s8 : 0000000000000001 s9 : 000000000000012a s10: 0000000000000008\n[ 65.733516] s11: 0000000000000008 t3 : 00000000000003ff t4 : 000000000000000f\n[ 65.734434] t5 : 00000000000003ff t6 : 0000000000040000\n[ 65.734613] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003\n[ 65.734901] Call Trace:\n[ 65.735076] [<ffffffe00019f11e>] __find_get_block+0x218/0x2c8\n[ 65.735417] [<ffffffe00020017a>] __ext4_get_inode_loc+0xb2/0x2f6\n[ 65.735618] [<ffffffe000201b6c>] ext4_get_inode_loc+0x3a/0x8a\n[ 65.735802] [<ffffffe000203380>] ext4_reserve_inode_write+0x2e/0x8c\n[ 65.735999] [<ffffffe00020357a>] __ext4_mark_inode_dirty+0x4c/0x18e\n[ 65.736208] [<ffffffe000206bb0>] ext4_dirty_inode+0x46/0x66\n[ 65.736387] [<ffffffe000192914>] __mark_inode_dirty+0x12c/0x3da\n[ 65.736576] [<ffffffe000180dd2>] touch_atime+0x146/0x150\n[ 65.736748] [<ffffffe00010d762>] filemap_read+0x234/0x246\n[ 65.736920] [<ffffffe00010d834>] generic_file_read_iter+0xc0/0x114\n[ 65.737114] [<ffffffe0001f5d7a>] ext4_file_read_iter+0x42/0xea\n[ 65.737310] [<ffffffe000163f2c>] new_sync_read+0xe2/0x15a\n[ 65.737483] [<ffffffe000165814>] vfs_read+0xca/0xf2\n[ 65.737641] [<ffffffe000165bae>] ksys_read+0x5e/0xc8\n[ 65.737816] [<ffffffe000165c26>] sys_read+0xe/0x16\n[ 65.737973] [<ffffffe000003972>] ret_from_syscall+0x0/0x2\n[ 65.738858] ---[ end trace fe93f985456c935d ]---\n\nA simple reproducer looks like:\n\techo 'p:myprobe sys_read fd=%a0 buf=%a1 count=%a2' > /sys/kernel/debug/tracing/kprobe_events\n\techo 1 > /sys/kernel/debug/tracing/events/kprobes/myprobe/enable\n\tcat /sys/kernel/debug/tracing/trace\n\nHere's what happens to hit that BUG_ON():\n\n1) After installing kprobe at entry of sys_read, the first instruction\n is replaced by 'ebreak' instruction on riscv64 platform.\n\n2) Once kernel reach the 'ebreak' instruction at the entry of sys_read,\n it trap into the riscv breakpoint handler, where it do something to\n setup for coming single-step of origin instruction, including backup\n the 'sstatus' in pt_regs, followed by disable interrupt during single\n stepping via clear 'SIE' bit of 'sstatus' in pt_regs.\n\n3) Then kernel restore to the instruction slot contains two instructions,\n one is original instruction at entry of sys_read, the other is 'ebreak'.\n Here it trigger a 'Instruction page fault' exception (value at 'scause'\n is '0xc'), if PF is not filled into PageTabe for that slot yet.\n\n4) Again kernel trap into page fault exception handler, where it choose\n different policy according to the state of running kprobe. Because\n afte 2) the state is KPROBE_HIT_SS, so kernel reset the current kp\n---truncated---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "c22b0bcb1dd02",
"version_value": "fd0f06590d35"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.12",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/fd0f06590d35c99f98d12c7984897ec4201a6263",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fd0f06590d35c99f98d12c7984897ec4201a6263"
},
{
"url": "https://git.kernel.org/stable/c/b1ebaa0e1318494a7637099a26add50509e37964",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b1ebaa0e1318494a7637099a26add50509e37964"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

114
2021/46xxx/CVE-2021-46958.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46958",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between transaction aborts and fsyncs leading to use-after-free\n\nThere is a race between a task aborting a transaction during a commit,\na task doing an fsync and the transaction kthread, which leads to an\nuse-after-free of the log root tree. When this happens, it results in a\nstack trace like the following:\n\n BTRFS info (device dm-0): forced readonly\n BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure\n BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5)\n BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10\n BTRFS error (device dm-0): error writing primary super block to device 1\n BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10\n BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10\n BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10\n BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers)\n BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure\n general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\n CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n RIP: 0010:__mutex_lock+0x139/0xa40\n Code: c0 74 19 (...)\n RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202\n RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002\n RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000\n R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040\n R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358\n FS: 00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n ? __btrfs_handle_fs_error+0xde/0x146 [btrfs]\n ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n btrfs_sync_log+0x7c1/0xf20 [btrfs]\n btrfs_sync_file+0x40c/0x580 [btrfs]\n do_fsync+0x38/0x70\n __x64_sys_fsync+0x10/0x20\n do_syscall_64+0x33/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7fa9142a55c3\n Code: 8b 15 09 (...)\n RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a\n RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3\n RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005\n RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340\n R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0\n Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...)\n ---[ end trace ee2f1b19327d791d ]---\n\nThe steps that lead to this crash are the following:\n\n1) We are at transaction N;\n\n2) We have two tasks with a transaction handle attached to transaction N.\n Task A and Task B. Task B is doing an fsync;\n\n3) Task B is at btrfs_sync_log(), and has saved fs_info->log_root_tree\n into a local variable named 'log_root_tree' at the top of\n btrfs_sync_log(). Task B is about to call write_all_supers(), but\n before that...\n\n4) Task A calls btrfs_commit_transaction(), and after it sets the\n transaction state to TRANS_STATE_COMMIT_START, an error happens before\n it w\n---truncated---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ef67963dac255b",
"version_value": "a4794be7b00b"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.7",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.36",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6"
},
{
"url": "https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c"
},
{
"url": "https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338"
},
{
"url": "https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

147
2021/46xxx/CVE-2021-46960.json
View File

@ -1,18 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46960",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Return correct error code from smb2_get_enc_key\n\nAvoid a warning if the error percolates back up:\n\n[440700.376476] CIFS VFS: \\\\otters.example.com crypt_message: Could not get encryption key\n[440700.386947] ------------[ cut here ]------------\n[440700.386948] err = 1\n[440700.386977] WARNING: CPU: 11 PID: 2733 at /build/linux-hwe-5.4-p6lk6L/linux-hwe-5.4-5.4.0/lib/errseq.c:74 errseq_set+0x5c/0x70\n...\n[440700.397304] CPU: 11 PID: 2733 Comm: tar Tainted: G OE 5.4.0-70-generic #78~18.04.1-Ubuntu\n...\n[440700.397334] Call Trace:\n[440700.397346] __filemap_set_wb_err+0x1a/0x70\n[440700.397419] cifs_writepages+0x9c7/0xb30 [cifs]\n[440700.397426] do_writepages+0x4b/0xe0\n[440700.397444] __filemap_fdatawrite_range+0xcb/0x100\n[440700.397455] filemap_write_and_wait+0x42/0xa0\n[440700.397486] cifs_setattr+0x68b/0xf30 [cifs]\n[440700.397493] notify_change+0x358/0x4a0\n[440700.397500] utimes_common+0xe9/0x1c0\n[440700.397510] do_utimes+0xc5/0x150\n[440700.397520] __x64_sys_utimensat+0x88/0xd0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "61cfac6f267d",
"version_value": "e94851629c49"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.11",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.11",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.233",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.191",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.118",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.36",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e94851629c49c65b4fbb29a5725ddfd7988f8f20",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e94851629c49c65b4fbb29a5725ddfd7988f8f20"
},
{
"url": "https://git.kernel.org/stable/c/e486f8397f3f14a7cadc166138141fdb14379a54",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e486f8397f3f14a7cadc166138141fdb14379a54"
},
{
"url": "https://git.kernel.org/stable/c/93f3339b22ba17e66f0808737467b70ba087eaec",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/93f3339b22ba17e66f0808737467b70ba087eaec"
},
{
"url": "https://git.kernel.org/stable/c/aaa0faa5c28a91c362352d6b35dc3ed10df56fb0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/aaa0faa5c28a91c362352d6b35dc3ed10df56fb0"
},
{
"url": "https://git.kernel.org/stable/c/f59a9242942fef0de7b926e438ba4eae65d4b4dd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f59a9242942fef0de7b926e438ba4eae65d4b4dd"
},
{
"url": "https://git.kernel.org/stable/c/b399c1a3ea0b9d10047ff266d65533df7f15532f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b399c1a3ea0b9d10047ff266d65533df7f15532f"
},
{
"url": "https://git.kernel.org/stable/c/83728cbf366e334301091d5b808add468ab46b27",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/83728cbf366e334301091d5b808add468ab46b27"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

125
2021/46xxx/CVE-2021-46961.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46961",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v3: Do not enable irqs when handling spurious interrups\n\nWe triggered the following error while running our 4.19 kernel\nwith the pseudo-NMI patches backported to it:\n\n[ 14.816231] ------------[ cut here ]------------\n[ 14.816231] kernel BUG at irq.c:99!\n[ 14.816232] Internal error: Oops - BUG: 0 [#1] SMP\n[ 14.816232] Process swapper/0 (pid: 0, stack limit = 0x(____ptrval____))\n[ 14.816233] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G O 4.19.95.aarch64 #14\n[ 14.816233] Hardware name: evb (DT)\n[ 14.816234] pstate: 80400085 (Nzcv daIf +PAN -UAO)\n[ 14.816234] pc : asm_nmi_enter+0x94/0x98\n[ 14.816235] lr : asm_nmi_enter+0x18/0x98\n[ 14.816235] sp : ffff000008003c50\n[ 14.816235] pmr_save: 00000070\n[ 14.816237] x29: ffff000008003c50 x28: ffff0000095f56c0\n[ 14.816238] x27: 0000000000000000 x26: ffff000008004000\n[ 14.816239] x25: 00000000015e0000 x24: ffff8008fb916000\n[ 14.816240] x23: 0000000020400005 x22: ffff0000080817cc\n[ 14.816241] x21: ffff000008003da0 x20: 0000000000000060\n[ 14.816242] x19: 00000000000003ff x18: ffffffffffffffff\n[ 14.816243] x17: 0000000000000008 x16: 003d090000000000\n[ 14.816244] x15: ffff0000095ea6c8 x14: ffff8008fff5ab40\n[ 14.816244] x13: ffff8008fff58b9d x12: 0000000000000000\n[ 14.816245] x11: ffff000008c8a200 x10: 000000008e31fca5\n[ 14.816246] x9 : ffff000008c8a208 x8 : 000000000000000f\n[ 14.816247] x7 : 0000000000000004 x6 : ffff8008fff58b9e\n[ 14.816248] x5 : 0000000000000000 x4 : 0000000080000000\n[ 14.816249] x3 : 0000000000000000 x2 : 0000000080000000\n[ 14.816250] x1 : 0000000000120000 x0 : ffff0000095f56c0\n[ 14.816251] Call trace:\n[ 14.816251] asm_nmi_enter+0x94/0x98\n[ 14.816251] el1_irq+0x8c/0x180 (IRQ C)\n[ 14.816252] gic_handle_irq+0xbc/0x2e4\n[ 14.816252] el1_irq+0xcc/0x180 (IRQ B)\n[ 14.816253] arch_timer_handler_virt+0x38/0x58\n[ 14.816253] handle_percpu_devid_irq+0x90/0x240\n[ 14.816253] generic_handle_irq+0x34/0x50\n[ 14.816254] __handle_domain_irq+0x68/0xc0\n[ 14.816254] gic_handle_irq+0xf8/0x2e4\n[ 14.816255] el1_irq+0xcc/0x180 (IRQ A)\n[ 14.816255] arch_cpu_idle+0x34/0x1c8\n[ 14.816255] default_idle_call+0x24/0x44\n[ 14.816256] do_idle+0x1d0/0x2c8\n[ 14.816256] cpu_startup_entry+0x28/0x30\n[ 14.816256] rest_init+0xb8/0xc8\n[ 14.816257] start_kernel+0x4c8/0x4f4\n[ 14.816257] Code: 940587f1 d5384100 b9401001 36a7fd01 (d4210000)\n[ 14.816258] Modules linked in: start_dp(O) smeth(O)\n[ 15.103092] ---[ end trace 701753956cb14aa8 ]---\n[ 15.103093] Kernel panic - not syncing: Fatal exception in interrupt\n[ 15.103099] SMP: stopping secondary CPUs\n[ 15.103100] Kernel Offset: disabled\n[ 15.103100] CPU features: 0x36,a2400218\n[ 15.103100] Memory Limit: none\n\nwhich is cause by a 'BUG_ON(in_nmi())' in nmi_enter().\n\nFrom the call trace, we can find three interrupts (noted A, B, C above):\ninterrupt (A) is preempted by (B), which is further interrupted by (C).\n\nSubsequent investigations show that (B) results in nmi_enter() being\ncalled, but that it actually is a spurious interrupt. Furthermore,\ninterrupts are reenabled in the context of (B), and (C) fires with\nNMI priority. We end-up with a nested NMI situation, something\nwe definitely do not want to (and cannot) handle.\n\nThe bug here is that spurious interrupts should never result in any\nstate change, and we should just return to the interrupted context.\nMoving the handling of spurious interrupts as early as possible in\nthe GICv3 handler fixes this issue.\n\n[maz: rewrote commit message, corrected Fixes: tag]"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "rewrote",
"version_value": "e7ea8e46e3b7"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.1",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.1",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.118",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.36",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e7ea8e46e3b777be26aa855fe07778c415f24926",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e7ea8e46e3b777be26aa855fe07778c415f24926"
},
{
"url": "https://git.kernel.org/stable/c/7be4db5c2b59fa77071c93ca4329876fb9777202",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7be4db5c2b59fa77071c93ca4329876fb9777202"
},
{
"url": "https://git.kernel.org/stable/c/ea817ac1014c04f47885532b55f5d0898deadfba",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ea817ac1014c04f47885532b55f5d0898deadfba"
},
{
"url": "https://git.kernel.org/stable/c/3f72d3709f53af72835af7dc8b15ba61611a0e36",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3f72d3709f53af72835af7dc8b15ba61611a0e36"
},
{
"url": "https://git.kernel.org/stable/c/a97709f563a078e259bf0861cd259aa60332890a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a97709f563a078e259bf0861cd259aa60332890a"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

125
2021/46xxx/CVE-2021-46962.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46962",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: uniphier-sd: Fix a resource leak in the remove function\n\nA 'tmio_mmc_host_free()' call is missing in the remove function, in order\nto balance a 'tmio_mmc_host_alloc()' call in the probe.\nThis is done in the error handling path of the probe, but not in the remove\nfunction.\n\nAdd the missing call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3fd784f745dd",
"version_value": "0d8941b9b2d3"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.20",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.20",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.118",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.36",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0d8941b9b2d3e7b3481fdf43b1a6189d162175b7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0d8941b9b2d3e7b3481fdf43b1a6189d162175b7"
},
{
"url": "https://git.kernel.org/stable/c/25ac6ce65f1ab458982d15ec1caf441acd37106a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/25ac6ce65f1ab458982d15ec1caf441acd37106a"
},
{
"url": "https://git.kernel.org/stable/c/ebe0f12cf4c044f812c6d17011531582f9ac8bb3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ebe0f12cf4c044f812c6d17011531582f9ac8bb3"
},
{
"url": "https://git.kernel.org/stable/c/d6e7fda496978f2763413b5523557b38dc2bf6c2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d6e7fda496978f2763413b5523557b38dc2bf6c2"
},
{
"url": "https://git.kernel.org/stable/c/e29c84857e2d51aa017ce04284b962742fb97d9e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e29c84857e2d51aa017ce04284b962742fb97d9e"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

136
2021/46xxx/CVE-2021-46963.json
View File

@ -1,18 +1,146 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46963",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()\n\n RIP: 0010:kmem_cache_free+0xfa/0x1b0\n Call Trace:\n qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx]\n scsi_queue_rq+0x5e2/0xa40\n __blk_mq_try_issue_directly+0x128/0x1d0\n blk_mq_request_issue_directly+0x4e/0xb0\n\nFix incorrect call to free srb in qla2xxx_mqueuecommand(), as srb is now\nallocated by upper layers. This fixes smatch warning of srb unintended\nfree."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "64a8c5018a4b",
"version_value": "c5ab9b67d8b0"
},
{
"version_affected": "<",
"version_name": "dea6ee717303",
"version_value": "77509a238547"
},
{
"version_affected": "<",
"version_name": "af2a0c51b120",
"version_value": "702cdaa2c628"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.19.191",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.118",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.36",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/c5ab9b67d8b061de74e2ca51bf787ee599bd7f89",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c5ab9b67d8b061de74e2ca51bf787ee599bd7f89"
},
{
"url": "https://git.kernel.org/stable/c/77509a238547863040a42d57c72403f7d4c89a8f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/77509a238547863040a42d57c72403f7d4c89a8f"
},
{
"url": "https://git.kernel.org/stable/c/702cdaa2c6283c135ef16d52e0e4e3c1005aa538",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/702cdaa2c6283c135ef16d52e0e4e3c1005aa538"
},
{
"url": "https://git.kernel.org/stable/c/80ef24175df2cba3860d0369d1c662b49ee2de56",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/80ef24175df2cba3860d0369d1c662b49ee2de56"
},
{
"url": "https://git.kernel.org/stable/c/a73208e3244127ef9f2cdf24e4adb947aaa32053",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a73208e3244127ef9f2cdf24e4adb947aaa32053"
},
{
"url": "https://git.kernel.org/stable/c/6641df81ab799f28a5d564f860233dd26cca0d93",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6641df81ab799f28a5d564f860233dd26cca0d93"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

103
2021/46xxx/CVE-2021-46964.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46964",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Reserve extra IRQ vectors\n\nCommit a6dcfe08487e (\"scsi: qla2xxx: Limit interrupt vectors to number of\nCPUs\") lowers the number of allocated MSI-X vectors to the number of CPUs.\n\nThat breaks vector allocation assumptions in qla83xx_iospace_config(),\nqla24xx_enable_msix() and qla2x00_iospace_config(). Either of the functions\ncomputes maximum number of qpairs as:\n\n ha->max_qpairs = ha->msix_count - 1 (MB interrupt) - 1 (default\n response queue) - 1 (ATIO, in dual or pure target mode)\n\nmax_qpairs is set to zero in case of two CPUs and initiator mode. The\nnumber is then used to allocate ha->queue_pair_map inside\nqla2x00_alloc_queues(). No allocation happens and ha->queue_pair_map is\nleft NULL but the driver thinks there are queue pairs available.\n\nqla2xxx_queuecommand() tries to find a qpair in the map and crashes:\n\n if (ha->mqenable) {\n uint32_t tag;\n uint16_t hwq;\n struct qla_qpair *qpair = NULL;\n\n tag = blk_mq_unique_tag(cmd->request);\n hwq = blk_mq_unique_tag_to_hwq(tag);\n qpair = ha->queue_pair_map[hwq]; # <- HERE\n\n if (qpair)\n return qla2xxx_mqueuecommand(host, cmd, qpair);\n }\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP PTI\n CPU: 0 PID: 72 Comm: kworker/u4:3 Tainted: G W 5.10.0-rc1+ #25\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014\n Workqueue: scsi_wq_7 fc_scsi_scan_rport [scsi_transport_fc]\n RIP: 0010:qla2xxx_queuecommand+0x16b/0x3f0 [qla2xxx]\n Call Trace:\n scsi_queue_rq+0x58c/0xa60\n blk_mq_dispatch_rq_list+0x2b7/0x6f0\n ? __sbitmap_get_word+0x2a/0x80\n __blk_mq_sched_dispatch_requests+0xb8/0x170\n blk_mq_sched_dispatch_requests+0x2b/0x50\n __blk_mq_run_hw_queue+0x49/0xb0\n __blk_mq_delay_run_hw_queue+0xfb/0x150\n blk_mq_sched_insert_request+0xbe/0x110\n blk_execute_rq+0x45/0x70\n __scsi_execute+0x10e/0x250\n scsi_probe_and_add_lun+0x228/0xda0\n __scsi_scan_target+0xf4/0x620\n ? __pm_runtime_resume+0x4f/0x70\n scsi_scan_target+0x100/0x110\n fc_scsi_scan_rport+0xa1/0xb0 [scsi_transport_fc]\n process_one_work+0x1ea/0x3b0\n worker_thread+0x28/0x3b0\n ? process_one_work+0x3b0/0x3b0\n kthread+0x112/0x130\n ? kthread_park+0x80/0x80\n ret_from_fork+0x22/0x30\n\nThe driver should allocate enough vectors to provide every CPU it's own HW\nqueue and still handle reserved (MB, RSP, ATIO) interrupts.\n\nThe change fixes the crash on dual core VM and prevents unbalanced QP\nallocation where nr_hw_queues is two less than the number of CPUs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "a6dcfe08487e",
"version_value": "4ecd42dec858"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.11",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.11",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/4ecd42dec858b6632c5f024fe13e9ad6c30f2734",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4ecd42dec858b6632c5f024fe13e9ad6c30f2734"
},
{
"url": "https://git.kernel.org/stable/c/0f86d66b38501e3ac66cf2d9f9f8ad6838bad0e6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0f86d66b38501e3ac66cf2d9f9f8ad6838bad0e6"
},
{
"url": "https://git.kernel.org/stable/c/f02d4086a8f36a0e1aaebf559b54cf24a177a486",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f02d4086a8f36a0e1aaebf559b54cf24a177a486"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

114
2021/46xxx/CVE-2021-46965.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46965",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: physmap: physmap-bt1-rom: Fix unintentional stack access\n\nCast &data to (char *) in order to avoid unintentionally accessing\nthe stack.\n\nNotice that data is of type u32, so any increment to &data\nwill be in the order of 4-byte chunks, and this piece of code\nis actually intended to be a byte offset.\n\nAddresses-Coverity-ID: 1497765 (\"Out-of-bounds access\")"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "b3e79e7682e0",
"version_value": "34ec706bf0b7"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.10",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.10",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.36",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/34ec706bf0b7c4ca249a729c1bcb91f706c7a7be",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/34ec706bf0b7c4ca249a729c1bcb91f706c7a7be"
},
{
"url": "https://git.kernel.org/stable/c/4e4ebb827bf09311469ffd9d0c14ed40ed9747aa",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4e4ebb827bf09311469ffd9d0c14ed40ed9747aa"
},
{
"url": "https://git.kernel.org/stable/c/4d786870e3262ec098a3b4ed10b895176bc66ecb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4d786870e3262ec098a3b4ed10b895176bc66ecb"
},
{
"url": "https://git.kernel.org/stable/c/683313993dbe1651c7aa00bb42a041d70e914925",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/683313993dbe1651c7aa00bb42a041d70e914925"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

179
2021/46xxx/CVE-2021-46966.json
View File

@ -1,18 +1,189 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46966",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: custom_method: fix potential use-after-free issue\n\nIn cm_write(), buf is always freed when reaching the end of the\nfunction. If the requested count is less than table.length, the\nallocated buffer will be freed but subsequent calls to cm_write() will\nstill try to access it.\n\nRemove the unconditional kfree(buf) at the end of the function and\nset the buf to NULL in the -EINVAL error path to match the rest of\nfunction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4bda2b79a9d0",
"version_value": "1d53ca5d1310"
},
{
"version_affected": "<",
"version_name": "5c12dadcbef8",
"version_value": "8b04d57f30ca"
},
{
"version_affected": "<",
"version_name": "35b88a10535e",
"version_value": "90575d1d9311"
},
{
"version_affected": "<",
"version_name": "e4467fb6ef54",
"version_value": "a5b26a2e362f"
},
{
"version_affected": "<",
"version_name": "03d1571d9513",
"version_value": "72814a94c38a"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.4.269",
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.9.269",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.233",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.191",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.118",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.36",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/1d53ca5d131074c925ce38361fb0376d3bf7e394",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1d53ca5d131074c925ce38361fb0376d3bf7e394"
},
{
"url": "https://git.kernel.org/stable/c/8b04d57f30caf76649d0567551589af9a66ca9be",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8b04d57f30caf76649d0567551589af9a66ca9be"
},
{
"url": "https://git.kernel.org/stable/c/90575d1d9311b753cf1718f4ce9061ddda7dfd23",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/90575d1d9311b753cf1718f4ce9061ddda7dfd23"
},
{
"url": "https://git.kernel.org/stable/c/a5b26a2e362f572d87e9fd35435680e557052a17",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a5b26a2e362f572d87e9fd35435680e557052a17"
},
{
"url": "https://git.kernel.org/stable/c/72814a94c38a33239793f7622cec6ace1e540c4b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/72814a94c38a33239793f7622cec6ace1e540c4b"
},
{
"url": "https://git.kernel.org/stable/c/62dc2440ebb552aa0d7f635e1697e077d9d21203",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/62dc2440ebb552aa0d7f635e1697e077d9d21203"
},
{
"url": "https://git.kernel.org/stable/c/f16737caf41fc06cfe6e49048becb09657074d4b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f16737caf41fc06cfe6e49048becb09657074d4b"
},
{
"url": "https://git.kernel.org/stable/c/b7a5baaae212a686ceb812c32fceed79c03c0234",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b7a5baaae212a686ceb812c32fceed79c03c0234"
},
{
"url": "https://git.kernel.org/stable/c/e483bb9a991bdae29a0caa4b3a6d002c968f94aa",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e483bb9a991bdae29a0caa4b3a6d002c968f94aa"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

114
2021/46xxx/CVE-2021-46967.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46967",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost-vdpa: fix vm_flags for virtqueue doorbell mapping\n\nThe virtqueue doorbell is usually implemented via registeres but we\ndon't provide the necessary vma->flags like VM_PFNMAP. This may cause\nseveral issues e.g when userspace tries to map the doorbell via vhost\nIOTLB, kernel may panic due to the page is not backed by page\nstructure. This patch fixes this by setting the necessary\nvm_flags. With this patch, try to map doorbell via IOTLB will fail\nwith bad address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ddd89d0a059d",
"version_value": "3b8b6399666a"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.8",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.36",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/3b8b6399666a29daa30b0bb3f5c9e3fc81c5a6a6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3b8b6399666a29daa30b0bb3f5c9e3fc81c5a6a6"
},
{
"url": "https://git.kernel.org/stable/c/940230a5c31e2714722aee04c521a21f484b4df7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/940230a5c31e2714722aee04c521a21f484b4df7"
},
{
"url": "https://git.kernel.org/stable/c/93dbbf20e3ffad14f04227a0b7105f6e6f0387ce",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/93dbbf20e3ffad14f04227a0b7105f6e6f0387ce"
},
{
"url": "https://git.kernel.org/stable/c/3a3e0fad16d40a2aa68ddf7eea4acdf48b22dd44",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3a3e0fad16d40a2aa68ddf7eea4acdf48b22dd44"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

114
2021/46xxx/CVE-2021-46968.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46968",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/zcrypt: fix zcard and zqueue hot-unplug memleak\n\nTests with kvm and a kmemdebug kernel showed, that on hot unplug the\nzcard and zqueue structs for the unplugged card or queue are not\nproperly freed because of a mismatch with get/put for the embedded\nkref counter.\n\nThis fix now adjusts the handling of the kref counters. With init the\nkref counter starts with 1. This initial value needs to drop to zero\nwith the unregister of the card or queue to trigger the release and\nfree the object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "29c2680fd2bf",
"version_value": "026499a9c2e0"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.10",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.10",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.36",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/026499a9c2e002e621ad568d1378324ae97e5524",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/026499a9c2e002e621ad568d1378324ae97e5524"
},
{
"url": "https://git.kernel.org/stable/c/055a063a18bcd19b93709e3eac8078d6b2f04599",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/055a063a18bcd19b93709e3eac8078d6b2f04599"
},
{
"url": "https://git.kernel.org/stable/c/971dc8706cee47393d393905d294ea47e39503d3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/971dc8706cee47393d393905d294ea47e39503d3"
},
{
"url": "https://git.kernel.org/stable/c/70fac8088cfad9f3b379c9082832b4d7532c16c2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/70fac8088cfad9f3b379c9082832b4d7532c16c2"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

92
2021/46xxx/CVE-2021-46969.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46969",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: core: Fix invalid error returning in mhi_queue\n\nmhi_queue returns an error when the doorbell is not accessible in\nthe current state. This can happen when the device is in non M0\nstate, like M3, and needs to be waken-up prior ringing the DB. This\ncase is managed earlier by triggering an asynchronous M3 exit via\ncontroller resume/suspend callbacks, that in turn will cause M0\ntransition and DB update.\n\nSo, since it's not an error but just delaying of doorbell update, there\nis no reason to return an error.\n\nThis also fixes a use after free error for skb case, indeed a caller\nqueuing skb will try to free the skb if the queueing fails, but in\nthat case queueing has been done."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "a8f75cb348fd",
"version_value": "a99b661c3187"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.12",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/a99b661c3187365f81026d89b1133a76cd2652b3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a99b661c3187365f81026d89b1133a76cd2652b3"
},
{
"url": "https://git.kernel.org/stable/c/0ecc1c70dcd32c0f081b173a1a5d89952686f271",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0ecc1c70dcd32c0f081b173a1a5d89952686f271"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

103
2021/46xxx/CVE-2021-46970.json
View File

@ -1,18 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46970",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue\n\nA recent change created a dedicated workqueue for the state-change work\nwith WQ_HIGHPRI (no strong reason for that) and WQ_MEM_RECLAIM flags,\nbut the state-change work (mhi_pm_st_worker) does not guarantee forward\nprogress under memory pressure, and will even wait on various memory\nallocations when e.g. creating devices, loading firmware, etc... The\nwork is then not part of a memory reclaim path...\n\nMoreover, this causes a warning in check_flush_dependency() since we end\nup in code that flushes a non-reclaim workqueue:\n\n[ 40.969601] workqueue: WQ_MEM_RECLAIM mhi_hiprio_wq:mhi_pm_st_worker [mhi] is flushing !WQ_MEM_RECLAIM events_highpri:flush_backlog\n[ 40.969612] WARNING: CPU: 4 PID: 158 at kernel/workqueue.c:2607 check_flush_dependency+0x11c/0x140\n[ 40.969733] Call Trace:\n[ 40.969740] __flush_work+0x97/0x1d0\n[ 40.969745] ? wake_up_process+0x15/0x20\n[ 40.969749] ? insert_work+0x70/0x80\n[ 40.969750] ? __queue_work+0x14a/0x3e0\n[ 40.969753] flush_work+0x10/0x20\n[ 40.969756] rollback_registered_many+0x1c9/0x510\n[ 40.969759] unregister_netdevice_queue+0x94/0x120\n[ 40.969761] unregister_netdev+0x1d/0x30\n[ 40.969765] mhi_net_remove+0x1a/0x40 [mhi_net]\n[ 40.969770] mhi_driver_remove+0x124/0x250 [mhi]\n[ 40.969776] device_release_driver_internal+0xf0/0x1d0\n[ 40.969778] device_release_driver+0x12/0x20\n[ 40.969782] bus_remove_device+0xe1/0x150\n[ 40.969786] device_del+0x17b/0x3e0\n[ 40.969791] mhi_destroy_device+0x9a/0x100 [mhi]\n[ 40.969796] ? mhi_unmap_single_use_bb+0x50/0x50 [mhi]\n[ 40.969799] device_for_each_child+0x5e/0xa0\n[ 40.969804] mhi_pm_st_worker+0x921/0xf50 [mhi]"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8f7039787687",
"version_value": "abd1510c08a1"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.11",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.11",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.20",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.3",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135"
},
{
"url": "https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07"
},
{
"url": "https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

125
2021/46xxx/CVE-2021-46971.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46971",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Fix unconditional security_locked_down() call\n\nCurrently, the lockdown state is queried unconditionally, even though\nits result is used only if the PERF_SAMPLE_REGS_INTR bit is set in\nattr.sample_type. While that doesn't matter in case of the Lockdown LSM,\nit causes trouble with the SELinux's lockdown hook implementation.\n\nSELinux implements the locked_down hook with a check whether the current\ntask's type has the corresponding \"lockdown\" class permission\n(\"integrity\" or \"confidentiality\") allowed in the policy. This means\nthat calling the hook when the access control decision would be ignored\ngenerates a bogus permission check and audit record.\n\nFix this by checking sample_type first and only calling the hook when\nits result would be honored."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "b0c8fdc7fdb7",
"version_value": "b246759284d6"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.4",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.4",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.117",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.35",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.19",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.2",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b246759284d6a2bc5b6f1009caeeb3abce2ec9ff",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b246759284d6a2bc5b6f1009caeeb3abce2ec9ff"
},
{
"url": "https://git.kernel.org/stable/c/4348d3b5027bc3ff6336368b6c60605d4ef8e1ce",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4348d3b5027bc3ff6336368b6c60605d4ef8e1ce"
},
{
"url": "https://git.kernel.org/stable/c/f5809ca4c311b71bfaba6d13f4e39eab0557895e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f5809ca4c311b71bfaba6d13f4e39eab0557895e"
},
{
"url": "https://git.kernel.org/stable/c/c7b0208ee370b89d20486fae71cd9abb759819c1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c7b0208ee370b89d20486fae71cd9abb759819c1"
},
{
"url": "https://git.kernel.org/stable/c/08ef1af4de5fe7de9c6d69f1e22e51b66e385d9b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/08ef1af4de5fe7de9c6d69f1e22e51b66e385d9b"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

114
2021/46xxx/CVE-2021-46972.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46972",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: fix leaked dentry\n\nSince commit 6815f479ca90 (\"ovl: use only uppermetacopy state in\novl_lookup()\"), overlayfs doesn't put temporary dentry when there is a\nmetacopy error, which leads to dentry leaks when shutting down the related\nsuperblock:\n\n overlayfs: refusing to follow metacopy origin for (/file0)\n ...\n BUG: Dentry (____ptrval____){i=3f33,n=file3} still in use (1) [unmount of overlay overlay]\n ...\n WARNING: CPU: 1 PID: 432 at umount_check.cold+0x107/0x14d\n CPU: 1 PID: 432 Comm: unmount-overlay Not tainted 5.12.0-rc5 #1\n ...\n RIP: 0010:umount_check.cold+0x107/0x14d\n ...\n Call Trace:\n d_walk+0x28c/0x950\n ? dentry_lru_isolate+0x2b0/0x2b0\n ? __kasan_slab_free+0x12/0x20\n do_one_tree+0x33/0x60\n shrink_dcache_for_umount+0x78/0x1d0\n generic_shutdown_super+0x70/0x440\n kill_anon_super+0x3e/0x70\n deactivate_locked_super+0xc4/0x160\n deactivate_super+0xfa/0x140\n cleanup_mnt+0x22e/0x370\n __cleanup_mnt+0x1a/0x30\n task_work_run+0x139/0x210\n do_exit+0xb0c/0x2820\n ? __kasan_check_read+0x1d/0x30\n ? find_held_lock+0x35/0x160\n ? lock_release+0x1b6/0x660\n ? mm_update_next_owner+0xa20/0xa20\n ? reacquire_held_locks+0x3f0/0x3f0\n ? __sanitizer_cov_trace_const_cmp4+0x22/0x30\n do_group_exit+0x135/0x380\n __do_sys_exit_group.isra.0+0x20/0x20\n __x64_sys_exit_group+0x3c/0x50\n do_syscall_64+0x45/0x70\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n ...\n VFS: Busy inodes after unmount of overlay. Self-destruct in 5 seconds. Have a nice day...\n\nThis fix has been tested with a syzkaller reproducer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6815f479ca90",
"version_value": "71d58457a8af"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.8",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.35",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.19",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.2",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/71d58457a8afc650da5d3292a7f7029317654d95",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/71d58457a8afc650da5d3292a7f7029317654d95"
},
{
"url": "https://git.kernel.org/stable/c/cf3e3330bc5719fa9d658e3e2f596bde89344a94",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cf3e3330bc5719fa9d658e3e2f596bde89344a94"
},
{
"url": "https://git.kernel.org/stable/c/d587cfaef72b1b6f4b2774827123bce91f497cc8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d587cfaef72b1b6f4b2774827123bce91f497cc8"
},
{
"url": "https://git.kernel.org/stable/c/eaab1d45cdb4bb0c846bd23c3d666d5b90af7b41",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/eaab1d45cdb4bb0c846bd23c3d666d5b90af7b41"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

114
2021/46xxx/CVE-2021-46973.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46973",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qrtr: Avoid potential use after free in MHI send\n\nIt is possible that the MHI ul_callback will be invoked immediately\nfollowing the queueing of the skb for transmission, leading to the\ncallback decrementing the refcount of the associated sk and freeing the\nskb.\n\nAs such the dereference of skb and the increment of the sk refcount must\nhappen before the skb is queued, to avoid the skb to be used after free\nand potentially the sk to drop its last refcount.."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6e728f321393",
"version_value": "48ec949ac979"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.8",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.35",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.19",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.2",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/48ec949ac979b4b42d740f67b6177797af834f80",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/48ec949ac979b4b42d740f67b6177797af834f80"
},
{
"url": "https://git.kernel.org/stable/c/ea474054c2cc6e1284604b21361f475c7cc8c0a0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ea474054c2cc6e1284604b21361f475c7cc8c0a0"
},
{
"url": "https://git.kernel.org/stable/c/03c649dee8b1eb5600212a249542a70f47a5ab40",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/03c649dee8b1eb5600212a249542a70f47a5ab40"
},
{
"url": "https://git.kernel.org/stable/c/47a017f33943278570c072bc71681809b2567b3a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/47a017f33943278570c072bc71681809b2567b3a"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

147
2021/46xxx/CVE-2021-46974.json
View File

@ -1,18 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46974",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix masking negation logic upon negative dst register\n\nThe negation logic for the case where the off_reg is sitting in the\ndst register is not correct given then we cannot just invert the add\nto a sub or vice versa. As a fix, perform the final bitwise and-op\nunconditionally into AX from the off_reg, then move the pointer from\nthe src to dst and finally use AX as the source for the original\npointer arithmetic operation such that the inversion yields a correct\nresult. The single non-AX mov in between is possible given constant\nblinding is retaining it as it's not an immediate based operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "12462c88e6e2",
"version_value": "4d542ddb88fb"
},
{
"version_affected": "<",
"version_name": "eed84f94ff8d",
"version_value": "0e2dfdc74a7f"
},
{
"version_affected": "<",
"version_name": "979d63d50c0c",
"version_value": "53e0db429b37"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.14.233",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.190",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.117",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.35",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.19",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.2",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/4d542ddb88fb2f39bf7f14caa2902f3e8d06f6ba",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4d542ddb88fb2f39bf7f14caa2902f3e8d06f6ba"
},
{
"url": "https://git.kernel.org/stable/c/0e2dfdc74a7f4036127356d42ea59388f153f42c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0e2dfdc74a7f4036127356d42ea59388f153f42c"
},
{
"url": "https://git.kernel.org/stable/c/53e0db429b37a32b8fc706d0d90eb4583ad13848",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/53e0db429b37a32b8fc706d0d90eb4583ad13848"
},
{
"url": "https://git.kernel.org/stable/c/2cfa537674cd1051a3b8111536d77d0558f33d5d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2cfa537674cd1051a3b8111536d77d0558f33d5d"
},
{
"url": "https://git.kernel.org/stable/c/6eba92a4d4be8feb4dc33976abac544fa99d6ecc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6eba92a4d4be8feb4dc33976abac544fa99d6ecc"
},
{
"url": "https://git.kernel.org/stable/c/7cf64d8679ca1cb20cf57d6a88bfee79a0922a66",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7cf64d8679ca1cb20cf57d6a88bfee79a0922a66"
},
{
"url": "https://git.kernel.org/stable/c/b9b34ddbe2076ade359cd5ce7537d5ed019e9807",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b9b34ddbe2076ade359cd5ce7537d5ed019e9807"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

158
2021/46xxx/CVE-2021-46975.json
View File

@ -1,18 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46975",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: Make global sysctls readonly in non-init netns\n\nThese sysctls point to global variables:\n- NF_SYSCTL_CT_MAX (&nf_conntrack_max)\n- NF_SYSCTL_CT_EXPECT_MAX (&nf_ct_expect_max)\n- NF_SYSCTL_CT_BUCKETS (&nf_conntrack_htable_size_user)\n\nBecause their data pointers are not updated to point to per-netns\nstructures, they must be marked read-only in a non-init_net ns.\nOtherwise, changes in any net namespace are reflected in (leaked into)\nall other net namespaces. This problem has existed since the\nintroduction of net namespaces.\n\nThe current logic marks them read-only only if the net namespace is\nowned by an unprivileged user (other than init_user_ns).\n\nCommit d0febd81ae77 (\"netfilter: conntrack: re-visit sysctls in\nunprivileged namespaces\") \"exposes all sysctls even if the namespace is\nunpriviliged.\" Since we need to mark them readonly in any case, we can\nforego the unprivileged user check altogether."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "d0febd81ae77",
"version_value": "da50f56e826e"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.7",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.9.269",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.233",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.191",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.120",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.35",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.11.19",
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.2",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/da50f56e826e1db141693297afb99370ebc160dd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/da50f56e826e1db141693297afb99370ebc160dd"
},
{
"url": "https://git.kernel.org/stable/c/68122479c128a929f8f7bdd951cfdc8dd0e75b8f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/68122479c128a929f8f7bdd951cfdc8dd0e75b8f"
},
{
"url": "https://git.kernel.org/stable/c/9b288479f7a901a14ce703938596438559d7df55",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9b288479f7a901a14ce703938596438559d7df55"
},
{
"url": "https://git.kernel.org/stable/c/baea536cf51f8180ab993e374cb134b5edad25e2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/baea536cf51f8180ab993e374cb134b5edad25e2"
},
{
"url": "https://git.kernel.org/stable/c/d3598eb3915cc0c0d8cab42f4a6258ff44c4033e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d3598eb3915cc0c0d8cab42f4a6258ff44c4033e"
},
{
"url": "https://git.kernel.org/stable/c/fbf85a34ce17c4cf0a37ee253f4c582bbfb8231b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fbf85a34ce17c4cf0a37ee253f4c582bbfb8231b"
},
{
"url": "https://git.kernel.org/stable/c/671c54ea8c7ff47bd88444f3fffb65bf9799ce43",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/671c54ea8c7ff47bd88444f3fffb65bf9799ce43"
},
{
"url": "https://git.kernel.org/stable/c/2671fa4dc0109d3fb581bc3078fdf17b5d9080f6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2671fa4dc0109d3fb581bc3078fdf17b5d9080f6"
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
}
}

18
2021/47xxx/CVE-2021-47038.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47038",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/47xxx/CVE-2021-47039.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47039",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/47xxx/CVE-2021-47040.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47040",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/47xxx/CVE-2021-47041.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47041",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/47xxx/CVE-2021-47042.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47042",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/47xxx/CVE-2021-47043.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47043",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/47xxx/CVE-2021-47044.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47044",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/47xxx/CVE-2021-47045.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47045",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/47xxx/CVE-2021-47046.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47046",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/47xxx/CVE-2021-47047.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47047",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/47xxx/CVE-2021-47048.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47048",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/47xxx/CVE-2021-47049.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47049",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/47xxx/CVE-2021-47050.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47050",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/47xxx/CVE-2021-47051.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47051",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/47xxx/CVE-2021-47052.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47052",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/47xxx/CVE-2021-47053.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47053",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/1xxx/CVE-2024-1945.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1945",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/1xxx/CVE-2024-1946.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1946",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

81
2024/27xxx/CVE-2024-27099.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27099",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-415: Double Free",
"cweId": "CWE-415"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Azure",
"product": {
"product_data": [
{
"product_name": "azure-uamqp-c",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2023-2-08"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-6rh4-fj44-v4jj",
"refsource": "MISC",
"name": "https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-6rh4-fj44-v4jj"
},
{
"url": "https://github.com/Azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987",
"refsource": "MISC",
"name": "https://github.com/Azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987"
}
]
},
"source": {
"advisory": "GHSA-6rh4-fj44-v4jj",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}