From f50f2b12f5e30614d3caef65e2c57b55810137eb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 1 May 2025 15:01:18 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/49xxx/CVE-2022-49783.json | 92 ++++++++++++++++++- 2022/49xxx/CVE-2022-49784.json | 92 ++++++++++++++++++- 2022/49xxx/CVE-2022-49785.json | 103 ++++++++++++++++++++- 2022/49xxx/CVE-2022-49786.json | 92 ++++++++++++++++++- 2022/49xxx/CVE-2022-49787.json | 147 +++++++++++++++++++++++++++++- 2022/49xxx/CVE-2022-49788.json | 158 +++++++++++++++++++++++++++++++- 2022/49xxx/CVE-2022-49789.json | 125 ++++++++++++++++++++++++- 2022/49xxx/CVE-2022-49790.json | 125 ++++++++++++++++++++++++- 2022/49xxx/CVE-2022-49791.json | 92 ++++++++++++++++++- 2022/49xxx/CVE-2022-49792.json | 114 ++++++++++++++++++++++- 2022/49xxx/CVE-2022-49793.json | 158 +++++++++++++++++++++++++++++++- 2022/49xxx/CVE-2022-49794.json | 158 +++++++++++++++++++++++++++++++- 2022/49xxx/CVE-2022-49795.json | 92 ++++++++++++++++++- 2022/49xxx/CVE-2022-49796.json | 114 ++++++++++++++++++++++- 2022/49xxx/CVE-2022-49797.json | 114 ++++++++++++++++++++++- 2022/49xxx/CVE-2022-49798.json | 103 ++++++++++++++++++++- 2022/49xxx/CVE-2022-49799.json | 114 ++++++++++++++++++++++- 2022/49xxx/CVE-2022-49800.json | 114 ++++++++++++++++++++++- 2022/49xxx/CVE-2022-49801.json | 103 ++++++++++++++++++++- 2022/49xxx/CVE-2022-49802.json | 147 +++++++++++++++++++++++++++++- 2022/49xxx/CVE-2022-49803.json | 92 ++++++++++++++++++- 2022/49xxx/CVE-2022-49804.json | 92 ++++++++++++++++++- 2022/49xxx/CVE-2022-49805.json | 92 ++++++++++++++++++- 2022/49xxx/CVE-2022-49806.json | 103 ++++++++++++++++++++- 2022/49xxx/CVE-2022-49807.json | 92 ++++++++++++++++++- 2022/49xxx/CVE-2022-49808.json | 92 ++++++++++++++++++- 2022/49xxx/CVE-2022-49809.json | 158 +++++++++++++++++++++++++++++++- 2022/49xxx/CVE-2022-49810.json | 92 ++++++++++++++++++- 2022/49xxx/CVE-2022-49811.json | 147 +++++++++++++++++++++++++++++- 2022/49xxx/CVE-2022-49812.json | 114 ++++++++++++++++++++++- 2022/49xxx/CVE-2022-49813.json | 114 ++++++++++++++++++++++- 2022/49xxx/CVE-2022-49814.json | 147 +++++++++++++++++++++++++++++- 2022/49xxx/CVE-2022-49815.json | 92 ++++++++++++++++++- 2022/49xxx/CVE-2022-49816.json | 158 +++++++++++++++++++++++++++++++- 2022/49xxx/CVE-2022-49817.json | 103 ++++++++++++++++++++- 2022/49xxx/CVE-2022-49818.json | 162 ++++++++++++++++++++++++++++++++- 2022/49xxx/CVE-2022-49819.json | 92 ++++++++++++++++++- 2022/49xxx/CVE-2022-49820.json | 92 ++++++++++++++++++- 2022/49xxx/CVE-2022-49821.json | 158 +++++++++++++++++++++++++++++++- 2022/49xxx/CVE-2022-49822.json | 103 ++++++++++++++++++++- 2022/49xxx/CVE-2022-49823.json | 114 ++++++++++++++++++++++- 2022/49xxx/CVE-2022-49824.json | 114 ++++++++++++++++++++++- 2022/49xxx/CVE-2022-49825.json | 114 ++++++++++++++++++++++- 2022/49xxx/CVE-2022-49826.json | 136 ++++++++++++++++++++++++++- 2022/49xxx/CVE-2022-49827.json | 114 ++++++++++++++++++++++- 2022/49xxx/CVE-2022-49828.json | 93 ++++++++++++++++++- 2022/49xxx/CVE-2022-49829.json | 82 ++++++++++++++++- 2022/49xxx/CVE-2022-49830.json | 114 ++++++++++++++++++++++- 2022/49xxx/CVE-2022-49831.json | 93 ++++++++++++++++++- 2022/49xxx/CVE-2022-49832.json | 158 +++++++++++++++++++++++++++++++- 2022/49xxx/CVE-2022-49833.json | 82 ++++++++++++++++- 2022/49xxx/CVE-2022-49834.json | 148 +++++++++++++++++++++++++++++- 2022/49xxx/CVE-2022-49835.json | 148 +++++++++++++++++++++++++++++- 2022/49xxx/CVE-2022-49836.json | 136 ++++++++++++++++++++++++++- 2022/49xxx/CVE-2022-49837.json | 103 ++++++++++++++++++++- 2022/49xxx/CVE-2022-49838.json | 114 ++++++++++++++++++++++- 2022/49xxx/CVE-2022-49839.json | 114 ++++++++++++++++++++++- 57 files changed, 6401 insertions(+), 228 deletions(-) diff --git a/2022/49xxx/CVE-2022-49783.json b/2022/49xxx/CVE-2022-49783.json index a7154e5aff7..81f99689eed 100644 --- a/2022/49xxx/CVE-2022-49783.json +++ b/2022/49xxx/CVE-2022-49783.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49783", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Drop fpregs lock before inheriting FPU permissions\n\nMike Galbraith reported the following against an old fork of preempt-rt\nbut the same issue also applies to the current preempt-rt tree.\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: systemd\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n Preemption disabled at:\n fpu_clone\n CPU: 6 PID: 1 Comm: systemd Tainted: G E (unreleased)\n Call Trace:\n \n dump_stack_lvl\n ? fpu_clone\n __might_resched\n rt_spin_lock\n fpu_clone\n ? copy_thread\n ? copy_process\n ? shmem_alloc_inode\n ? kmem_cache_alloc\n ? kernel_clone\n ? __do_sys_clone\n ? do_syscall_64\n ? __x64_sys_rt_sigprocmask\n ? syscall_exit_to_user_mode\n ? do_syscall_64\n ? syscall_exit_to_user_mode\n ? do_syscall_64\n ? syscall_exit_to_user_mode\n ? do_syscall_64\n ? exc_page_fault\n ? entry_SYSCALL_64_after_hwframe\n \n\nMike says:\n\n The splat comes from fpu_inherit_perms() being called under fpregs_lock(),\n and us reaching the spin_lock_irq() therein due to fpu_state_size_dynamic()\n returning true despite static key __fpu_state_size_dynamic having never\n been enabled.\n\nMike's assessment looks correct. fpregs_lock on a PREEMPT_RT kernel disables\npreemption so calling spin_lock_irq() in fpu_inherit_perms() is unsafe. This\nproblem exists since commit\n\n 9e798e9aa14c (\"x86/fpu: Prepare fpu_clone() for dynamically enabled features\").\n\nEven though the original bug report should not have enabled the paths at\nall, the bug still exists.\n\nfpregs_lock is necessary when editing the FPU registers or a task's FP\nstate but it is not necessary for fpu_inherit_perms(). The only write\nof any FP state in fpu_inherit_perms() is for the new child which is\nnot running yet and cannot context switch or be borrowed by a kernel\nthread yet. Hence, fpregs_lock is not protecting anything in the new\nchild until clone() completes and can be dropped earlier. The siglock\nstill needs to be acquired by fpu_inherit_perms() as the read of the\nparent's permissions has to be serialised.\n\n [ bp: Cleanup splat. ]" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "9e798e9aa14c45fb94e47b30bf6347b369ce9df7", + "version_value": "c6e8a7a1780af3da65e78a615f7d0874da6aabb0" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.16", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.16", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/c6e8a7a1780af3da65e78a615f7d0874da6aabb0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c6e8a7a1780af3da65e78a615f7d0874da6aabb0" + }, + { + "url": "https://git.kernel.org/stable/c/36b038791e1e2baea892e9276588815fd14894b4", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/36b038791e1e2baea892e9276588815fd14894b4" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49784.json b/2022/49xxx/CVE-2022-49784.json index ef07f57fef4..f554f9de885 100644 --- a/2022/49xxx/CVE-2022-49784.json +++ b/2022/49xxx/CVE-2022-49784.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49784", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/amd/uncore: Fix memory leak for events array\n\nWhen a CPU comes online, the per-CPU NB and LLC uncore contexts are\nfreed but not the events array within the context structure. This\ncauses a memory leak as identified by the kmemleak detector.\n\n [...]\n unreferenced object 0xffff8c5944b8e320 (size 32):\n comm \"swapper/0\", pid 1, jiffies 4294670387 (age 151.072s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<000000000759fb79>] amd_uncore_cpu_up_prepare+0xaf/0x230\n [<00000000ddc9e126>] cpuhp_invoke_callback+0x2cf/0x470\n [<0000000093e727d4>] cpuhp_issue_call+0x14d/0x170\n [<0000000045464d54>] __cpuhp_setup_state_cpuslocked+0x11e/0x330\n [<0000000069f67cbd>] __cpuhp_setup_state+0x6b/0x110\n [<0000000015365e0f>] amd_uncore_init+0x260/0x321\n [<00000000089152d2>] do_one_initcall+0x3f/0x1f0\n [<000000002d0bd18d>] kernel_init_freeable+0x1ca/0x212\n [<0000000030be8dde>] kernel_init+0x11/0x120\n [<0000000059709e59>] ret_from_fork+0x22/0x30\n unreferenced object 0xffff8c5944b8dd40 (size 64):\n comm \"swapper/0\", pid 1, jiffies 4294670387 (age 151.072s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<00000000306efe8b>] amd_uncore_cpu_up_prepare+0x183/0x230\n [<00000000ddc9e126>] cpuhp_invoke_callback+0x2cf/0x470\n [<0000000093e727d4>] cpuhp_issue_call+0x14d/0x170\n [<0000000045464d54>] __cpuhp_setup_state_cpuslocked+0x11e/0x330\n [<0000000069f67cbd>] __cpuhp_setup_state+0x6b/0x110\n [<0000000015365e0f>] amd_uncore_init+0x260/0x321\n [<00000000089152d2>] do_one_initcall+0x3f/0x1f0\n [<000000002d0bd18d>] kernel_init_freeable+0x1ca/0x212\n [<0000000030be8dde>] kernel_init+0x11/0x120\n [<0000000059709e59>] ret_from_fork+0x22/0x30\n [...]\n\nFix the problem by freeing the events array before freeing the uncore\ncontext." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "39621c5808f5dda75d03dc4b2d4d2b13a5a1c34b", + "version_value": "f75be9885d49e3717de962345c4572ddab52b178" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.0", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.0", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/f75be9885d49e3717de962345c4572ddab52b178", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f75be9885d49e3717de962345c4572ddab52b178" + }, + { + "url": "https://git.kernel.org/stable/c/bdfe34597139cfcecd47a2eb97fea44d77157491", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/bdfe34597139cfcecd47a2eb97fea44d77157491" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49785.json b/2022/49xxx/CVE-2022-49785.json index 9ab7dbf55d6..656b0c18e1d 100644 --- a/2022/49xxx/CVE-2022-49785.json +++ b/2022/49xxx/CVE-2022-49785.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49785", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sgx: Add overflow check in sgx_validate_offset_length()\n\nsgx_validate_offset_length() function verifies \"offset\" and \"length\"\narguments provided by userspace, but was missing an overflow check on\ntheir addition. Add it." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "c6d26d370767fa227fc44b98a8bdad112efdf563", + "version_value": "5277e3d633a5d4157987f4aff068caa55e36db19" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.11", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.11", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.81", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/5277e3d633a5d4157987f4aff068caa55e36db19", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5277e3d633a5d4157987f4aff068caa55e36db19" + }, + { + "url": "https://git.kernel.org/stable/c/3b1c10fb754b0b67165e3f055a4208e5ba26dc89", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3b1c10fb754b0b67165e3f055a4208e5ba26dc89" + }, + { + "url": "https://git.kernel.org/stable/c/f0861f49bd946ff94fce4f82509c45e167f63690", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f0861f49bd946ff94fce4f82509c45e167f63690" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49786.json b/2022/49xxx/CVE-2022-49786.json index 18f6e9c26f2..54116f9f522 100644 --- a/2022/49xxx/CVE-2022-49786.json +++ b/2022/49xxx/CVE-2022-49786.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49786", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: properly pin the parent in blkcg_css_online\n\nblkcg_css_online is supposed to pin the blkcg of the parent, but\n397c9f46ee4d refactored things and along the way, changed it to pin the\ncss instead. This results in extra pins, and we end up leaking blkcgs\nand cgroups." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "397c9f46ee4d99024c64954b007c1b5762d01cb4", + "version_value": "d118247e404d6338f7b90636a3c6b95a387ed163" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.19", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.19", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/d118247e404d6338f7b90636a3c6b95a387ed163", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d118247e404d6338f7b90636a3c6b95a387ed163" + }, + { + "url": "https://git.kernel.org/stable/c/d7dbd43f4a828fa1d9a8614d5b0ac40aee6375fe", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d7dbd43f4a828fa1d9a8614d5b0ac40aee6375fe" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49787.json b/2022/49xxx/CVE-2022-49787.json index 292f28d89a4..f6c3fe85730 100644 --- a/2022/49xxx/CVE-2022-49787.json +++ b/2022/49xxx/CVE-2022-49787.json @@ -1,18 +1,157 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49787", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()\n\npci_get_device() will increase the reference count for the returned\npci_dev. We need to use pci_dev_put() to decrease the reference count\nbefore amd_probe() returns. There is no problem for the 'smbus_dev ==\nNULL' branch because pci_dev_put() can also handle the NULL input\nparameter case." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "659c9bc114a810b3a3c1e50585cc57f1312a6d60", + "version_value": "7570e5b5419ffd34b6dc45a88c51e113a9a187e3" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.4", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.4", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.14.300", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.19.267", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.4.225", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/7570e5b5419ffd34b6dc45a88c51e113a9a187e3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7570e5b5419ffd34b6dc45a88c51e113a9a187e3" + }, + { + "url": "https://git.kernel.org/stable/c/5dbd6378dbf96787d6dbcca44156c511ae085ea3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5dbd6378dbf96787d6dbcca44156c511ae085ea3" + }, + { + "url": "https://git.kernel.org/stable/c/27f712cd47d65e14cd52cc32a23d42aeef583d5d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/27f712cd47d65e14cd52cc32a23d42aeef583d5d" + }, + { + "url": "https://git.kernel.org/stable/c/4423866d31a06a810db22062ed13389416a66b22", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4423866d31a06a810db22062ed13389416a66b22" + }, + { + "url": "https://git.kernel.org/stable/c/a99a547658e5d451f01ed307426286716b6f01bf", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a99a547658e5d451f01ed307426286716b6f01bf" + }, + { + "url": "https://git.kernel.org/stable/c/35bca18092685b488003509fef7055aa2d4f2ebc", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/35bca18092685b488003509fef7055aa2d4f2ebc" + }, + { + "url": "https://git.kernel.org/stable/c/222cfa0118aa68687ace74aab8fdf77ce8fbd7e6", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/222cfa0118aa68687ace74aab8fdf77ce8fbd7e6" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49788.json b/2022/49xxx/CVE-2022-49788.json index be68b30fdc7..41b319367ea 100644 --- a/2022/49xxx/CVE-2022-49788.json +++ b/2022/49xxx/CVE-2022-49788.json @@ -1,18 +1,168 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49788", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()\n\n`struct vmci_event_qp` allocated by qp_notify_peer() contains padding,\nwhich may carry uninitialized data to the userspace, as observed by\nKMSAN:\n\n BUG: KMSAN: kernel-infoleak in instrument_copy_to_user ./include/linux/instrumented.h:121\n instrument_copy_to_user ./include/linux/instrumented.h:121\n _copy_to_user+0x5f/0xb0 lib/usercopy.c:33\n copy_to_user ./include/linux/uaccess.h:169\n vmci_host_do_receive_datagram drivers/misc/vmw_vmci/vmci_host.c:431\n vmci_host_unlocked_ioctl+0x33d/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:925\n vfs_ioctl fs/ioctl.c:51\n ...\n\n Uninit was stored to memory at:\n kmemdup+0x74/0xb0 mm/util.c:131\n dg_dispatch_as_host drivers/misc/vmw_vmci/vmci_datagram.c:271\n vmci_datagram_dispatch+0x4f8/0xfc0 drivers/misc/vmw_vmci/vmci_datagram.c:339\n qp_notify_peer+0x19a/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1479\n qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662\n qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750\n vmci_qp_broker_alloc+0x96/0xd0 drivers/misc/vmw_vmci/vmci_queue_pair.c:1940\n vmci_host_do_alloc_queuepair drivers/misc/vmw_vmci/vmci_host.c:488\n vmci_host_unlocked_ioctl+0x24fd/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:927\n ...\n\n Local variable ev created at:\n qp_notify_peer+0x54/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1456\n qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662\n qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750\n\n Bytes 28-31 of 48 are uninitialized\n Memory access of size 48 starts at ffff888035155e00\n Data copied to user address 0000000020000100\n\nUse memset() to prevent the infoleaks.\n\nAlso speculatively fix qp_notify_peer_local(), which may suffer from the\nsame problem." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "06164d2b72aa752ce4633184b3e0d97601017135", + "version_value": "7ccf7229b96fadc3a185d1391f814a604c7ef609" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "3.9", + "status": "affected" + }, + { + "version": "0", + "lessThan": "3.9", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.9.334", + "lessThanOrEqual": "4.9.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.14.300", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.19.267", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.4.225", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/7ccf7229b96fadc3a185d1391f814a604c7ef609", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7ccf7229b96fadc3a185d1391f814a604c7ef609" + }, + { + "url": "https://git.kernel.org/stable/c/f04586c2315cfd03d72ad0395705435e7ed07b1a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f04586c2315cfd03d72ad0395705435e7ed07b1a" + }, + { + "url": "https://git.kernel.org/stable/c/5a275528025ae4bc7e2232866856dfebf84b2fad", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5a275528025ae4bc7e2232866856dfebf84b2fad" + }, + { + "url": "https://git.kernel.org/stable/c/e7061dd1fef2dfb6458cd521aef27aa66f510d31", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e7061dd1fef2dfb6458cd521aef27aa66f510d31" + }, + { + "url": "https://git.kernel.org/stable/c/62634b43d3c4e1bf62fd540196f7081bf0885c0a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/62634b43d3c4e1bf62fd540196f7081bf0885c0a" + }, + { + "url": "https://git.kernel.org/stable/c/8e2f33c598370bcf828bab4d667d1d38bcd3c57d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8e2f33c598370bcf828bab4d667d1d38bcd3c57d" + }, + { + "url": "https://git.kernel.org/stable/c/76c50d77b928a33e5290aaa9fdc10e88254ff8c7", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/76c50d77b928a33e5290aaa9fdc10e88254ff8c7" + }, + { + "url": "https://git.kernel.org/stable/c/e5b0d06d9b10f5f43101bd6598b076c347f9295f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e5b0d06d9b10f5f43101bd6598b076c347f9295f" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49789.json b/2022/49xxx/CVE-2022-49789.json index b7a7ec61990..f185b049db6 100644 --- a/2022/49xxx/CVE-2022-49789.json +++ b/2022/49xxx/CVE-2022-49789.json @@ -1,18 +1,135 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49789", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: zfcp: Fix double free of FSF request when qdio send fails\n\nWe used to use the wrong type of integer in 'zfcp_fsf_req_send()' to cache\nthe FSF request ID when sending a new FSF request. This is used in case the\nsending fails and we need to remove the request from our internal hash\ntable again (so we don't keep an invalid reference and use it when we free\nthe request again).\n\nIn 'zfcp_fsf_req_send()' we used to cache the ID as 'int' (signed and 32\nbit wide), but the rest of the zfcp code (and the firmware specification)\nhandles the ID as 'unsigned long'/'u64' (unsigned and 64 bit wide [s390x\nELF ABI]). For one this has the obvious problem that when the ID grows\npast 32 bit (this can happen reasonably fast) it is truncated to 32 bit\nwhen storing it in the cache variable and so doesn't match the original ID\nanymore. The second less obvious problem is that even when the original ID\nhas not yet grown past 32 bit, as soon as the 32nd bit is set in the\noriginal ID (0x80000000 = 2'147'483'648) we will have a mismatch when we\ncast it back to 'unsigned long'. As the cached variable is of a signed\ntype, the compiler will choose a sign-extending instruction to load the 32\nbit variable into a 64 bit register (e.g.: 'lgf %r11,188(%r15)'). So once\nwe pass the cached variable into 'zfcp_reqlist_find_rm()' to remove the\nrequest again all the leading zeros will be flipped to ones to extend the\nsign and won't match the original ID anymore (this has been observed in\npractice).\n\nIf we can't successfully remove the request from the hash table again after\n'zfcp_qdio_send()' fails (this happens regularly when zfcp cannot notify\nthe adapter about new work because the adapter is already gone during\ne.g. a ChpID toggle) we will end up with a double free. We unconditionally\nfree the request in the calling function when 'zfcp_fsf_req_send()' fails,\nbut because the request is still in the hash table we end up with a stale\nmemory reference, and once the zfcp adapter is either reset during recovery\nor shutdown we end up freeing the same memory twice.\n\nThe resulting stack traces vary depending on the kernel and have no direct\ncorrelation to the place where the bug occurs. Here are three examples that\nhave been seen in practice:\n\n list_del corruption. next->prev should be 00000001b9d13800, but was 00000000dead4ead. (next=00000001bd131a00)\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:62!\n monitor event: 0040 ilc:2 [#1] PREEMPT SMP\n Modules linked in: ...\n CPU: 9 PID: 1617 Comm: zfcperp0.0.1740 Kdump: loaded\n Hardware name: ...\n Krnl PSW : 0704d00180000000 00000003cbeea1f8 (__list_del_entry_valid+0x98/0x140)\n R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3\n Krnl GPRS: 00000000916d12f1 0000000080000000 000000000000006d 00000003cb665cd6\n 0000000000000001 0000000000000000 0000000000000000 00000000d28d21e8\n 00000000d3844000 00000380099efd28 00000001bd131a00 00000001b9d13800\n 00000000d3290100 0000000000000000 00000003cbeea1f4 00000380099efc70\n Krnl Code: 00000003cbeea1e8: c020004f68a7 larl %r2,00000003cc8d7336\n 00000003cbeea1ee: c0e50027fd65 brasl %r14,00000003cc3e9cb8\n #00000003cbeea1f4: af000000 mc 0,0\n >00000003cbeea1f8: c02000920440 larl %r2,00000003cd12aa78\n 00000003cbeea1fe: c0e500289c25 brasl %r14,00000003cc3fda48\n 00000003cbeea204: b9040043 lgr %r4,%r3\n 00000003cbeea208: b9040051 lgr %r5,%r1\n 00000003cbeea20c: b9040032 lgr %r3,%r2\n Call Trace:\n [<00000003cbeea1f8>] __list_del_entry_valid+0x98/0x140\n ([<00000003cbeea1f4>] __list_del_entry_valid+0x94/0x140)\n [<000003ff7ff502fe>] zfcp_fsf_req_dismiss_all+0xde/0x150 [zfcp]\n [<000003ff7ff49cd0>] zfcp_erp_strategy_do_action+0x160/0x280 [zfcp]\n---truncated---" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "e60a6d69f1f84c2ef1cc63aefaadfe7ae9f12934", + "version_value": "1bf8ed585501bb2dd0b5f67c824eab45adfbdccd" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "2.6.34", + "status": "affected" + }, + { + "version": "0", + "lessThan": "2.6.34", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.4.225", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/1bf8ed585501bb2dd0b5f67c824eab45adfbdccd", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/1bf8ed585501bb2dd0b5f67c824eab45adfbdccd" + }, + { + "url": "https://git.kernel.org/stable/c/d2c7d8f58e9cde8ac8d1f75e9d66c2a813ffe0ab", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d2c7d8f58e9cde8ac8d1f75e9d66c2a813ffe0ab" + }, + { + "url": "https://git.kernel.org/stable/c/11edbdee4399401f533adda9bffe94567aa08b96", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/11edbdee4399401f533adda9bffe94567aa08b96" + }, + { + "url": "https://git.kernel.org/stable/c/90a49a6b015fa439cd62e45121390284c125a91f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/90a49a6b015fa439cd62e45121390284c125a91f" + }, + { + "url": "https://git.kernel.org/stable/c/0954256e970ecf371b03a6c9af2cf91b9c4085ff", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0954256e970ecf371b03a6c9af2cf91b9c4085ff" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49790.json b/2022/49xxx/CVE-2022-49790.json index 747ceb2116a..4aa97542e64 100644 --- a/2022/49xxx/CVE-2022-49790.json +++ b/2022/49xxx/CVE-2022-49790.json @@ -1,18 +1,135 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49790", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: iforce - invert valid length check when fetching device IDs\n\nsyzbot is reporting uninitialized value at iforce_init_device() [1], for\ncommit 6ac0aec6b0a6 (\"Input: iforce - allow callers supply data buffer\nwhen fetching device IDs\") is checking that valid length is shorter than\nbytes to read. Since iforce_get_id_packet() stores valid length when\nreturning 0, the caller needs to check that valid length is longer than or\nequals to bytes to read." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6ac0aec6b0a651d64eef759fddf17d9145b51033", + "version_value": "5d53797ce7ce8fb1d95a5bebc5efa9418c4217a3" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.3", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.3", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.4.225", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/5d53797ce7ce8fb1d95a5bebc5efa9418c4217a3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5d53797ce7ce8fb1d95a5bebc5efa9418c4217a3" + }, + { + "url": "https://git.kernel.org/stable/c/24cc679abbf31477d0cc6106ec83c2fbae6b3cdf", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/24cc679abbf31477d0cc6106ec83c2fbae6b3cdf" + }, + { + "url": "https://git.kernel.org/stable/c/fdd57c20d4408cac3c3c535c120d244e083406c9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/fdd57c20d4408cac3c3c535c120d244e083406c9" + }, + { + "url": "https://git.kernel.org/stable/c/6365569d62a75ddf53fb0c2936c16587a365984c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6365569d62a75ddf53fb0c2936c16587a365984c" + }, + { + "url": "https://git.kernel.org/stable/c/b8ebf250997c5fb253582f42bfe98673801ebebd", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b8ebf250997c5fb253582f42bfe98673801ebebd" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49791.json b/2022/49xxx/CVE-2022-49791.json index f305513d009..0b9d23b2837 100644 --- a/2022/49xxx/CVE-2022-49791.json +++ b/2022/49xxx/CVE-2022-49791.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49791", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix multishot accept request leaks\n\nHaving REQ_F_POLLED set doesn't guarantee that the request is\nexecuted as a multishot from the polling path. Fortunately for us, if\nthe code thinks it's multishot issue when it's not, it can only ask to\nskip completion so leaking the request. Use issue_flags to mark\nmultipoll issues." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "390ed29b5e425ba00da2b6113b74a14949f71b02", + "version_value": "0e4626de856ef8f25ecd9c716e76d4f95ce95639" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.19", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.19", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/0e4626de856ef8f25ecd9c716e76d4f95ce95639", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0e4626de856ef8f25ecd9c716e76d4f95ce95639" + }, + { + "url": "https://git.kernel.org/stable/c/91482864768a874c4290ef93b84a78f4f1dac51b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/91482864768a874c4290ef93b84a78f4f1dac51b" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49792.json b/2022/49xxx/CVE-2022-49792.json index 8a650ebc3b7..2bdd2910e2d 100644 --- a/2022/49xxx/CVE-2022-49792.json +++ b/2022/49xxx/CVE-2022-49792.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49792", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: mp2629: fix potential array out of bound access\n\nAdd sentinel at end of maps to avoid potential array out of\nbound access in iio core." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "7abd9fb6468225f5c7f83149ce279cc1a912a68a", + "version_value": "d95b85c5084ad70011988861ee864529eefa1da0" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.8", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.8", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/d95b85c5084ad70011988861ee864529eefa1da0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d95b85c5084ad70011988861ee864529eefa1da0" + }, + { + "url": "https://git.kernel.org/stable/c/1678d4abb2dc2ca3b05b998a9d88616976e4f947", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/1678d4abb2dc2ca3b05b998a9d88616976e4f947" + }, + { + "url": "https://git.kernel.org/stable/c/399b2105a2240e730b9f3880bd8f154247539aa7", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/399b2105a2240e730b9f3880bd8f154247539aa7" + }, + { + "url": "https://git.kernel.org/stable/c/ca1547ab15f48dc81624183ae17a2fd1bad06dfc", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ca1547ab15f48dc81624183ae17a2fd1bad06dfc" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49793.json b/2022/49xxx/CVE-2022-49793.json index 9397eece432..8df68db48be 100644 --- a/2022/49xxx/CVE-2022-49793.json +++ b/2022/49xxx/CVE-2022-49793.json @@ -1,18 +1,168 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49793", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()\n\ndev_set_name() allocates memory for name, it need be freed\nwhen device_add() fails, call put_device() to give up the\nreference that hold in device_initialize(), so that it can\nbe freed in kobject_cleanup() when the refcount hit to 0.\n\nFault injection test can trigger this:\n\nunreferenced object 0xffff8e8340a7b4c0 (size 32):\n comm \"modprobe\", pid 243, jiffies 4294678145 (age 48.845s)\n hex dump (first 32 bytes):\n 69 69 6f 5f 73 79 73 66 73 5f 74 72 69 67 67 65 iio_sysfs_trigge\n 72 00 a7 40 83 8e ff ff 00 86 13 c4 f6 ee ff ff r..@............\n backtrace:\n [<0000000074999de8>] __kmem_cache_alloc_node+0x1e9/0x360\n [<00000000497fd30b>] __kmalloc_node_track_caller+0x44/0x1a0\n [<000000003636c520>] kstrdup+0x2d/0x60\n [<0000000032f84da2>] kobject_set_name_vargs+0x1e/0x90\n [<0000000092efe493>] dev_set_name+0x4e/0x70" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1f785681a87068f123d3e23da13b2c55ab4f93ac", + "version_value": "f68c96821b61d2c71a35dbb8bf90c347fad624d9" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "3.0", + "status": "affected" + }, + { + "version": "0", + "lessThan": "3.0", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.9.334", + "lessThanOrEqual": "4.9.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.14.300", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.19.267", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.4.225", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/f68c96821b61d2c71a35dbb8bf90c347fad624d9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f68c96821b61d2c71a35dbb8bf90c347fad624d9" + }, + { + "url": "https://git.kernel.org/stable/c/5a39382aa5411d64b25a71516c2c7480aab13bb7", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5a39382aa5411d64b25a71516c2c7480aab13bb7" + }, + { + "url": "https://git.kernel.org/stable/c/b47bb521961f027b4dcf8683337a7a1ba9e5ea1f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b47bb521961f027b4dcf8683337a7a1ba9e5ea1f" + }, + { + "url": "https://git.kernel.org/stable/c/0dd52e141afde089304de470148d311b05c14564", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0dd52e141afde089304de470148d311b05c14564" + }, + { + "url": "https://git.kernel.org/stable/c/8dddf2699da296c84205582aaead6b43dd7e8c4b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8dddf2699da296c84205582aaead6b43dd7e8c4b" + }, + { + "url": "https://git.kernel.org/stable/c/656f670613662b6cc77aad14112db2803ad18fa8", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/656f670613662b6cc77aad14112db2803ad18fa8" + }, + { + "url": "https://git.kernel.org/stable/c/2c4e65285bdea23fd36d2ff376006ac64db6f42e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2c4e65285bdea23fd36d2ff376006ac64db6f42e" + }, + { + "url": "https://git.kernel.org/stable/c/efa17e90e1711bdb084e3954fa44afb6647331c0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/efa17e90e1711bdb084e3954fa44afb6647331c0" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49794.json b/2022/49xxx/CVE-2022-49794.json index 69c8c9b643c..8657e90cfe4 100644 --- a/2022/49xxx/CVE-2022-49794.json +++ b/2022/49xxx/CVE-2022-49794.json @@ -1,18 +1,168 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49794", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()\n\nIf iio_trigger_register() returns error, it should call iio_trigger_free()\nto give up the reference that hold in iio_trigger_alloc(), so that it can\ncall iio_trig_release() to free memory when the refcount hit to 0." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0e589d5fb3172b0dde7fdad3a4829ce5352dd30d", + "version_value": "c3ce73f60599a483dca7becd4112508833a40ef9" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "3.5", + "status": "affected" + }, + { + "version": "0", + "lessThan": "3.5", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.9.334", + "lessThanOrEqual": "4.9.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.14.300", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.19.267", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.4.225", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/c3ce73f60599a483dca7becd4112508833a40ef9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c3ce73f60599a483dca7becd4112508833a40ef9" + }, + { + "url": "https://git.kernel.org/stable/c/a0d98ae5a62a7bbad8fcf9fa22e0a1274197bbc4", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a0d98ae5a62a7bbad8fcf9fa22e0a1274197bbc4" + }, + { + "url": "https://git.kernel.org/stable/c/2b29a7f2d52fb5281b30cf61c947d88bab18a29b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2b29a7f2d52fb5281b30cf61c947d88bab18a29b" + }, + { + "url": "https://git.kernel.org/stable/c/7b75515728b628a9a7540f201efdeb8ca7299385", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7b75515728b628a9a7540f201efdeb8ca7299385" + }, + { + "url": "https://git.kernel.org/stable/c/85d2a8b287a89853c0dcfc5a97b5e9d36376fe37", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/85d2a8b287a89853c0dcfc5a97b5e9d36376fe37" + }, + { + "url": "https://git.kernel.org/stable/c/1bf8c0aff8fb5c4edf3ba6728e6bedbd610d7f4b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/1bf8c0aff8fb5c4edf3ba6728e6bedbd610d7f4b" + }, + { + "url": "https://git.kernel.org/stable/c/c27a3b6ba23350708cf5ab9962337447b51eb76d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c27a3b6ba23350708cf5ab9962337447b51eb76d" + }, + { + "url": "https://git.kernel.org/stable/c/65f20301607d07ee279b0804d11a05a62a6c1a1c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/65f20301607d07ee279b0804d11a05a62a6c1a1c" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49795.json b/2022/49xxx/CVE-2022-49795.json index 686d42f8e43..9984a1001c9 100644 --- a/2022/49xxx/CVE-2022-49795.json +++ b/2022/49xxx/CVE-2022-49795.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49795", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrethook: fix a potential memleak in rethook_alloc()\n\nIn rethook_alloc(), the variable rh is not freed or passed out\nif handler is NULL, which could lead to a memleak, fix it.\n\n[Masami: Add \"rethook:\" tag to the title.]\n\nAcke-by: Masami Hiramatsu (Google) " } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "54ecbe6f1ed5138c895bdff55608cf502755b20e", + "version_value": "cbc5d1f9a8cc40ba2bc6779b36d2ea1f65bc027c" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.18", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.18", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/cbc5d1f9a8cc40ba2bc6779b36d2ea1f65bc027c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/cbc5d1f9a8cc40ba2bc6779b36d2ea1f65bc027c" + }, + { + "url": "https://git.kernel.org/stable/c/0a1ebe35cb3b7aa1f4b26b37e2a0b9ae68dc4ffb", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0a1ebe35cb3b7aa1f4b26b37e2a0b9ae68dc4ffb" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49796.json b/2022/49xxx/CVE-2022-49796.json index c2fde59e1d2..1d8f0387b58 100644 --- a/2022/49xxx/CVE-2022-49796.json +++ b/2022/49xxx/CVE-2022-49796.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49796", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit()\n\nWhen test_gen_kprobe_cmd() failed after kprobe_event_gen_cmd_end(), it\nwill goto delete, which will call kprobe_event_delete() and release the\ncorresponding resource. However, the trace_array in gen_kretprobe_test\nwill point to the invalid resource. Set gen_kretprobe_test to NULL\nafter called kprobe_event_delete() to prevent null-ptr-deref.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000070\nPGD 0 P4D 0\nOops: 0000 [#1] SMP PTI\nCPU: 0 PID: 246 Comm: modprobe Tainted: G W\n6.1.0-rc1-00174-g9522dc5c87da-dirty #248\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\nRIP: 0010:__ftrace_set_clr_event_nolock+0x53/0x1b0\nCode: e8 82 26 fc ff 49 8b 1e c7 44 24 0c ea ff ff ff 49 39 de 0f 84 3c\n01 00 00 c7 44 24 18 00 00 00 00 e8 61 26 fc ff 48 8b 6b 10 <44> 8b 65\n70 4c 8b 6d 18 41 f7 c4 00 02 00 00 75 2f\nRSP: 0018:ffffc9000159fe00 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffff88810971d268 RCX: 0000000000000000\nRDX: ffff8881080be600 RSI: ffffffff811b48ff RDI: ffff88810971d058\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001\nR10: ffffc9000159fe58 R11: 0000000000000001 R12: ffffffffa0001064\nR13: ffffffffa000106c R14: ffff88810971d238 R15: 0000000000000000\nFS: 00007f89eeff6540(0000) GS:ffff88813b600000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000070 CR3: 000000010599e004 CR4: 0000000000330ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n __ftrace_set_clr_event+0x3e/0x60\n trace_array_set_clr_event+0x35/0x50\n ? 0xffffffffa0000000\n kprobe_event_gen_test_exit+0xcd/0x10b [kprobe_event_gen_test]\n __x64_sys_delete_module+0x206/0x380\n ? lockdep_hardirqs_on_prepare+0xd8/0x190\n ? syscall_enter_from_user_mode+0x1c/0x50\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f89eeb061b7" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "64836248dda20c8e7427b493f7e06d9bf8f58850", + "version_value": "28a54854a95923b6266a9479ad660ca2cc0e1d5f" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.6", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.6", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/28a54854a95923b6266a9479ad660ca2cc0e1d5f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/28a54854a95923b6266a9479ad660ca2cc0e1d5f" + }, + { + "url": "https://git.kernel.org/stable/c/e57daa750369fedbf678346aec724a43b9a51749", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e57daa750369fedbf678346aec724a43b9a51749" + }, + { + "url": "https://git.kernel.org/stable/c/510c12f93674ea0a1423b24f36c67357168a262a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/510c12f93674ea0a1423b24f36c67357168a262a" + }, + { + "url": "https://git.kernel.org/stable/c/22ea4ca9631eb137e64e5ab899e9c89cb6670959", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/22ea4ca9631eb137e64e5ab899e9c89cb6670959" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49797.json b/2022/49xxx/CVE-2022-49797.json index db34c33f24e..5d9235fc5a3 100644 --- a/2022/49xxx/CVE-2022-49797.json +++ b/2022/49xxx/CVE-2022-49797.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49797", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit()\n\nWhen trace_get_event_file() failed, gen_kretprobe_test will be assigned\nas the error code. If module kprobe_event_gen_test is removed now, the\nnull pointer dereference will happen in kprobe_event_gen_test_exit().\nCheck if gen_kprobe_test or gen_kretprobe_test is error code or NULL\nbefore dereference them.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000012\nPGD 0 P4D 0\nOops: 0000 [#1] SMP PTI\nCPU: 3 PID: 2210 Comm: modprobe Not tainted\n6.1.0-rc1-00171-g2159299a3b74-dirty #217\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\nRIP: 0010:kprobe_event_gen_test_exit+0x1c/0xb5 [kprobe_event_gen_test]\nCode: Unable to access opcode bytes at 0xffffffff9ffffff2.\nRSP: 0018:ffffc900015bfeb8 EFLAGS: 00010246\nRAX: ffffffffffffffea RBX: ffffffffa0002080 RCX: 0000000000000000\nRDX: ffffffffa0001054 RSI: ffffffffa0001064 RDI: ffffffffdfc6349c\nRBP: ffffffffa0000000 R08: 0000000000000004 R09: 00000000001e95c0\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000800\nR13: ffffffffa0002420 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f56b75be540(0000) GS:ffff88813bc00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffffff9ffffff2 CR3: 000000010874a006 CR4: 0000000000330ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n __x64_sys_delete_module+0x206/0x380\n ? lockdep_hardirqs_on_prepare+0xd8/0x190\n ? syscall_enter_from_user_mode+0x1c/0x50\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "64836248dda20c8e7427b493f7e06d9bf8f58850", + "version_value": "bb70fcae4115d24b7e8cee17a6da8b1943f546bb" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.6", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.6", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/bb70fcae4115d24b7e8cee17a6da8b1943f546bb", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/bb70fcae4115d24b7e8cee17a6da8b1943f546bb" + }, + { + "url": "https://git.kernel.org/stable/c/3a41c0f2a5c3bf72b4c4e9dd4b1025378201e332", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3a41c0f2a5c3bf72b4c4e9dd4b1025378201e332" + }, + { + "url": "https://git.kernel.org/stable/c/fd0efd4f7bfe611a8339ba01bc2ac3c33e79159d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/fd0efd4f7bfe611a8339ba01bc2ac3c33e79159d" + }, + { + "url": "https://git.kernel.org/stable/c/e0d75267f59d7084e0468bd68beeb1bf9c71d7c0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e0d75267f59d7084e0468bd68beeb1bf9c71d7c0" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49798.json b/2022/49xxx/CVE-2022-49798.json index b57f17d4f06..a21ac01efd0 100644 --- a/2022/49xxx/CVE-2022-49798.json +++ b/2022/49xxx/CVE-2022-49798.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49798", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix race where eprobes can be called before the event\n\nThe flag that tells the event to call its triggers after reading the event\nis set for eprobes after the eprobe is enabled. This leads to a race where\nthe eprobe may be triggered at the beginning of the event where the record\ninformation is NULL. The eprobe then dereferences the NULL record causing\na NULL kernel pointer bug.\n\nTest for a NULL record to keep this from happening." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "7491e2c442781a1860181adb5ab472a52075f393", + "version_value": "7291dec4f2d17a2d3fd1f789fb41e58476539f21" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.15", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.15", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/7291dec4f2d17a2d3fd1f789fb41e58476539f21", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7291dec4f2d17a2d3fd1f789fb41e58476539f21" + }, + { + "url": "https://git.kernel.org/stable/c/73f5191467ffe3af82f27fe0ea6a8c2fac724d3f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/73f5191467ffe3af82f27fe0ea6a8c2fac724d3f" + }, + { + "url": "https://git.kernel.org/stable/c/94eedf3dded5fb472ce97bfaf3ac1c6c29c35d26", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/94eedf3dded5fb472ce97bfaf3ac1c6c29c35d26" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49799.json b/2022/49xxx/CVE-2022-49799.json index 0b61e32c2ef..6f0f8cb26c2 100644 --- a/2022/49xxx/CVE-2022-49799.json +++ b/2022/49xxx/CVE-2022-49799.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49799", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix wild-memory-access in register_synth_event()\n\nIn register_synth_event(), if set_synth_event_print_fmt() failed, then\nboth trace_remove_event_call() and unregister_trace_event() will be\ncalled, which means the trace_event_call will call\n__unregister_trace_event() twice. As the result, the second unregister\nwill causes the wild-memory-access.\n\nregister_synth_event\n set_synth_event_print_fmt failed\n trace_remove_event_call\n event_remove\n if call->event.funcs then\n __unregister_trace_event (first call)\n unregister_trace_event\n __unregister_trace_event (second call)\n\nFix the bug by avoiding to call the second __unregister_trace_event() by\nchecking if the first one is called.\n\ngeneral protection fault, probably for non-canonical address\n\t0xfbd59c0000000024: 0000 [#1] SMP KASAN PTI\nKASAN: maybe wild-memory-access in range\n[0xdead000000000120-0xdead000000000127]\nCPU: 0 PID: 3807 Comm: modprobe Not tainted\n6.1.0-rc1-00186-g76f33a7eedb4 #299\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\nRIP: 0010:unregister_trace_event+0x6e/0x280\nCode: 00 fc ff df 4c 89 ea 48 c1 ea 03 80 3c 02 00 0f 85 0e 02 00 00 48\nb8 00 00 00 00 00 fc ff df 4c 8b 63 08 4c 89 e2 48 c1 ea 03 <80> 3c 02\n00 0f 85 e2 01 00 00 49 89 2c 24 48 85 ed 74 28 e8 7a 9b\nRSP: 0018:ffff88810413f370 EFLAGS: 00010a06\nRAX: dffffc0000000000 RBX: ffff888105d050b0 RCX: 0000000000000000\nRDX: 1bd5a00000000024 RSI: ffff888119e276e0 RDI: ffffffff835a8b20\nRBP: dead000000000100 R08: 0000000000000000 R09: fffffbfff0913481\nR10: ffffffff8489a407 R11: fffffbfff0913480 R12: dead000000000122\nR13: ffff888105d050b8 R14: 0000000000000000 R15: ffff888105d05028\nFS: 00007f7823e8d540(0000) GS:ffff888119e00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7823e7ebec CR3: 000000010a058002 CR4: 0000000000330ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n __create_synth_event+0x1e37/0x1eb0\n create_or_delete_synth_event+0x110/0x250\n synth_event_run_command+0x2f/0x110\n test_gen_synth_cmd+0x170/0x2eb [synth_event_gen_test]\n synth_event_gen_test_init+0x76/0x9bc [synth_event_gen_test]\n do_one_initcall+0xdb/0x480\n do_init_module+0x1cf/0x680\n load_module+0x6a50/0x70a0\n __do_sys_finit_module+0x12f/0x1c0\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4b147936fa509650beaf638b331573c23ba4d609", + "version_value": "315b149f08229a233d47532eb5da1707b28f764c" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.17", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.17", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/315b149f08229a233d47532eb5da1707b28f764c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/315b149f08229a233d47532eb5da1707b28f764c" + }, + { + "url": "https://git.kernel.org/stable/c/6517b97134f724d12f673f9fb4f456d75c7a905f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6517b97134f724d12f673f9fb4f456d75c7a905f" + }, + { + "url": "https://git.kernel.org/stable/c/a5bfa53e5036b3e7a80be902dd3719a930accabd", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a5bfa53e5036b3e7a80be902dd3719a930accabd" + }, + { + "url": "https://git.kernel.org/stable/c/1b5f1c34d3f5a664a57a5a7557a50e4e3cc2505c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/1b5f1c34d3f5a664a57a5a7557a50e4e3cc2505c" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49800.json b/2022/49xxx/CVE-2022-49800.json index 3257fcc4487..9588433140b 100644 --- a/2022/49xxx/CVE-2022-49800.json +++ b/2022/49xxx/CVE-2022-49800.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49800", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()\n\ntest_gen_synth_cmd() only free buf in fail path, hence buf will leak\nwhen there is no failure. Add kfree(buf) to prevent the memleak. The\nsame reason and solution in test_empty_synth_event().\n\nunreferenced object 0xffff8881127de000 (size 2048):\n comm \"modprobe\", pid 247, jiffies 4294972316 (age 78.756s)\n hex dump (first 32 bytes):\n 20 67 65 6e 5f 73 79 6e 74 68 5f 74 65 73 74 20 gen_synth_test\n 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 64 5f pid_t next_pid_\n backtrace:\n [<000000004254801a>] kmalloc_trace+0x26/0x100\n [<0000000039eb1cf5>] 0xffffffffa00083cd\n [<000000000e8c3bc8>] 0xffffffffa00086ba\n [<00000000c293d1ea>] do_one_initcall+0xdb/0x480\n [<00000000aa189e6d>] do_init_module+0x1cf/0x680\n [<00000000d513222b>] load_module+0x6a50/0x70a0\n [<000000001fd4d529>] __do_sys_finit_module+0x12f/0x1c0\n [<00000000b36c4c0f>] do_syscall_64+0x3f/0x90\n [<00000000bbf20cf3>] entry_SYSCALL_64_after_hwframe+0x63/0xcd\nunreferenced object 0xffff8881127df000 (size 2048):\n comm \"modprobe\", pid 247, jiffies 4294972324 (age 78.728s)\n hex dump (first 32 bytes):\n 20 65 6d 70 74 79 5f 73 79 6e 74 68 5f 74 65 73 empty_synth_tes\n 74 20 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 t pid_t next_pi\n backtrace:\n [<000000004254801a>] kmalloc_trace+0x26/0x100\n [<00000000d4db9a3d>] 0xffffffffa0008071\n [<00000000c31354a5>] 0xffffffffa00086ce\n [<00000000c293d1ea>] do_one_initcall+0xdb/0x480\n [<00000000aa189e6d>] do_init_module+0x1cf/0x680\n [<00000000d513222b>] load_module+0x6a50/0x70a0\n [<000000001fd4d529>] __do_sys_finit_module+0x12f/0x1c0\n [<00000000b36c4c0f>] do_syscall_64+0x3f/0x90\n [<00000000bbf20cf3>] entry_SYSCALL_64_after_hwframe+0x63/0xcd" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "9fe41efaca08416657efa8731c0d47ccb6a3f3eb", + "version_value": "65ba7e7c241122ef0a9e61d1920f2ae9689aa796" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.6", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.6", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/65ba7e7c241122ef0a9e61d1920f2ae9689aa796", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/65ba7e7c241122ef0a9e61d1920f2ae9689aa796" + }, + { + "url": "https://git.kernel.org/stable/c/07ba4f0603aba288580866394f2916dfe55823a2", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/07ba4f0603aba288580866394f2916dfe55823a2" + }, + { + "url": "https://git.kernel.org/stable/c/0e5baaa181a052d968701bb9c5b1d55847f00942", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0e5baaa181a052d968701bb9c5b1d55847f00942" + }, + { + "url": "https://git.kernel.org/stable/c/a4527fef9afe5c903c718d0cd24609fe9c754250", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a4527fef9afe5c903c718d0cd24609fe9c754250" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49801.json b/2022/49xxx/CVE-2022-49801.json index 3a6becaa317..e70490cb5a5 100644 --- a/2022/49xxx/CVE-2022-49801.json +++ b/2022/49xxx/CVE-2022-49801.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49801", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix memory leak in tracing_read_pipe()\n\nkmemleak reports this issue:\n\nunreferenced object 0xffff888105a18900 (size 128):\n comm \"test_progs\", pid 18933, jiffies 4336275356 (age 22801.766s)\n hex dump (first 32 bytes):\n 25 73 00 90 81 88 ff ff 26 05 00 00 42 01 58 04 %s......&...B.X.\n 03 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<00000000560143a1>] __kmalloc_node_track_caller+0x4a/0x140\n [<000000006af00822>] krealloc+0x8d/0xf0\n [<00000000c309be6a>] trace_iter_expand_format+0x99/0x150\n [<000000005a53bdb6>] trace_check_vprintf+0x1e0/0x11d0\n [<0000000065629d9d>] trace_event_printf+0xb6/0xf0\n [<000000009a690dc7>] trace_raw_output_bpf_trace_printk+0x89/0xc0\n [<00000000d22db172>] print_trace_line+0x73c/0x1480\n [<00000000cdba76ba>] tracing_read_pipe+0x45c/0x9f0\n [<0000000015b58459>] vfs_read+0x17b/0x7c0\n [<000000004aeee8ed>] ksys_read+0xed/0x1c0\n [<0000000063d3d898>] do_syscall_64+0x3b/0x90\n [<00000000a06dda7f>] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\niter->fmt alloced in\n tracing_read_pipe() -> .. ->trace_iter_expand_format(), but not\nfreed, to fix, add free in tracing_release_pipe()" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "efbbdaa22bb78761bff8dfdde027ad04bedd47ce", + "version_value": "2c21ee020ce43d744ecd7f3e9bddfcaafef270ce" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.12", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.12", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/2c21ee020ce43d744ecd7f3e9bddfcaafef270ce", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2c21ee020ce43d744ecd7f3e9bddfcaafef270ce" + }, + { + "url": "https://git.kernel.org/stable/c/a7d3f8f33c113478737bc61bb32ec5f9a987da7d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a7d3f8f33c113478737bc61bb32ec5f9a987da7d" + }, + { + "url": "https://git.kernel.org/stable/c/649e72070cbbb8600eb823833e4748f5a0815116", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/649e72070cbbb8600eb823833e4748f5a0815116" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49802.json b/2022/49xxx/CVE-2022-49802.json index 4e84cb3f0a5..e57dccebe31 100644 --- a/2022/49xxx/CVE-2022-49802.json +++ b/2022/49xxx/CVE-2022-49802.json @@ -1,18 +1,157 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49802", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix null pointer dereference in ftrace_add_mod()\n\nThe @ftrace_mod is allocated by kzalloc(), so both the members {prev,next}\nof @ftrace_mode->list are NULL, it's not a valid state to call list_del().\nIf kstrdup() for @ftrace_mod->{func|module} fails, it goes to @out_free\ntag and calls free_ftrace_mod() to destroy @ftrace_mod, then list_del()\nwill write prev->next and next->prev, where null pointer dereference\nhappens.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nOops: 0002 [#1] PREEMPT SMP NOPTI\nCall Trace:\n \n ftrace_mod_callback+0x20d/0x220\n ? do_filp_open+0xd9/0x140\n ftrace_process_regex.isra.51+0xbf/0x130\n ftrace_regex_write.isra.52.part.53+0x6e/0x90\n vfs_write+0xee/0x3a0\n ? __audit_filter_op+0xb1/0x100\n ? auditd_test_task+0x38/0x50\n ksys_write+0xa5/0xe0\n do_syscall_64+0x3a/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nKernel panic - not syncing: Fatal exception\n\nSo call INIT_LIST_HEAD() to initialize the list member to fix this issue." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "673feb9d76ab3eddde7acfd94b206e321cfc90b9", + "version_value": "665b4c6648bf2b91f69b33817f4321cf4c3cafe9" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.13", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.13", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.14.300", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.19.267", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.4.225", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/665b4c6648bf2b91f69b33817f4321cf4c3cafe9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/665b4c6648bf2b91f69b33817f4321cf4c3cafe9" + }, + { + "url": "https://git.kernel.org/stable/c/b5bfc61f541d3f092b13dedcfe000d86eb8e133c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b5bfc61f541d3f092b13dedcfe000d86eb8e133c" + }, + { + "url": "https://git.kernel.org/stable/c/f715f31559b82e3f75ce047fa476de63d8107584", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f715f31559b82e3f75ce047fa476de63d8107584" + }, + { + "url": "https://git.kernel.org/stable/c/6a14828caddad0d989495a72af678adf60992704", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6a14828caddad0d989495a72af678adf60992704" + }, + { + "url": "https://git.kernel.org/stable/c/1bea037a1abb23a6729bef36a2265a4565f5ea77", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/1bea037a1abb23a6729bef36a2265a4565f5ea77" + }, + { + "url": "https://git.kernel.org/stable/c/6e50eb4b1807017f6c2d5089064256ce2de8aef1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6e50eb4b1807017f6c2d5089064256ce2de8aef1" + }, + { + "url": "https://git.kernel.org/stable/c/19ba6c8af9382c4c05dc6a0a79af3013b9a35cd0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/19ba6c8af9382c4c05dc6a0a79af3013b9a35cd0" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49803.json b/2022/49xxx/CVE-2022-49803.json index c4437d6faa8..f36f34ec7af 100644 --- a/2022/49xxx/CVE-2022-49803.json +++ b/2022/49xxx/CVE-2022-49803.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49803", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdevsim: Fix memory leak of nsim_dev->fa_cookie\n\nkmemleak reports this issue:\n\nunreferenced object 0xffff8881bac872d0 (size 8):\n comm \"sh\", pid 58603, jiffies 4481524462 (age 68.065s)\n hex dump (first 8 bytes):\n 04 00 00 00 de ad be ef ........\n backtrace:\n [<00000000c80b8577>] __kmalloc+0x49/0x150\n [<000000005292b8c6>] nsim_dev_trap_fa_cookie_write+0xc1/0x210 [netdevsim]\n [<0000000093d78e77>] full_proxy_write+0xf3/0x180\n [<000000005a662c16>] vfs_write+0x1c5/0xaf0\n [<000000007aabf84a>] ksys_write+0xed/0x1c0\n [<000000005f1d2e47>] do_syscall_64+0x3b/0x90\n [<000000006001c6ec>] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe issue occurs in the following scenarios:\n\nnsim_dev_trap_fa_cookie_write()\n kmalloc() fa_cookie\n nsim_dev->fa_cookie = fa_cookie\n..\nnsim_drv_remove()\n\nThe fa_cookie allocked in nsim_dev_trap_fa_cookie_write() is not freed. To\nfix, add kfree(nsim_dev->fa_cookie) to nsim_drv_remove()." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "d3cbb907ae57fe5da314b51d949b617b538bdeae", + "version_value": "207edad5717e0a5709ce8467f0eff41c607835c9" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.7", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.7", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/207edad5717e0a5709ce8467f0eff41c607835c9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/207edad5717e0a5709ce8467f0eff41c607835c9" + }, + { + "url": "https://git.kernel.org/stable/c/064bc7312bd09a48798418663090be0c776183db", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/064bc7312bd09a48798418663090be0c776183db" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49804.json b/2022/49xxx/CVE-2022-49804.json index 17f8a36fa23..f2e42c365ab 100644 --- a/2022/49xxx/CVE-2022-49804.json +++ b/2022/49xxx/CVE-2022-49804.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49804", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390: avoid using global register for current_stack_pointer\n\nCommit 30de14b1884b (\"s390: current_stack_pointer shouldn't be a\nfunction\") made current_stack_pointer a global register variable like\non many other architectures. Unfortunately on s390 it uncovers old\ngcc bug which is fixed only since gcc-9.1 [gcc commit 3ad7fed1cc87\n(\"S/390: Fix PR89775. Stackpointer save/restore instructions removed\")]\nand backported to gcc-8.4 and later. Due to this bug gcc versions prior\nto 8.4 generate broken code which leads to stack corruptions.\n\nCurrent minimal gcc version required to build the kernel is declared\nas 5.1. It is not possible to fix all old gcc versions, so work\naround this problem by avoiding using global register variable for\ncurrent_stack_pointer." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "30de14b1884ba609fc1acfba5b40309e3a6ccefe", + "version_value": "a478952a8ac44e32316dc046a063a7dc34825aa6" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.18", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.18", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/a478952a8ac44e32316dc046a063a7dc34825aa6", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a478952a8ac44e32316dc046a063a7dc34825aa6" + }, + { + "url": "https://git.kernel.org/stable/c/e3c11025bcd2142a61abe5806b2f86a0e78118df", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e3c11025bcd2142a61abe5806b2f86a0e78118df" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49805.json b/2022/49xxx/CVE-2022-49805.json index ff371137a16..bf15a812021 100644 --- a/2022/49xxx/CVE-2022-49805.json +++ b/2022/49xxx/CVE-2022-49805.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49805", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lan966x: Fix potential null-ptr-deref in lan966x_stats_init()\n\nlan966x_stats_init() calls create_singlethread_workqueue() and not\nchecked the ret value, which may return NULL. And a null-ptr-deref may\nhappen:\n\nlan966x_stats_init()\n create_singlethread_workqueue() # failed, lan966x->stats_queue is NULL\n queue_delayed_work()\n queue_delayed_work_on()\n __queue_delayed_work() # warning here, but continue\n __queue_work() # access wq->flags, null-ptr-deref\n\nCheck the ret value and return -ENOMEM if it is NULL." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12c2d0a5b8e2a1afc8c7738e19a0d1dd7f3d4007", + "version_value": "4a43c1c6040e848e1344c7b16ac696b68fbc439c" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.17", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.17", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/4a43c1c6040e848e1344c7b16ac696b68fbc439c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4a43c1c6040e848e1344c7b16ac696b68fbc439c" + }, + { + "url": "https://git.kernel.org/stable/c/ba86af3733aece88dbcee0dfebf7e2dcfefb2be4", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ba86af3733aece88dbcee0dfebf7e2dcfefb2be4" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49806.json b/2022/49xxx/CVE-2022-49806.json index d464a3475e6..dc1897aa99b 100644 --- a/2022/49xxx/CVE-2022-49806.json +++ b/2022/49xxx/CVE-2022-49806.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49806", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start()\n\nsparx_stats_init() calls create_singlethread_workqueue() and not\nchecked the ret value, which may return NULL. And a null-ptr-deref may\nhappen:\n\nsparx_stats_init()\n create_singlethread_workqueue() # failed, sparx5->stats_queue is NULL\n queue_delayed_work()\n queue_delayed_work_on()\n __queue_delayed_work() # warning here, but continue\n __queue_work() # access wq->flags, null-ptr-deref\n\nCheck the ret value and return -ENOMEM if it is NULL. So as\nsparx5_start()." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "b37a1bae742f92cc9b1f777d54e04ee3d86bbfc2", + "version_value": "80e590aeb132887102c3fa79d99b338f099dc952" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.14", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.14", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/80e590aeb132887102c3fa79d99b338f099dc952", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/80e590aeb132887102c3fa79d99b338f099dc952" + }, + { + "url": "https://git.kernel.org/stable/c/456327e565dc49d18b2f595f39f47df8a36f1057", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/456327e565dc49d18b2f595f39f47df8a36f1057" + }, + { + "url": "https://git.kernel.org/stable/c/639f5d006e36bb303f525d9479448c412b720c39", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/639f5d006e36bb303f525d9479448c412b720c39" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49807.json b/2022/49xxx/CVE-2022-49807.json index c2d632c3025..719116d8567 100644 --- a/2022/49xxx/CVE-2022-49807.json +++ b/2022/49xxx/CVE-2022-49807.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49807", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: fix a memory leak in nvmet_auth_set_key\n\nWhen changing dhchap secrets we need to release the old\nsecrets as well.\n\nkmemleak complaint:\n--\nunreferenced object 0xffff8c7f44ed8180 (size 64):\n comm \"check\", pid 7304, jiffies 4295686133 (age 72034.246s)\n hex dump (first 32 bytes):\n 44 48 48 43 2d 31 3a 30 30 3a 4c 64 4c 4f 64 71 DHHC-1:00:LdLOdq\n 79 56 69 67 77 48 55 32 6d 5a 59 4c 7a 35 59 38 yVigwHU2mZYLz5Y8\n backtrace:\n [<00000000b6fc5071>] kstrdup+0x2e/0x60\n [<00000000f0f4633f>] 0xffffffffc0e07ee6\n [<0000000053006c05>] 0xffffffffc0dff783\n [<00000000419ae922>] configfs_write_iter+0xb1/0x120\n [<000000008183c424>] vfs_write+0x2be/0x3c0\n [<000000009005a2a5>] ksys_write+0x5f/0xe0\n [<00000000cd495c89>] do_syscall_64+0x38/0x90\n [<00000000f2a84ac5>] entry_SYSCALL_64_after_hwframe+0x63/0xcd" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "db1312dd95488b5e6ff362ff66fcf953a46b1821", + "version_value": "65710ea51d4a185592c7b14c9e33d0c4a364f074" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.0", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.0", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/65710ea51d4a185592c7b14c9e33d0c4a364f074", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/65710ea51d4a185592c7b14c9e33d0c4a364f074" + }, + { + "url": "https://git.kernel.org/stable/c/0a52566279b4ee65ecd2503d7b7342851f84755c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0a52566279b4ee65ecd2503d7b7342851f84755c" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49808.json b/2022/49xxx/CVE-2022-49808.json index 6d463b766ad..d5fb5059608 100644 --- a/2022/49xxx/CVE-2022-49808.json +++ b/2022/49xxx/CVE-2022-49808.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49808", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: don't leak tagger-owned storage on switch driver unbind\n\nIn the initial commit dc452a471dba (\"net: dsa: introduce tagger-owned\nstorage for private and shared data\"), we had a call to\ntag_ops->disconnect(dst) issued from dsa_tree_free(), which is called at\ntree teardown time.\n\nThere were problems with connecting to a switch tree as a whole, so this\ngot reworked to connecting to individual switches within the tree. In\nthis process, tag_ops->disconnect(ds) was made to be called only from\nswitch.c (cross-chip notifiers emitted as a result of dynamic tag proto\nchanges), but the normal driver teardown code path wasn't replaced with\nanything.\n\nSolve this problem by adding a function that does the opposite of\ndsa_switch_setup_tag_protocol(), which is called from the equivalent\nspot in dsa_switch_teardown(). The positioning here also ensures that we\nwon't have any use-after-free in tagging protocol (*rcv) ops, since the\nteardown sequence is as follows:\n\ndsa_tree_teardown\n-> dsa_tree_teardown_master\n -> dsa_master_teardown\n -> unsets master->dsa_ptr, making no further packets match the\n ETH_P_XDSA packet type handler\n-> dsa_tree_teardown_ports\n -> dsa_port_teardown\n -> dsa_slave_destroy\n -> unregisters DSA net devices, there is even a synchronize_net()\n in unregister_netdevice_many()\n-> dsa_tree_teardown_switches\n -> dsa_switch_teardown\n -> dsa_switch_teardown_tag_protocol\n -> finally frees the tagger-owned storage" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "7f2973149c22e7a6fee4c0c9fa6b8e4108e9c208", + "version_value": "5809fb03942dbac25144db5bebea84fa003ecaca" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.17", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.17", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/5809fb03942dbac25144db5bebea84fa003ecaca", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5809fb03942dbac25144db5bebea84fa003ecaca" + }, + { + "url": "https://git.kernel.org/stable/c/4e0c19fcb8b5323716140fa82b79aa9f60e60407", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4e0c19fcb8b5323716140fa82b79aa9f60e60407" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49809.json b/2022/49xxx/CVE-2022-49809.json index 820dcad03db..a58308b18e9 100644 --- a/2022/49xxx/CVE-2022-49809.json +++ b/2022/49xxx/CVE-2022-49809.json @@ -1,18 +1,168 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49809", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/x25: Fix skb leak in x25_lapb_receive_frame()\n\nx25_lapb_receive_frame() using skb_copy() to get a private copy of\nskb, the new skb should be freed in the undersized/fragmented skb\nerror handling path. Otherwise there is a memory leak." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "cb101ed2c3c7c0224d16953fe77bfb9d6c2cb9df", + "version_value": "fda0ba7c84b46d10947c687320804b9de149a921" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "3.1", + "status": "affected" + }, + { + "version": "0", + "lessThan": "3.1", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.9.334", + "lessThanOrEqual": "4.9.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.14.300", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.19.267", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.4.225", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/fda0ba7c84b46d10947c687320804b9de149a921", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/fda0ba7c84b46d10947c687320804b9de149a921" + }, + { + "url": "https://git.kernel.org/stable/c/dfcfbe4f2e4b2c81cff4e79b48502d97fda73118", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/dfcfbe4f2e4b2c81cff4e79b48502d97fda73118" + }, + { + "url": "https://git.kernel.org/stable/c/0ef17d966445358a55c5f4ccf2c73cca3e39192b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0ef17d966445358a55c5f4ccf2c73cca3e39192b" + }, + { + "url": "https://git.kernel.org/stable/c/e109b41870db995cae25dfaf0cc3922f9028b1a1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e109b41870db995cae25dfaf0cc3922f9028b1a1" + }, + { + "url": "https://git.kernel.org/stable/c/9f00da9c866d506998bf0a3f699ec900730472da", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9f00da9c866d506998bf0a3f699ec900730472da" + }, + { + "url": "https://git.kernel.org/stable/c/c8baf1fc248b2e88642f094fea9509a9bf98c5bb", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c8baf1fc248b2e88642f094fea9509a9bf98c5bb" + }, + { + "url": "https://git.kernel.org/stable/c/2d675be16a461310d738d93f9f1a00da62055c5a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2d675be16a461310d738d93f9f1a00da62055c5a" + }, + { + "url": "https://git.kernel.org/stable/c/2929cceb2fcf0ded7182562e4888afafece82cce", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2929cceb2fcf0ded7182562e4888afafece82cce" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49810.json b/2022/49xxx/CVE-2022-49810.json index 83f4b450321..452d100b364 100644 --- a/2022/49xxx/CVE-2022-49810.json +++ b/2022/49xxx/CVE-2022-49810.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49810", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix missing xas_retry() calls in xarray iteration\n\nnetfslib has a number of places in which it performs iteration of an xarray\nwhilst being under the RCU read lock. It *should* call xas_retry() as the\nfirst thing inside of the loop and do \"continue\" if it returns true in case\nthe xarray walker passed out a special value indicating that the walk needs\nto be redone from the root[*].\n\nFix this by adding the missing retry checks.\n\n[*] I wonder if this should be done inside xas_find(), xas_next_node() and\n suchlike, but I'm told that's not an simple change to effect.\n\nThis can cause an oops like that below. Note the faulting address - this\nis an internal value (|0x2) returned from xarray.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000402\n...\nRIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs]\n...\nCall Trace:\n netfs_rreq_assess+0xa6/0x240 [netfs]\n netfs_readpage+0x173/0x3b0 [netfs]\n ? init_wait_var_entry+0x50/0x50\n filemap_read_page+0x33/0xf0\n filemap_get_pages+0x2f2/0x3f0\n filemap_read+0xaa/0x320\n ? do_filp_open+0xb2/0x150\n ? rmqueue+0x3be/0xe10\n ceph_read_iter+0x1fe/0x680 [ceph]\n ? new_sync_read+0x115/0x1a0\n new_sync_read+0x115/0x1a0\n vfs_read+0xf3/0x180\n ksys_read+0x5f/0xe0\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nChanges:\n========\nver #2)\n - Changed an unsigned int to a size_t to reduce the likelihood of an\n overflow as per Willy's suggestion.\n - Added an additional patch to fix the maths." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3d3c95046742e4eebaa4b891b0b01cbbed94ebbd", + "version_value": "b2cc07a76f1eb12de3b22caf5fdbf856a7bef16d" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.13", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.13", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/b2cc07a76f1eb12de3b22caf5fdbf856a7bef16d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b2cc07a76f1eb12de3b22caf5fdbf856a7bef16d" + }, + { + "url": "https://git.kernel.org/stable/c/7e043a80b5dae5c2d2cf84031501de7827fd6c00", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7e043a80b5dae5c2d2cf84031501de7827fd6c00" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49811.json b/2022/49xxx/CVE-2022-49811.json index a8711a688d5..5cc965a01cc 100644 --- a/2022/49xxx/CVE-2022-49811.json +++ b/2022/49xxx/CVE-2022-49811.json @@ -1,18 +1,157 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49811", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrbd: use after free in drbd_create_device()\n\nThe drbd_destroy_connection() frees the \"connection\" so use the _safe()\niterator to prevent a use after free." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "b6f85ef9538b2111a8ba0bbfae9aaebabfc94961", + "version_value": "fc1897f16ebcfd22364f2afcc27f53a740f3bc7a" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "3.15", + "status": "affected" + }, + { + "version": "0", + "lessThan": "3.15", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.14.300", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.19.267", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.4.225", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/fc1897f16ebcfd22364f2afcc27f53a740f3bc7a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/fc1897f16ebcfd22364f2afcc27f53a740f3bc7a" + }, + { + "url": "https://git.kernel.org/stable/c/bf47ca1b35fc1f55091ffaff5fbe41ea0c6f59a1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/bf47ca1b35fc1f55091ffaff5fbe41ea0c6f59a1" + }, + { + "url": "https://git.kernel.org/stable/c/813a8dd9c45fd46f5cbbfbedf0791afa7740ccf5", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/813a8dd9c45fd46f5cbbfbedf0791afa7740ccf5" + }, + { + "url": "https://git.kernel.org/stable/c/9ed51414aef6e59e832e2960f10766dce2d5b1a1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9ed51414aef6e59e832e2960f10766dce2d5b1a1" + }, + { + "url": "https://git.kernel.org/stable/c/7d93417d596402ddd46bd76c721f205d09d0d025", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7d93417d596402ddd46bd76c721f205d09d0d025" + }, + { + "url": "https://git.kernel.org/stable/c/c2a00b149836d60c222930bbea6b2139caf34d4f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c2a00b149836d60c222930bbea6b2139caf34d4f" + }, + { + "url": "https://git.kernel.org/stable/c/a7a1598189228b5007369a9622ccdf587be0730f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a7a1598189228b5007369a9622ccdf587be0730f" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49812.json b/2022/49xxx/CVE-2022-49812.json index 901d47b4929..00ab0ee446a 100644 --- a/2022/49xxx/CVE-2022-49812.json +++ b/2022/49xxx/CVE-2022-49812.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49812", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: switchdev: Fix memory leaks when changing VLAN protocol\n\nThe bridge driver can offload VLANs to the underlying hardware either\nvia switchdev or the 8021q driver. When the former is used, the VLAN is\nmarked in the bridge driver with the 'BR_VLFLAG_ADDED_BY_SWITCHDEV'\nprivate flag.\n\nTo avoid the memory leaks mentioned in the cited commit, the bridge\ndriver will try to delete a VLAN via the 8021q driver if the VLAN is not\nmarked with the previously mentioned flag.\n\nWhen the VLAN protocol of the bridge changes, switchdev drivers are\nnotified via the 'SWITCHDEV_ATTR_ID_BRIDGE_VLAN_PROTOCOL' attribute, but\nthe 8021q driver is also called to add the existing VLANs with the new\nprotocol and delete them with the old protocol.\n\nIn case the VLANs were offloaded via switchdev, the above behavior is\nboth redundant and buggy. Redundant because the VLANs are already\nprogrammed in hardware and drivers that support VLAN protocol change\n(currently only mlx5) change the protocol upon the switchdev attribute\nnotification. Buggy because the 8021q driver is called despite these\nVLANs being marked with 'BR_VLFLAG_ADDED_BY_SWITCHDEV'. This leads to\nmemory leaks [1] when the VLANs are deleted.\n\nFix by not calling the 8021q driver for VLANs that were already\nprogrammed via switchdev.\n\n[1]\nunreferenced object 0xffff8881f6771200 (size 256):\n comm \"ip\", pid 446855, jiffies 4298238841 (age 55.240s)\n hex dump (first 32 bytes):\n 00 00 7f 0e 83 88 ff ff 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<00000000012819ac>] vlan_vid_add+0x437/0x750\n [<00000000f2281fad>] __br_vlan_set_proto+0x289/0x920\n [<000000000632b56f>] br_changelink+0x3d6/0x13f0\n [<0000000089d25f04>] __rtnl_newlink+0x8ae/0x14c0\n [<00000000f6276baf>] rtnl_newlink+0x5f/0x90\n [<00000000746dc902>] rtnetlink_rcv_msg+0x336/0xa00\n [<000000001c2241c0>] netlink_rcv_skb+0x11d/0x340\n [<0000000010588814>] netlink_unicast+0x438/0x710\n [<00000000e1a4cd5c>] netlink_sendmsg+0x788/0xc40\n [<00000000e8992d4e>] sock_sendmsg+0xb0/0xe0\n [<00000000621b8f91>] ____sys_sendmsg+0x4ff/0x6d0\n [<000000000ea26996>] ___sys_sendmsg+0x12e/0x1b0\n [<00000000684f7e25>] __sys_sendmsg+0xab/0x130\n [<000000004538b104>] do_syscall_64+0x3d/0x90\n [<0000000091ed9678>] entry_SYSCALL_64_after_hwframe+0x46/0xb0" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "279737939a8194f02fa352ab4476a1b241f44ef4", + "version_value": "347f1793b573466424c550f2748ed837b6690fe7" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.0", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.0", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.157", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/347f1793b573466424c550f2748ed837b6690fe7", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/347f1793b573466424c550f2748ed837b6690fe7" + }, + { + "url": "https://git.kernel.org/stable/c/fc16a2c81a3eb1cbba8775f5bdc67856df903a7c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/fc16a2c81a3eb1cbba8775f5bdc67856df903a7c" + }, + { + "url": "https://git.kernel.org/stable/c/f8926e2d2225eb7b7e11cd3fa266aaad9075b767", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f8926e2d2225eb7b7e11cd3fa266aaad9075b767" + }, + { + "url": "https://git.kernel.org/stable/c/9d45921ee4cb364910097e7d1b7558559c2f9fd2", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9d45921ee4cb364910097e7d1b7558559c2f9fd2" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49813.json b/2022/49xxx/CVE-2022-49813.json index b6aadc72991..8c5e32c6a0c 100644 --- a/2022/49xxx/CVE-2022-49813.json +++ b/2022/49xxx/CVE-2022-49813.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49813", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ena: Fix error handling in ena_init()\n\nThe ena_init() won't destroy workqueue created by\ncreate_singlethread_workqueue() when pci_register_driver() failed.\nCall destroy_workqueue() when pci_register_driver() failed to prevent the\nresource leak." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1738cd3ed342294360d6a74d4e58800004bff854", + "version_value": "6b23a4b252044e4fd23438930d452244818d7000" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.9", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.9", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/6b23a4b252044e4fd23438930d452244818d7000", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6b23a4b252044e4fd23438930d452244818d7000" + }, + { + "url": "https://git.kernel.org/stable/c/3f7b2ef8fe924e299bc339811ea3f1b9935c040f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3f7b2ef8fe924e299bc339811ea3f1b9935c040f" + }, + { + "url": "https://git.kernel.org/stable/c/0e2369223b174d198ec42a3ec0a7f06c8727b968", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0e2369223b174d198ec42a3ec0a7f06c8727b968" + }, + { + "url": "https://git.kernel.org/stable/c/d349e9be5a2c2d7588a2c4e4bfa0bb3dc1226769", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d349e9be5a2c2d7588a2c4e4bfa0bb3dc1226769" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49814.json b/2022/49xxx/CVE-2022-49814.json index afa1055da14..0f807f04f34 100644 --- a/2022/49xxx/CVE-2022-49814.json +++ b/2022/49xxx/CVE-2022-49814.json @@ -1,18 +1,157 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49814", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: close race conditions on sk_receive_queue\n\nsk->sk_receive_queue is protected by skb queue lock, but for KCM\nsockets its RX path takes mux->rx_lock to protect more than just\nskb queue. However, kcm_recvmsg() still only grabs the skb queue\nlock, so race conditions still exist.\n\nWe can teach kcm_recvmsg() to grab mux->rx_lock too but this would\nintroduce a potential performance regression as struct kcm_mux can\nbe shared by multiple KCM sockets.\n\nSo we have to enforce skb queue lock in requeue_rx_msgs() and handle\nskb peek case carefully in kcm_wait_data(). Fortunately,\nskb_recv_datagram() already handles it nicely and is widely used by\nother sockets, we can just switch to skb_recv_datagram() after\ngetting rid of the unnecessary sock lock in kcm_recvmsg() and\nkcm_splice_read(). Side note: SOCK_DONE is not used by KCM sockets,\nso it is safe to get rid of this check too.\n\nI ran the original syzbot reproducer for 30 min without seeing any\nissue." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "ab7ac4eb9832e32a09f4e8042705484d2fb0aad3", + "version_value": "22f6b5d47396b4287662668ee3f5c1f766cb4259" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.6", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.6", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.14.300", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.19.267", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.4.225", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/22f6b5d47396b4287662668ee3f5c1f766cb4259", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/22f6b5d47396b4287662668ee3f5c1f766cb4259" + }, + { + "url": "https://git.kernel.org/stable/c/d9ad4de92e184b19bcae4da10dac0275abf83931", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d9ad4de92e184b19bcae4da10dac0275abf83931" + }, + { + "url": "https://git.kernel.org/stable/c/ce57d6474ae999a3b2d442314087473a646a65c7", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ce57d6474ae999a3b2d442314087473a646a65c7" + }, + { + "url": "https://git.kernel.org/stable/c/4154b6afa2bd639214ff259d912faad984f7413a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4154b6afa2bd639214ff259d912faad984f7413a" + }, + { + "url": "https://git.kernel.org/stable/c/f7b0e95071bb4be4b811af3f0bfc3e200eedeaa3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f7b0e95071bb4be4b811af3f0bfc3e200eedeaa3" + }, + { + "url": "https://git.kernel.org/stable/c/bf92e54597d842da127c59833b365d6faeeaf020", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/bf92e54597d842da127c59833b365d6faeeaf020" + }, + { + "url": "https://git.kernel.org/stable/c/5121197ecc5db58c07da95eb1ff82b98b121a221", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5121197ecc5db58c07da95eb1ff82b98b121a221" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49815.json b/2022/49xxx/CVE-2022-49815.json index 75958f6dadb..bc004e711b1 100644 --- a/2022/49xxx/CVE-2022-49815.json +++ b/2022/49xxx/CVE-2022-49815.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49815", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix missing xas_retry() in fscache mode\n\nThe xarray iteration only holds the RCU read lock and thus may encounter\nXA_RETRY_ENTRY if there's process modifying the xarray concurrently.\nThis will cause oops when referring to the invalid entry.\n\nFix this by adding the missing xas_retry(), which will make the\niteration wind back to the root node if XA_RETRY_ENTRY is encountered." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "d435d53228dd039fffecae123b8c138af6f96f99", + "version_value": "dbc98fe99e17ed18f2f272d5fe880d844b1c68c3" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.19", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.19", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/dbc98fe99e17ed18f2f272d5fe880d844b1c68c3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/dbc98fe99e17ed18f2f272d5fe880d844b1c68c3" + }, + { + "url": "https://git.kernel.org/stable/c/37020bbb71d911431e16c2c940b97cf86ae4f2f6", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/37020bbb71d911431e16c2c940b97cf86ae4f2f6" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49816.json b/2022/49xxx/CVE-2022-49816.json index ce7cbdf3b73..56e85e1548b 100644 --- a/2022/49xxx/CVE-2022-49816.json +++ b/2022/49xxx/CVE-2022-49816.json @@ -1,18 +1,168 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49816", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/pcpu: fix possible memory leak in register_pcpu()\n\nIn device_add(), dev_set_name() is called to allocate name, if it returns\nerror, the name need be freed. As comment of device_register() says, it\nshould use put_device() to give up the reference in the error path. So fix\nthis by calling put_device(), then the name can be freed in kobject_cleanup()." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "f65c9bb3fb725551d3e405f4d092caf24929cebe", + "version_value": "ccb22c876e8e7f62377e749c971907efe65d34c2" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "3.6", + "status": "affected" + }, + { + "version": "0", + "lessThan": "3.6", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.9.334", + "lessThanOrEqual": "4.9.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.14.300", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.19.267", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.4.225", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/ccb22c876e8e7f62377e749c971907efe65d34c2", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ccb22c876e8e7f62377e749c971907efe65d34c2" + }, + { + "url": "https://git.kernel.org/stable/c/7ed540bcee2e24479524b9705cc7462b2652f944", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7ed540bcee2e24479524b9705cc7462b2652f944" + }, + { + "url": "https://git.kernel.org/stable/c/6209a85079a035b5c2279b15b197531156b549fa", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6209a85079a035b5c2279b15b197531156b549fa" + }, + { + "url": "https://git.kernel.org/stable/c/0199bf0a8f74509736744c9e36f4473a5892a09d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0199bf0a8f74509736744c9e36f4473a5892a09d" + }, + { + "url": "https://git.kernel.org/stable/c/bb9924a6edd9d4a9ef83a5f337af60f8a7a68f98", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/bb9924a6edd9d4a9ef83a5f337af60f8a7a68f98" + }, + { + "url": "https://git.kernel.org/stable/c/c08c13cb13fa3866dd0700db3b246fcd2043ab81", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c08c13cb13fa3866dd0700db3b246fcd2043ab81" + }, + { + "url": "https://git.kernel.org/stable/c/e948f3c129d78537ded70bcc99c31f0b45f05dd7", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e948f3c129d78537ded70bcc99c31f0b45f05dd7" + }, + { + "url": "https://git.kernel.org/stable/c/da36a2a76b01b210ffaa55cdc2c99bc8783697c5", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/da36a2a76b01b210ffaa55cdc2c99bc8783697c5" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49817.json b/2022/49xxx/CVE-2022-49817.json index f04f3849a42..3b096d489a5 100644 --- a/2022/49xxx/CVE-2022-49817.json +++ b/2022/49xxx/CVE-2022-49817.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49817", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mhi: Fix memory leak in mhi_net_dellink()\n\nMHI driver registers network device without setting the\nneeds_free_netdev flag, and does NOT call free_netdev() when\nunregisters network device, which causes a memory leak.\n\nThis patch calls free_netdev() to fix it since netdev_priv\nis used after unregister." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13adac032982c61bb590669e8e87e51558917ca1", + "version_value": "88da008e5e2f9753726ea5a51ef2eb144e9de927" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.14", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.14", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/88da008e5e2f9753726ea5a51ef2eb144e9de927", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/88da008e5e2f9753726ea5a51ef2eb144e9de927" + }, + { + "url": "https://git.kernel.org/stable/c/25a270343b0f16e1f6e65f541a15975a35e238ff", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/25a270343b0f16e1f6e65f541a15975a35e238ff" + }, + { + "url": "https://git.kernel.org/stable/c/f7c125bd79f50ec6094761090be81d02726ec6f4", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f7c125bd79f50ec6094761090be81d02726ec6f4" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49818.json b/2022/49xxx/CVE-2022-49818.json index 00daeccd83e..07647a072c2 100644 --- a/2022/49xxx/CVE-2022-49818.json +++ b/2022/49xxx/CVE-2022-49818.json @@ -1,18 +1,172 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49818", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: fix misuse of put_device() in mISDN_register_device()\n\nWe should not release reference by put_device() before calling device_initialize()." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "d1d1aede313eb2b9a84afd60ff6cfb7c33631e0e", + "version_value": "44658d65f6b3118f595a1229d7eed74845a5e2ac" + }, + { + "version_affected": "<", + "version_name": "080aabfb29b2ee9cbb8894a1d039651943d3773e", + "version_value": "81db4f182744acd004f17d7cc52dde9ea53467e6" + }, + { + "version_affected": "<", + "version_name": "a636fc5a7cabd05699b5692ad838c2c7a3abec7b", + "version_value": "d40b35a7922f4df3767ad6fb8ef3dc86e31d7ba3" + }, + { + "version_affected": "<", + "version_name": "2ff6b669523d3b3d253a044fa9636a67d0694995", + "version_value": "83672c1b83d107b0d4fe0accf1bf64d8988398e6" + }, + { + "version_affected": "<", + "version_name": "e77d213843e67b4373285712699b692f9c743f61", + "version_value": "709aa1f73d3e9e9ea16e2c4e44f2874c5d2c382c" + }, + { + "version_affected": "<", + "version_name": "029d5b7688a2f3a86f2a3be5a6ba9cc968c80e41", + "version_value": "596230471da3415e92ae6b9d2a4e26f4a81cac5a" + }, + { + "version_affected": "<", + "version_name": "0d4e91efcaee081e919b3c50e875ecbb84290e41", + "version_value": "87b336aa158201dc30a318431e63e8c5b26c4156" + }, + { + "version_affected": "<", + "version_name": "e7d1d4d9ac0dfa40be4c2c8abd0731659869b297", + "version_value": "2d25107e111a85c56f601a5470f1780ec054e6ac" + }, + { + "version_affected": "<", + "version_name": "4.9.333", + "version_value": "4.9.334" + }, + { + "version_affected": "<", + "version_name": "4.14.299", + "version_value": "4.14.300" + }, + { + "version_affected": "<", + "version_name": "4.19.265", + "version_value": "4.19.267" + }, + { + "version_affected": "<", + "version_name": "5.4.224", + "version_value": "5.4.225" + }, + { + "version_affected": "<", + "version_name": "5.10.154", + "version_value": "5.10.156" + }, + { + "version_affected": "<", + "version_name": "5.15.78", + "version_value": "5.15.80" + }, + { + "version_affected": "<", + "version_name": "6.0.8", + "version_value": "6.0.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/44658d65f6b3118f595a1229d7eed74845a5e2ac", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/44658d65f6b3118f595a1229d7eed74845a5e2ac" + }, + { + "url": "https://git.kernel.org/stable/c/81db4f182744acd004f17d7cc52dde9ea53467e6", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/81db4f182744acd004f17d7cc52dde9ea53467e6" + }, + { + "url": "https://git.kernel.org/stable/c/d40b35a7922f4df3767ad6fb8ef3dc86e31d7ba3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d40b35a7922f4df3767ad6fb8ef3dc86e31d7ba3" + }, + { + "url": "https://git.kernel.org/stable/c/83672c1b83d107b0d4fe0accf1bf64d8988398e6", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/83672c1b83d107b0d4fe0accf1bf64d8988398e6" + }, + { + "url": "https://git.kernel.org/stable/c/709aa1f73d3e9e9ea16e2c4e44f2874c5d2c382c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/709aa1f73d3e9e9ea16e2c4e44f2874c5d2c382c" + }, + { + "url": "https://git.kernel.org/stable/c/596230471da3415e92ae6b9d2a4e26f4a81cac5a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/596230471da3415e92ae6b9d2a4e26f4a81cac5a" + }, + { + "url": "https://git.kernel.org/stable/c/87b336aa158201dc30a318431e63e8c5b26c4156", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/87b336aa158201dc30a318431e63e8c5b26c4156" + }, + { + "url": "https://git.kernel.org/stable/c/2d25107e111a85c56f601a5470f1780ec054e6ac", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2d25107e111a85c56f601a5470f1780ec054e6ac" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49819.json b/2022/49xxx/CVE-2022-49819.json index bc7609088fd..4425f24f324 100644 --- a/2022/49xxx/CVE-2022-49819.json +++ b/2022/49xxx/CVE-2022-49819.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49819", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: fix potential memory leak in octep_device_setup()\n\nWhen occur unsupported_dev and mbox init errors, it did not free oct->conf\nand iounmap() oct->mmio[i].hw_addr. That would trigger memory leak problem.\nAdd kfree() for oct->conf and iounmap() for oct->mmio[i].hw_addr under\nunsupported_dev and mbox init errors to fix the problem." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "862cd659a6fbac664f1fcdd7149046040a7a7e9c", + "version_value": "67b65a0db8a7fdad43159819f41335497a4bb04f" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.19", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.19", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/67b65a0db8a7fdad43159819f41335497a4bb04f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/67b65a0db8a7fdad43159819f41335497a4bb04f" + }, + { + "url": "https://git.kernel.org/stable/c/e4041be97b15302ebfffda8bbd45f3b2d096048f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e4041be97b15302ebfffda8bbd45f3b2d096048f" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49820.json b/2022/49xxx/CVE-2022-49820.json index 8043b259cbc..880f4e00a4a 100644 --- a/2022/49xxx/CVE-2022-49820.json +++ b/2022/49xxx/CVE-2022-49820.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49820", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmctp i2c: don't count unused / invalid keys for flow release\n\nWe're currently hitting the WARN_ON in mctp_i2c_flow_release:\n\n if (midev->release_count > midev->i2c_lock_count) {\n WARN_ONCE(1, \"release count overflow\");\n\nThis may be hit if we expire a flow before sending the first packet it\ncontains - as we will not be pairing the increment of release_count\n(performed on flow release) with the i2c lock operation (only\nperformed on actual TX).\n\nTo fix this, only release a flow if we've encountered it previously (ie,\ndev_flow_state does not indicate NEW), as we will mark the flow as\nACTIVE at the same time as accounting for the i2c lock operation. We\nalso need to add an INVALID flow state, to indicate when we've done the\nrelease." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "f5b8abf9fc3dacd7529d363e26fe8230935d65f8", + "version_value": "a5915a9a3ab4067ef8996a57738d156eabeb3a12" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.18", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.18", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/a5915a9a3ab4067ef8996a57738d156eabeb3a12", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a5915a9a3ab4067ef8996a57738d156eabeb3a12" + }, + { + "url": "https://git.kernel.org/stable/c/9cbd48d5fa14e4c65f8580de16686077f7cea02b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9cbd48d5fa14e4c65f8580de16686077f7cea02b" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49821.json b/2022/49xxx/CVE-2022-49821.json index c120c478ef9..3f5cf3c088b 100644 --- a/2022/49xxx/CVE-2022-49821.json +++ b/2022/49xxx/CVE-2022-49821.json @@ -1,18 +1,168 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49821", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: fix possible memory leak in mISDN_dsp_element_register()\n\nAfer commit 1fa5ae857bb1 (\"driver core: get rid of struct device's\nbus_id string array\"), the name of device is allocated dynamically,\nuse put_device() to give up the reference, so that the name can be\nfreed in kobject_cleanup() when the refcount is 0.\n\nThe 'entry' is going to be freed in mISDN_dsp_dev_release(), so the\nkfree() is removed. list_del() is called in mISDN_dsp_dev_release(),\nso it need be initialized." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1fa5ae857bb14f6046205171d98506d8112dd74e", + "version_value": "bbd53d05c4c892080ef3b617eff4f57903acecb9" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "2.6.30", + "status": "affected" + }, + { + "version": "0", + "lessThan": "2.6.30", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.9.334", + "lessThanOrEqual": "4.9.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.14.300", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.19.267", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.4.225", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/bbd53d05c4c892080ef3b617eff4f57903acecb9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/bbd53d05c4c892080ef3b617eff4f57903acecb9" + }, + { + "url": "https://git.kernel.org/stable/c/b119bedbefb7dd9ed8bf8cb9f1056504250d610e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b119bedbefb7dd9ed8bf8cb9f1056504250d610e" + }, + { + "url": "https://git.kernel.org/stable/c/727ed7d28348c026c7ef4d852f3d0e5054d376e8", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/727ed7d28348c026c7ef4d852f3d0e5054d376e8" + }, + { + "url": "https://git.kernel.org/stable/c/0f2c681900a01e3f23789bca26d88268c3d5b51d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0f2c681900a01e3f23789bca26d88268c3d5b51d" + }, + { + "url": "https://git.kernel.org/stable/c/083a2c9ef82e184bdf0b9f9a1e5fc38d32afbb47", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/083a2c9ef82e184bdf0b9f9a1e5fc38d32afbb47" + }, + { + "url": "https://git.kernel.org/stable/c/7a05e3929668c8cfef495c69752a9e91fac4878f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7a05e3929668c8cfef495c69752a9e91fac4878f" + }, + { + "url": "https://git.kernel.org/stable/c/d4b8394725079670be309f9a35ad88a8cbbaaefd", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d4b8394725079670be309f9a35ad88a8cbbaaefd" + }, + { + "url": "https://git.kernel.org/stable/c/98a2ac1ca8fd6eca6867726fe238d06e75eb1acd", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/98a2ac1ca8fd6eca6867726fe238d06e75eb1acd" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49822.json b/2022/49xxx/CVE-2022-49822.json index 6f0979ddb9f..b04e3a6a3bb 100644 --- a/2022/49xxx/CVE-2022-49822.json +++ b/2022/49xxx/CVE-2022-49822.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49822", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix connections leak when tlink setup failed\n\nIf the tlink setup failed, lost to put the connections, then\nthe module refcnt leak since the cifsd kthread not exit.\n\nAlso leak the fscache info, and for next mount with fsc, it will\nprint the follow errors:\n CIFS: Cache volume key already in use (cifs,127.0.0.1:445,TEST)\n\nLet's check the result of tlink setup, and do some cleanup." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "56c762eb9bee330bb4e6d11c589434f2904d3ab6", + "version_value": "a9059e338fc000c0b87d8cf29e93c74fd703212e" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.0", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.0", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.81", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/a9059e338fc000c0b87d8cf29e93c74fd703212e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a9059e338fc000c0b87d8cf29e93c74fd703212e" + }, + { + "url": "https://git.kernel.org/stable/c/0a087842d10b5daa123ee5291e386cdd78413705", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0a087842d10b5daa123ee5291e386cdd78413705" + }, + { + "url": "https://git.kernel.org/stable/c/1dcdf5f5b2137185cbdd5385f29949ab3da4f00c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/1dcdf5f5b2137185cbdd5385f29949ab3da4f00c" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49823.json b/2022/49xxx/CVE-2022-49823.json index 251894feed4..71866681078 100644 --- a/2022/49xxx/CVE-2022-49823.json +++ b/2022/49xxx/CVE-2022-49823.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49823", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-transport: fix error handling in ata_tdev_add()\n\nIn ata_tdev_add(), the return value of transport_add_device() is\nnot checked. As a result, it causes null-ptr-deref while removing\nthe module, because transport_remove_device() is called to remove\nthe device that was not added.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000000d0\nCPU: 13 PID: 13603 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #36\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : device_del+0x48/0x3a0\nlr : device_del+0x44/0x3a0\nCall trace:\n device_del+0x48/0x3a0\n attribute_container_class_device_del+0x28/0x40\n transport_remove_classdev+0x60/0x7c\n attribute_container_device_trigger+0x118/0x120\n transport_remove_device+0x20/0x30\n ata_tdev_delete+0x24/0x50 [libata]\n ata_tlink_delete+0x40/0xa0 [libata]\n ata_tport_delete+0x2c/0x60 [libata]\n ata_port_detach+0x148/0x1b0 [libata]\n ata_pci_remove_one+0x50/0x80 [libata]\n ahci_remove_one+0x4c/0x8c [ahci]\n\nFix this by checking and handling return value of transport_add_device()\nin ata_tdev_add(). In the error path, device_del() is called to delete\nthe device which was added earlier in this function, and ata_tdev_free()\nis called to free ata_dev." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "d9027470b88631d0956ac37cdadfdeb9cdcf2c99", + "version_value": "ef2ac07ab83163b9a53f45da20e14302591ad9cc" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "2.6.37", + "status": "affected" + }, + { + "version": "0", + "lessThan": "2.6.37", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/ef2ac07ab83163b9a53f45da20e14302591ad9cc", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ef2ac07ab83163b9a53f45da20e14302591ad9cc" + }, + { + "url": "https://git.kernel.org/stable/c/f23058dc2398db1d8faca9a2b1ce30b85cdd8b22", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f23058dc2398db1d8faca9a2b1ce30b85cdd8b22" + }, + { + "url": "https://git.kernel.org/stable/c/f54331962883f4fc4bf5e487e6e7cf07c4567fef", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f54331962883f4fc4bf5e487e6e7cf07c4567fef" + }, + { + "url": "https://git.kernel.org/stable/c/1ff36351309e3eadcff297480baf4785e726de9b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/1ff36351309e3eadcff297480baf4785e726de9b" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49824.json b/2022/49xxx/CVE-2022-49824.json index f6891113b50..e72e6db05a9 100644 --- a/2022/49xxx/CVE-2022-49824.json +++ b/2022/49xxx/CVE-2022-49824.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49824", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-transport: fix error handling in ata_tlink_add()\n\nIn ata_tlink_add(), the return value of transport_add_device() is\nnot checked. As a result, it causes null-ptr-deref while removing\nthe module, because transport_remove_device() is called to remove\nthe device that was not added.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000000d0\nCPU: 33 PID: 13850 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #12\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : device_del+0x48/0x39c\nlr : device_del+0x44/0x39c\nCall trace:\n device_del+0x48/0x39c\n attribute_container_class_device_del+0x28/0x40\n transport_remove_classdev+0x60/0x7c\n attribute_container_device_trigger+0x118/0x120\n transport_remove_device+0x20/0x30\n ata_tlink_delete+0x88/0xb0 [libata]\n ata_tport_delete+0x2c/0x60 [libata]\n ata_port_detach+0x148/0x1b0 [libata]\n ata_pci_remove_one+0x50/0x80 [libata]\n ahci_remove_one+0x4c/0x8c [ahci]\n\nFix this by checking and handling return value of transport_add_device()\nin ata_tlink_add()." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "d9027470b88631d0956ac37cdadfdeb9cdcf2c99", + "version_value": "7377a14598f6b04446c54bc4a50cd249470d6c6f" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "2.6.37", + "status": "affected" + }, + { + "version": "0", + "lessThan": "2.6.37", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/7377a14598f6b04446c54bc4a50cd249470d6c6f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7377a14598f6b04446c54bc4a50cd249470d6c6f" + }, + { + "url": "https://git.kernel.org/stable/c/67b219314628b90b3a314528e177335b0cd5c70b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/67b219314628b90b3a314528e177335b0cd5c70b" + }, + { + "url": "https://git.kernel.org/stable/c/d5234480ca822bdcf03fe4d6a590ddcb854558f7", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d5234480ca822bdcf03fe4d6a590ddcb854558f7" + }, + { + "url": "https://git.kernel.org/stable/c/cf0816f6322c5c37ee52655f928e91ecf32da103", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/cf0816f6322c5c37ee52655f928e91ecf32da103" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49825.json b/2022/49xxx/CVE-2022-49825.json index 0ef8a63e824..70294300793 100644 --- a/2022/49xxx/CVE-2022-49825.json +++ b/2022/49xxx/CVE-2022-49825.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49825", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-transport: fix error handling in ata_tport_add()\n\nIn ata_tport_add(), the return value of transport_add_device() is\nnot checked. As a result, it causes null-ptr-deref while removing\nthe module, because transport_remove_device() is called to remove\nthe device that was not added.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000000d0\nCPU: 12 PID: 13605 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #8\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : device_del+0x48/0x39c\nlr : device_del+0x44/0x39c\nCall trace:\n device_del+0x48/0x39c\n attribute_container_class_device_del+0x28/0x40\n transport_remove_classdev+0x60/0x7c\n attribute_container_device_trigger+0x118/0x120\n transport_remove_device+0x20/0x30\n ata_tport_delete+0x34/0x60 [libata]\n ata_port_detach+0x148/0x1b0 [libata]\n ata_pci_remove_one+0x50/0x80 [libata]\n ahci_remove_one+0x4c/0x8c [ahci]\n\nFix this by checking and handling return value of transport_add_device()\nin ata_tport_add()." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "d9027470b88631d0956ac37cdadfdeb9cdcf2c99", + "version_value": "b5362dc1634d8b8d5f30920f33ac11a3276b7ed9" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "2.6.37", + "status": "affected" + }, + { + "version": "0", + "lessThan": "2.6.37", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/b5362dc1634d8b8d5f30920f33ac11a3276b7ed9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b5362dc1634d8b8d5f30920f33ac11a3276b7ed9" + }, + { + "url": "https://git.kernel.org/stable/c/e7bb1b7a7bf26f6b7372b7b683daece4a42fda02", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e7bb1b7a7bf26f6b7372b7b683daece4a42fda02" + }, + { + "url": "https://git.kernel.org/stable/c/52d9bb0adae9359711a0c5271430afd3754069e7", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/52d9bb0adae9359711a0c5271430afd3754069e7" + }, + { + "url": "https://git.kernel.org/stable/c/3613dbe3909dcc637fe6be00e4dc43b4aa0470ee", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3613dbe3909dcc637fe6be00e4dc43b4aa0470ee" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49826.json b/2022/49xxx/CVE-2022-49826.json index 86787062365..72e5cc76039 100644 --- a/2022/49xxx/CVE-2022-49826.json +++ b/2022/49xxx/CVE-2022-49826.json @@ -1,18 +1,146 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49826", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-transport: fix double ata_host_put() in ata_tport_add()\n\nIn the error path in ata_tport_add(), when calling put_device(),\nata_tport_release() is called, it will put the refcount of 'ap->host'.\n\nAnd then ata_host_put() is called again, the refcount is decreased\nto 0, ata_host_release() is called, all ports are freed and set to\nnull.\n\nWhen unbinding the device after failure, ata_host_stop() is called\nto release the resources, it leads a null-ptr-deref(), because all\nthe ports all freed and null.\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000008\nCPU: 7 PID: 18671 Comm: modprobe Kdump: loaded Tainted: G E 6.1.0-rc3+ #8\npstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : ata_host_stop+0x3c/0x84 [libata]\nlr : release_nodes+0x64/0xd0\nCall trace:\n ata_host_stop+0x3c/0x84 [libata]\n release_nodes+0x64/0xd0\n devres_release_all+0xbc/0x1b0\n device_unbind_cleanup+0x20/0x70\n really_probe+0x158/0x320\n __driver_probe_device+0x84/0x120\n driver_probe_device+0x44/0x120\n __driver_attach+0xb4/0x220\n bus_for_each_dev+0x78/0xdc\n driver_attach+0x2c/0x40\n bus_add_driver+0x184/0x240\n driver_register+0x80/0x13c\n __pci_register_driver+0x4c/0x60\n ahci_pci_driver_init+0x30/0x1000 [ahci]\n\nFix this by removing redundant ata_host_put() in the error path." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2623c7a5f2799569d8bb05eb211da524a8144cb3", + "version_value": "30e12e2be27ac6c4be2af4163c70db381364706f" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.17", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.17", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.19.267", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.4.225", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/30e12e2be27ac6c4be2af4163c70db381364706f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/30e12e2be27ac6c4be2af4163c70db381364706f" + }, + { + "url": "https://git.kernel.org/stable/c/bec9ded5404cb14e5f5470103d0973a2ff83d6a5", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/bec9ded5404cb14e5f5470103d0973a2ff83d6a5" + }, + { + "url": "https://git.kernel.org/stable/c/ac471468f7c16cda2525909946ca13ddbcd14000", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ac471468f7c16cda2525909946ca13ddbcd14000" + }, + { + "url": "https://git.kernel.org/stable/c/377ff82c33c0cb74562a353361b64b33c09562cf", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/377ff82c33c0cb74562a353361b64b33c09562cf" + }, + { + "url": "https://git.kernel.org/stable/c/865a6da40ba092c18292ae5f6194756131293745", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/865a6da40ba092c18292ae5f6194756131293745" + }, + { + "url": "https://git.kernel.org/stable/c/8c76310740807ade5ecdab5888f70ecb6d35732e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8c76310740807ade5ecdab5888f70ecb6d35732e" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49827.json b/2022/49xxx/CVE-2022-49827.json index 6e4e0ce3337..ddfb528559f 100644 --- a/2022/49xxx/CVE-2022-49827.json +++ b/2022/49xxx/CVE-2022-49827.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49827", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()\n\ndrm_vblank_init() call drmm_add_action_or_reset() with\ndrm_vblank_init_release() as action. If __drmm_add_action() failed, will\ndirectly call drm_vblank_init_release() with the vblank whose worker is\nNULL. As the resule, a null-ptr-deref will happen in\nkthread_destroy_worker(). Add the NULL check before calling\ndrm_vblank_destroy_worker().\n\nBUG: null-ptr-deref\nKASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]\nCPU: 5 PID: 961 Comm: modprobe Not tainted 6.0.0-11331-gd465bff130bf-dirty\nRIP: 0010:kthread_destroy_worker+0x25/0xb0\n Call Trace:\n \n drm_vblank_init_release+0x124/0x220 [drm]\n ? drm_crtc_vblank_restore+0x8b0/0x8b0 [drm]\n __drmm_add_action_or_reset+0x41/0x50 [drm]\n drm_vblank_init+0x282/0x310 [drm]\n vkms_init+0x35f/0x1000 [vkms]\n ? 0xffffffffc4508000\n ? lock_is_held_type+0xd7/0x130\n ? __kmem_cache_alloc_node+0x1c2/0x2b0\n ? lock_is_held_type+0xd7/0x130\n ? 0xffffffffc4508000\n do_one_initcall+0xd0/0x4f0\n ...\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5e6c2b4f916157e8f10d093d43e88b2a250d1774", + "version_value": "1d160dfb3fdf11ba9447e862c548447f91f4e74a" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.9", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.9", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/1d160dfb3fdf11ba9447e862c548447f91f4e74a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/1d160dfb3fdf11ba9447e862c548447f91f4e74a" + }, + { + "url": "https://git.kernel.org/stable/c/e884a6c2d49a6c12761e5bed851e9fe93bd923a1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e884a6c2d49a6c12761e5bed851e9fe93bd923a1" + }, + { + "url": "https://git.kernel.org/stable/c/3acd2016421b2e628acad65495d15493bf7a3bc3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3acd2016421b2e628acad65495d15493bf7a3bc3" + }, + { + "url": "https://git.kernel.org/stable/c/4979524f5a2a8210e87fde2f642b0dc060860821", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4979524f5a2a8210e87fde2f642b0dc060860821" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49828.json b/2022/49xxx/CVE-2022-49828.json index 3cf44f428f3..e55fb2bc2a6 100644 --- a/2022/49xxx/CVE-2022-49828.json +++ b/2022/49xxx/CVE-2022-49828.json @@ -1,18 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49828", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhugetlbfs: don't delete error page from pagecache\n\nThis change is very similar to the change that was made for shmem [1], and\nit solves the same problem but for HugeTLBFS instead.\n\nCurrently, when poison is found in a HugeTLB page, the page is removed\nfrom the page cache. That means that attempting to map or read that\nhugepage in the future will result in a new hugepage being allocated\ninstead of notifying the user that the page was poisoned. As [1] states,\nthis is effectively memory corruption.\n\nThe fix is to leave the page in the page cache. If the user attempts to\nuse a poisoned HugeTLB page with a syscall, the syscall will fail with\nEIO, the same error code that shmem uses. For attempts to map the page,\nthe thread will get a BUS_MCEERR_AR SIGBUS.\n\n[1]: commit a76054266661 (\"mm: shmem: don't truncate page if memory failure happens\")" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", + "version_value": "30571f28bb35c826219971c63bcf60d2517112ed" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/30571f28bb35c826219971c63bcf60d2517112ed", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/30571f28bb35c826219971c63bcf60d2517112ed" + }, + { + "url": "https://git.kernel.org/stable/c/ec667443b2dbc6cdbbac4073e51a17733158ec6a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ec667443b2dbc6cdbbac4073e51a17733158ec6a" + }, + { + "url": "https://git.kernel.org/stable/c/8625147cafaa9ba74713d682f5185eb62cb2aedb", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8625147cafaa9ba74713d682f5185eb62cb2aedb" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49829.json b/2022/49xxx/CVE-2022-49829.json index 35000226dbc..df790aa12c8 100644 --- a/2022/49xxx/CVE-2022-49829.json +++ b/2022/49xxx/CVE-2022-49829.json @@ -1,18 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49829", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/scheduler: fix fence ref counting\n\nWe leaked dependency fences when processes were beeing killed.\n\nAdditional to that grab a reference to the last scheduled fence." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", + "version_value": "e5f4b38362df93594cb426b04979d8834122f159" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/e5f4b38362df93594cb426b04979d8834122f159", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e5f4b38362df93594cb426b04979d8834122f159" + }, + { + "url": "https://git.kernel.org/stable/c/b3af84383e7abdc5e63435817bb73a268e7c3637", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b3af84383e7abdc5e63435817bb73a268e7c3637" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49830.json b/2022/49xxx/CVE-2022-49830.json index 52d35b05461..e2db4c42056 100644 --- a/2022/49xxx/CVE-2022-49830.json +++ b/2022/49xxx/CVE-2022-49830.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49830", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/drv: Fix potential memory leak in drm_dev_init()\n\ndrm_dev_init() will add drm_dev_init_release() as a callback. When\ndrmm_add_action() failed, the release function won't be added. As the\nresult, the ref cnt added by device_get() in drm_dev_init() won't be put\nby drm_dev_init_release(), which leads to the memleak. Use\ndrmm_add_action_or_reset() instead of drmm_add_action() to prevent\nmemleak.\n\nunreferenced object 0xffff88810bc0c800 (size 2048):\n comm \"modprobe\", pid 8322, jiffies 4305809845 (age 15.292s)\n hex dump (first 32 bytes):\n e8 cc c0 0b 81 88 ff ff ff ff ff ff 00 00 00 00 ................\n 20 24 3c 0c 81 88 ff ff 18 c8 c0 0b 81 88 ff ff $<.............\n backtrace:\n [<000000007251f72d>] __kmalloc+0x4b/0x1c0\n [<0000000045f21f26>] platform_device_alloc+0x2d/0xe0\n [<000000004452a479>] platform_device_register_full+0x24/0x1c0\n [<0000000089f4ea61>] 0xffffffffa0736051\n [<00000000235b2441>] do_one_initcall+0x7a/0x380\n [<0000000001a4a177>] do_init_module+0x5c/0x230\n [<000000002bf8a8e2>] load_module+0x227d/0x2420\n [<00000000637d6d0a>] __do_sys_finit_module+0xd5/0x140\n [<00000000c99fc324>] do_syscall_64+0x3f/0x90\n [<000000004d85aa77>] entry_SYSCALL_64_after_hwframe+0x63/0xcd" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2cbf7fc6718b9443ecd6261308c6348d8ffcccae", + "version_value": "c47a823ea186263ab69cfb665327b7f72cb5e779" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.8", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.8", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/c47a823ea186263ab69cfb665327b7f72cb5e779", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c47a823ea186263ab69cfb665327b7f72cb5e779" + }, + { + "url": "https://git.kernel.org/stable/c/07e56de8766fe5be67252596244b84ac0ec0de91", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/07e56de8766fe5be67252596244b84ac0ec0de91" + }, + { + "url": "https://git.kernel.org/stable/c/bd8d1335e6e70a396094ef98913b513140c0b86b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/bd8d1335e6e70a396094ef98913b513140c0b86b" + }, + { + "url": "https://git.kernel.org/stable/c/ff963634f7b2e0dc011349abb3fb81a0d074f443", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ff963634f7b2e0dc011349abb3fb81a0d074f443" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49831.json b/2022/49xxx/CVE-2022-49831.json index b197f4488e7..fcfd1009908 100644 --- a/2022/49xxx/CVE-2022-49831.json +++ b/2022/49xxx/CVE-2022-49831.json @@ -1,18 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49831", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: initialize device's zone info for seeding\n\nWhen performing seeding on a zoned filesystem it is necessary to\ninitialize each zoned device's btrfs_zoned_device_info structure,\notherwise mounting the filesystem will cause a NULL pointer dereference.\n\nThis was uncovered by fstests' testcase btrfs/163." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", + "version_value": "91c38504e589dadbcde47b1cacdfc5b684154d44" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.15.79", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.9", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/91c38504e589dadbcde47b1cacdfc5b684154d44", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/91c38504e589dadbcde47b1cacdfc5b684154d44" + }, + { + "url": "https://git.kernel.org/stable/c/544f38a738343d7e75f104e5e9d1ade58d8b71bd", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/544f38a738343d7e75f104e5e9d1ade58d8b71bd" + }, + { + "url": "https://git.kernel.org/stable/c/a8d1b1647bf8244a5f270538e9e636e2657fffa3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a8d1b1647bf8244a5f270538e9e636e2657fffa3" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49832.json b/2022/49xxx/CVE-2022-49832.json index 795357913bd..2472cfd48ee 100644 --- a/2022/49xxx/CVE-2022-49832.json +++ b/2022/49xxx/CVE-2022-49832.json @@ -1,18 +1,168 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49832", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map\n\nHere is the BUG report by KASAN about null pointer dereference:\n\nBUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50\nRead of size 1 at addr 0000000000000000 by task python3/2640\nCall Trace:\n strcmp\n __of_find_property\n of_find_property\n pinctrl_dt_to_map\n\nkasprintf() would return NULL pointer when kmalloc() fail to allocate.\nSo directly return ENOMEM, if kasprintf() return NULL pointer." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "57291ce295c0aca738dd284c4a9c591c09ebee71", + "version_value": "aaf552c5d53abe4659176e099575fe870d2e4768" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "3.5", + "status": "affected" + }, + { + "version": "0", + "lessThan": "3.5", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.9.334", + "lessThanOrEqual": "4.9.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.14.300", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.19.267", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.4.225", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/aaf552c5d53abe4659176e099575fe870d2e4768", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/aaf552c5d53abe4659176e099575fe870d2e4768" + }, + { + "url": "https://git.kernel.org/stable/c/b4d9f55cd38435358bc16d580612bc0d798d7b4c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b4d9f55cd38435358bc16d580612bc0d798d7b4c" + }, + { + "url": "https://git.kernel.org/stable/c/a988dcd3dd9e691c5ccc3324b209688f3b5453e9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a988dcd3dd9e691c5ccc3324b209688f3b5453e9" + }, + { + "url": "https://git.kernel.org/stable/c/040f726fecd88121f3b95e70369785ad452dddf9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/040f726fecd88121f3b95e70369785ad452dddf9" + }, + { + "url": "https://git.kernel.org/stable/c/777430aa4ddccaa5accec6db90ffc1d47f00d471", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/777430aa4ddccaa5accec6db90ffc1d47f00d471" + }, + { + "url": "https://git.kernel.org/stable/c/97e5b508e96176f1a73888ed89df396d7041bfcb", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/97e5b508e96176f1a73888ed89df396d7041bfcb" + }, + { + "url": "https://git.kernel.org/stable/c/5834a3a98cd266ad35a229923c0adbd0addc8d68", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5834a3a98cd266ad35a229923c0adbd0addc8d68" + }, + { + "url": "https://git.kernel.org/stable/c/91d5c5060ee24fe8da88cd585bb43b843d2f0dce", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/91d5c5060ee24fe8da88cd585bb43b843d2f0dce" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49833.json b/2022/49xxx/CVE-2022-49833.json index b46370ca44f..02561cb9b8b 100644 --- a/2022/49xxx/CVE-2022-49833.json +++ b/2022/49xxx/CVE-2022-49833.json @@ -1,18 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49833", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: clone zoned device info when cloning a device\n\nWhen cloning a btrfs_device, we're not cloning the associated\nbtrfs_zoned_device_info structure of the device in case of a zoned\nfilesystem.\n\nLater on this leads to a NULL pointer dereference when accessing the\ndevice's zone_info for instance when setting a zone as active.\n\nThis was uncovered by fstests' testcase btrfs/161." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", + "version_value": "ad88cabcec942c033f980cd1e28d56ecdaf5f3b8" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.0.9", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/ad88cabcec942c033f980cd1e28d56ecdaf5f3b8", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ad88cabcec942c033f980cd1e28d56ecdaf5f3b8" + }, + { + "url": "https://git.kernel.org/stable/c/21e61ec6d0bb786818490e926aa9aeb4de95ad0d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/21e61ec6d0bb786818490e926aa9aeb4de95ad0d" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49834.json b/2022/49xxx/CVE-2022-49834.json index f87041f06bb..f7725e20a5f 100644 --- a/2022/49xxx/CVE-2022-49834.json +++ b/2022/49xxx/CVE-2022-49834.json @@ -1,18 +1,158 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49834", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix use-after-free bug of ns_writer on remount\n\nIf a nilfs2 filesystem is downgraded to read-only due to metadata\ncorruption on disk and is remounted read/write, or if emergency read-only\nremount is performed, detaching a log writer and synchronizing the\nfilesystem can be done at the same time.\n\nIn these cases, use-after-free of the log writer (hereinafter\nnilfs->ns_writer) can happen as shown in the scenario below:\n\n Task1 Task2\n -------------------------------- ------------------------------\n nilfs_construct_segment\n nilfs_segctor_sync\n init_wait\n init_waitqueue_entry\n add_wait_queue\n schedule\n nilfs_remount (R/W remount case)\n\t\t\t\t nilfs_attach_log_writer\n nilfs_detach_log_writer\n nilfs_segctor_destroy\n kfree\n finish_wait\n _raw_spin_lock_irqsave\n __raw_spin_lock_irqsave\n do_raw_spin_lock\n debug_spin_lock_before <-- use-after-free\n\nWhile Task1 is sleeping, nilfs->ns_writer is freed by Task2. After Task1\nwaked up, Task1 accesses nilfs->ns_writer which is already freed. This\nscenario diagram is based on the Shigeru Yoshida's post [1].\n\nThis patch fixes the issue by not detaching nilfs->ns_writer on remount so\nthat this UAF race doesn't happen. Along with this change, this patch\nalso inserts a few necessary read-only checks with superblock instance\nwhere only the ns_writer pointer was used to check if the filesystem is\nread-only." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", + "version_value": "b2fbf10040216ef5ee270773755fc2f5da65b749" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.9.334", + "lessThanOrEqual": "4.9.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.14.300", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.19.267", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.4.225", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.155", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.79", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.9", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/b2fbf10040216ef5ee270773755fc2f5da65b749", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b2fbf10040216ef5ee270773755fc2f5da65b749" + }, + { + "url": "https://git.kernel.org/stable/c/39a3ed68270b079c6b874d4e4727a512b9b4882c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/39a3ed68270b079c6b874d4e4727a512b9b4882c" + }, + { + "url": "https://git.kernel.org/stable/c/b4736ab5542112fe0a40f140a0a0b072954f34da", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b4736ab5542112fe0a40f140a0a0b072954f34da" + }, + { + "url": "https://git.kernel.org/stable/c/9b162e81045266a2d5b44df9dffdf05c54de9cca", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9b162e81045266a2d5b44df9dffdf05c54de9cca" + }, + { + "url": "https://git.kernel.org/stable/c/4feedde5486c07ea79787839153a71ca71329c7d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4feedde5486c07ea79787839153a71ca71329c7d" + }, + { + "url": "https://git.kernel.org/stable/c/afbd1188382a75f6cfe22c0b68533f7f9664f182", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/afbd1188382a75f6cfe22c0b68533f7f9664f182" + }, + { + "url": "https://git.kernel.org/stable/c/b152300d5a1ba4258dacf9916bff20e6a8c7603b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b152300d5a1ba4258dacf9916bff20e6a8c7603b" + }, + { + "url": "https://git.kernel.org/stable/c/8cccf05fe857a18ee26e20d11a8455a73ffd4efd", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8cccf05fe857a18ee26e20d11a8455a73ffd4efd" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49835.json b/2022/49xxx/CVE-2022-49835.json index bbac9b148a0..54b34060e86 100644 --- a/2022/49xxx/CVE-2022-49835.json +++ b/2022/49xxx/CVE-2022-49835.json @@ -1,18 +1,158 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49835", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: fix potential memleak in 'add_widget_node'\n\nAs 'kobject_add' may allocated memory for 'kobject->name' when return error.\nAnd in this function, if call 'kobject_add' failed didn't free kobject.\nSo call 'kobject_put' to recycling resources." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", + "version_value": "b688a3ec235222d9a84e43a48a6f31acb95baf2d" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.9.334", + "lessThanOrEqual": "4.9.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.14.300", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.19.267", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.4.225", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.155", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.79", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.9", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/b688a3ec235222d9a84e43a48a6f31acb95baf2d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b688a3ec235222d9a84e43a48a6f31acb95baf2d" + }, + { + "url": "https://git.kernel.org/stable/c/bb0ac8d5e541224f599bc8e8f31a313faa4bf7b7", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/bb0ac8d5e541224f599bc8e8f31a313faa4bf7b7" + }, + { + "url": "https://git.kernel.org/stable/c/90b7d055e2b5f39429f9a9e3815b48a48530ef28", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/90b7d055e2b5f39429f9a9e3815b48a48530ef28" + }, + { + "url": "https://git.kernel.org/stable/c/02dea987ec1cac712c78e75d224ceb9bb73519ed", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/02dea987ec1cac712c78e75d224ceb9bb73519ed" + }, + { + "url": "https://git.kernel.org/stable/c/3a79f9568de08657fcdbc41d6fc4c0ca145a7a2b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3a79f9568de08657fcdbc41d6fc4c0ca145a7a2b" + }, + { + "url": "https://git.kernel.org/stable/c/7140d7aaf93da6a665b454f91bb4dc6b1de218bd", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7140d7aaf93da6a665b454f91bb4dc6b1de218bd" + }, + { + "url": "https://git.kernel.org/stable/c/455d99bd6baf19688048b6d42d9fa74eae27f93b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/455d99bd6baf19688048b6d42d9fa74eae27f93b" + }, + { + "url": "https://git.kernel.org/stable/c/9a5523f72bd2b0d66eef3d58810c6eb7b5ffc143", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9a5523f72bd2b0d66eef3d58810c6eb7b5ffc143" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49836.json b/2022/49xxx/CVE-2022-49836.json index e90f44130ca..ff172298bce 100644 --- a/2022/49xxx/CVE-2022-49836.json +++ b/2022/49xxx/CVE-2022-49836.json @@ -1,18 +1,146 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49836", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsiox: fix possible memory leak in siox_device_add()\n\nIf device_register() returns error in siox_device_add(),\nthe name allocated by dev_set_name() need be freed. As\ncomment of device_register() says, it should use put_device()\nto give up the reference in the error path. So fix this\nby calling put_device(), then the name can be freed in\nkobject_cleanup(), and sdevice is freed in siox_device_release(),\nset it to null in error path." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "bbecb07fa0af9a41507ce06d4631fdb3b5059417", + "version_value": "0a5da069603ecc3d7aa09167450235462adaa295" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.16", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.16", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.19.267", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.4.225", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/0a5da069603ecc3d7aa09167450235462adaa295", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0a5da069603ecc3d7aa09167450235462adaa295" + }, + { + "url": "https://git.kernel.org/stable/c/f9fe7ba4ea5b24ffdf8e125f660aca3ba4a147fb", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f9fe7ba4ea5b24ffdf8e125f660aca3ba4a147fb" + }, + { + "url": "https://git.kernel.org/stable/c/a4b5423f88a17a36550ae8c16c46779b1ee42f4b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a4b5423f88a17a36550ae8c16c46779b1ee42f4b" + }, + { + "url": "https://git.kernel.org/stable/c/5d03c2911c529ea4d6ebfec53425f1091e8d402b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5d03c2911c529ea4d6ebfec53425f1091e8d402b" + }, + { + "url": "https://git.kernel.org/stable/c/d9c31e728843259209fb530c59995e4fe262699f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d9c31e728843259209fb530c59995e4fe262699f" + }, + { + "url": "https://git.kernel.org/stable/c/6e63153db50059fb78b8a8447b132664887d24e3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6e63153db50059fb78b8a8447b132664887d24e3" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49837.json b/2022/49xxx/CVE-2022-49837.json index 54d6130ece4..454c7e1c89c 100644 --- a/2022/49xxx/CVE-2022-49837.json +++ b/2022/49xxx/CVE-2022-49837.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49837", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix memory leaks in __check_func_call\n\nkmemleak reports this issue:\n\nunreferenced object 0xffff88817139d000 (size 2048):\n comm \"test_progs\", pid 33246, jiffies 4307381979 (age 45851.820s)\n hex dump (first 32 bytes):\n 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<0000000045f075f0>] kmalloc_trace+0x27/0xa0\n [<0000000098b7c90a>] __check_func_call+0x316/0x1230\n [<00000000b4c3c403>] check_helper_call+0x172e/0x4700\n [<00000000aa3875b7>] do_check+0x21d8/0x45e0\n [<000000001147357b>] do_check_common+0x767/0xaf0\n [<00000000b5a595b4>] bpf_check+0x43e3/0x5bc0\n [<0000000011e391b1>] bpf_prog_load+0xf26/0x1940\n [<0000000007f765c0>] __sys_bpf+0xd2c/0x3650\n [<00000000839815d6>] __x64_sys_bpf+0x75/0xc0\n [<00000000946ee250>] do_syscall_64+0x3b/0x90\n [<0000000000506b7f>] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe root case here is: In function prepare_func_exit(), the callee is\nnot released in the abnormal scenario after \"state->curframe--;\". To\nfix, move \"state->curframe--;\" to the very bottom of the function,\nright when we free callee and reset frame[] pointer to NULL, as Andrii\nsuggested.\n\nIn addition, function __check_func_call() has a similar problem. In\nthe abnormal scenario before \"state->curframe++;\", the callee also\nshould be released by free_func_state()." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "fd978bf7fd312581a7ca454a991f0ffb34c4204b", + "version_value": "d4944497827a3d14bc5a26dbcfb7433eb5a956c0" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.20", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.20", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/d4944497827a3d14bc5a26dbcfb7433eb5a956c0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d4944497827a3d14bc5a26dbcfb7433eb5a956c0" + }, + { + "url": "https://git.kernel.org/stable/c/83946d772e756734a900ef99dbe0aeda506adf37", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/83946d772e756734a900ef99dbe0aeda506adf37" + }, + { + "url": "https://git.kernel.org/stable/c/eb86559a691cea5fa63e57a03ec3dc9c31e97955", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/eb86559a691cea5fa63e57a03ec3dc9c31e97955" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49838.json b/2022/49xxx/CVE-2022-49838.json index 96589de7c72..486cbd5c4e7 100644 --- a/2022/49xxx/CVE-2022-49838.json +++ b/2022/49xxx/CVE-2022-49838.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49838", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: clear out_curr if all frag chunks of current msg are pruned\n\nA crash was reported by Zhen Chen:\n\n list_del corruption, ffffa035ddf01c18->next is NULL\n WARNING: CPU: 1 PID: 250682 at lib/list_debug.c:49 __list_del_entry_valid+0x59/0xe0\n RIP: 0010:__list_del_entry_valid+0x59/0xe0\n Call Trace:\n sctp_sched_dequeue_common+0x17/0x70 [sctp]\n sctp_sched_fcfs_dequeue+0x37/0x50 [sctp]\n sctp_outq_flush_data+0x85/0x360 [sctp]\n sctp_outq_uncork+0x77/0xa0 [sctp]\n sctp_cmd_interpreter.constprop.0+0x164/0x1450 [sctp]\n sctp_side_effects+0x37/0xe0 [sctp]\n sctp_do_sm+0xd0/0x230 [sctp]\n sctp_primitive_SEND+0x2f/0x40 [sctp]\n sctp_sendmsg_to_asoc+0x3fa/0x5c0 [sctp]\n sctp_sendmsg+0x3d5/0x440 [sctp]\n sock_sendmsg+0x5b/0x70\n\nand in sctp_sched_fcfs_dequeue() it dequeued a chunk from stream\nout_curr outq while this outq was empty.\n\nNormally stream->out_curr must be set to NULL once all frag chunks of\ncurrent msg are dequeued, as we can see in sctp_sched_dequeue_done().\nHowever, in sctp_prsctp_prune_unsent() as it is not a proper dequeue,\nsctp_sched_dequeue_done() is not called to do this.\n\nThis patch is to fix it by simply setting out_curr to NULL when the\nlast frag chunk of current msg is dequeued from out_curr stream in\nsctp_prsctp_prune_unsent()." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5bbbbe32a43199c2b9ea5ea66fab6241c64beb51", + "version_value": "e27458b18b35caee4b27b37a4a9c503b93cae5cc" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.15", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.15", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.156", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.81", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/e27458b18b35caee4b27b37a4a9c503b93cae5cc", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e27458b18b35caee4b27b37a4a9c503b93cae5cc" + }, + { + "url": "https://git.kernel.org/stable/c/2ea600b598dd3e061854dd4dd5b4c815397dfcea", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2ea600b598dd3e061854dd4dd5b4c815397dfcea" + }, + { + "url": "https://git.kernel.org/stable/c/3eff34e01062ec08fbb45ce2baaaa644550be821", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3eff34e01062ec08fbb45ce2baaaa644550be821" + }, + { + "url": "https://git.kernel.org/stable/c/2f201ae14ae0f91dbf1cffea7bb1e29e81d4d108", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2f201ae14ae0f91dbf1cffea7bb1e29e81d4d108" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2022/49xxx/CVE-2022-49839.json b/2022/49xxx/CVE-2022-49839.json index 886a6e1506b..af408d4be76 100644 --- a/2022/49xxx/CVE-2022-49839.json +++ b/2022/49xxx/CVE-2022-49839.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-49839", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_transport_sas: Fix error handling in sas_phy_add()\n\nIf transport_add_device() fails in sas_phy_add(), the kernel will crash\ntrying to delete the device in transport_remove_device() called from\nsas_remove_host().\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000108\nCPU: 61 PID: 42829 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc1+ #173\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : device_del+0x54/0x3d0\nlr : device_del+0x37c/0x3d0\nCall trace:\n device_del+0x54/0x3d0\n attribute_container_class_device_del+0x28/0x38\n transport_remove_classdev+0x6c/0x80\n attribute_container_device_trigger+0x108/0x110\n transport_remove_device+0x28/0x38\n sas_phy_delete+0x30/0x60 [scsi_transport_sas]\n do_sas_phy_delete+0x6c/0x80 [scsi_transport_sas]\n device_for_each_child+0x68/0xb0\n sas_remove_children+0x40/0x50 [scsi_transport_sas]\n sas_remove_host+0x20/0x38 [scsi_transport_sas]\n hisi_sas_remove+0x40/0x68 [hisi_sas_main]\n hisi_sas_v2_remove+0x20/0x30 [hisi_sas_v2_hw]\n platform_remove+0x2c/0x60\n\nFix this by checking and handling return value of transport_add_device()\nin sas_phy_add()." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "c7ebbbce366c02e5657ac6b6059933fe0353b175", + "version_value": "03aabcb88aeeb7221ddb6196ae84ad5fb17b743f" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "2.6.14", + "status": "affected" + }, + { + "version": "0", + "lessThan": "2.6.14", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.157", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.80", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.0.10", + "lessThanOrEqual": "6.0.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/03aabcb88aeeb7221ddb6196ae84ad5fb17b743f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/03aabcb88aeeb7221ddb6196ae84ad5fb17b743f" + }, + { + "url": "https://git.kernel.org/stable/c/2f21d653c648735657e23948b1d7ac7273de0f87", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2f21d653c648735657e23948b1d7ac7273de0f87" + }, + { + "url": "https://git.kernel.org/stable/c/c736876ee294bb4f271d76a25cc7d70c8537bc5d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c736876ee294bb4f271d76a25cc7d70c8537bc5d" + }, + { + "url": "https://git.kernel.org/stable/c/5d7bebf2dfb0dc97aac1fbace0910e557ecdb16f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5d7bebf2dfb0dc97aac1fbace0910e557ecdb16f" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file