From f566f570d046c79386563bef6b94d36a4a0757b3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 29 Jul 2024 18:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/42xxx/CVE-2024-42091.json | 82 ++++++++++++++++- 2024/42xxx/CVE-2024-42092.json | 158 ++++++++++++++++++++++++++++++++- 2024/42xxx/CVE-2024-42093.json | 137 +++++++++++++++++++++++++++- 2024/42xxx/CVE-2024-42094.json | 148 +++++++++++++++++++++++++++++- 2024/42xxx/CVE-2024-42095.json | 141 ++++++++++++++++++++++++++++- 2024/42xxx/CVE-2024-42096.json | 148 +++++++++++++++++++++++++++++- 2024/42xxx/CVE-2024-42097.json | 148 +++++++++++++++++++++++++++++- 2024/42xxx/CVE-2024-42098.json | 115 +++++++++++++++++++++++- 2024/6xxx/CVE-2024-6726.json | 79 ++++++++++++++++- 2024/6xxx/CVE-2024-6727.json | 79 ++++++++++++++++- 10 files changed, 1195 insertions(+), 40 deletions(-) diff --git a/2024/42xxx/CVE-2024-42091.json b/2024/42xxx/CVE-2024-42091.json index a3c3f8ec0fc..37363737bcc 100644 --- a/2024/42xxx/CVE-2024-42091.json +++ b/2024/42xxx/CVE-2024-42091.json @@ -1,18 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42091", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Check pat.ops before dumping PAT settings\n\nWe may leave pat.ops unset when running on brand new platform or\nwhen running as a VF. While the former is unlikely, the latter\nis valid (future) use case and will cause NPD when someone will\ntry to dump PAT settings by debugfs.\n\nIt's better to check pointer to pat.ops instead of specific .dump\nhook, as we have this hook always defined for every .ops variant." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "583ce246c7ff" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.9.8", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/583ce246c7ff9edeb0de49130cdc3d45db8545cb", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/583ce246c7ff9edeb0de49130cdc3d45db8545cb" + }, + { + "url": "https://git.kernel.org/stable/c/a918e771e6fbe1fa68932af5b0cdf473e23090cc", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a918e771e6fbe1fa68932af5b0cdf473e23090cc" + } + ] + }, + "generator": { + "engine": "bippy-c9c4e1df01b2" } } \ No newline at end of file diff --git a/2024/42xxx/CVE-2024-42092.json b/2024/42xxx/CVE-2024-42092.json index 20e244e6d5b..ca6659e6cb7 100644 --- a/2024/42xxx/CVE-2024-42092.json +++ b/2024/42xxx/CVE-2024-42092.json @@ -1,18 +1,168 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42092", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: davinci: Validate the obtained number of IRQs\n\nValue of pdata->gpio_unbanked is taken from Device Tree. In case of broken\nDT due to any error this value can be any. Without this value validation\nthere can be out of chips->irqs array boundaries access in\ndavinci_gpio_probe().\n\nValidate the obtained nirq value so that it won't exceed the maximum\nnumber of IRQs per bank.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "eb3744a2dd01", + "version_value": "a8d78984fdc1" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.19", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.19", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.317", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.279", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.221", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.162", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.97", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.37", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.8", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/a8d78984fdc105bc1a38b73e98d32b1bc4222684", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a8d78984fdc105bc1a38b73e98d32b1bc4222684" + }, + { + "url": "https://git.kernel.org/stable/c/cd75721984337c38a12aeca33ba301d31ca4b3fd", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/cd75721984337c38a12aeca33ba301d31ca4b3fd" + }, + { + "url": "https://git.kernel.org/stable/c/e44a83bf15c4db053ac6dfe96a23af184c9136d9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e44a83bf15c4db053ac6dfe96a23af184c9136d9" + }, + { + "url": "https://git.kernel.org/stable/c/70b48899f3f23f98a52c5b1060aefbdc7ba7957b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/70b48899f3f23f98a52c5b1060aefbdc7ba7957b" + }, + { + "url": "https://git.kernel.org/stable/c/89d7008af4945808677662a630643b5ea89c6e8d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/89d7008af4945808677662a630643b5ea89c6e8d" + }, + { + "url": "https://git.kernel.org/stable/c/2d83492259ad746b655f196cd5d1be4b3d0a3782", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2d83492259ad746b655f196cd5d1be4b3d0a3782" + }, + { + "url": "https://git.kernel.org/stable/c/c542e51306d5f1eba3af84daa005826223382470", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c542e51306d5f1eba3af84daa005826223382470" + }, + { + "url": "https://git.kernel.org/stable/c/7aa9b96e9a73e4ec1771492d0527bd5fc5ef9164", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7aa9b96e9a73e4ec1771492d0527bd5fc5ef9164" + } + ] + }, + "generator": { + "engine": "bippy-c9c4e1df01b2" } } \ No newline at end of file diff --git a/2024/42xxx/CVE-2024-42093.json b/2024/42xxx/CVE-2024-42093.json index 83f1586046b..0e2c71a4a8c 100644 --- a/2024/42xxx/CVE-2024-42093.json +++ b/2024/42xxx/CVE-2024-42093.json @@ -1,18 +1,147 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42093", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/dpaa2: Avoid explicit cpumask var allocation on stack\n\nFor CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask\nvariable on stack is not recommended since it can cause potential stack\noverflow.\n\nInstead, kernel code should always use *cpumask_var API(s) to allocate\ncpumask var in config-neutral way, leaving allocation strategy to\nCONFIG_CPUMASK_OFFSTACK.\n\nUse *cpumask_var API(s) to address it." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "b2262b3be27c" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.4.279", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.221", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.162", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.97", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.37", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.8", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/b2262b3be27cee334a2fa175ae3afb53f38fb0b1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b2262b3be27cee334a2fa175ae3afb53f38fb0b1" + }, + { + "url": "https://git.kernel.org/stable/c/763896ab62a672d728f5eb10ac90d98c607a8509", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/763896ab62a672d728f5eb10ac90d98c607a8509" + }, + { + "url": "https://git.kernel.org/stable/c/a55afc0f5f20ba30970aaf7271929dc00eee5e7d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a55afc0f5f20ba30970aaf7271929dc00eee5e7d" + }, + { + "url": "https://git.kernel.org/stable/c/48147337d7efdea6ad6e49f5b8eb894b95868ef0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/48147337d7efdea6ad6e49f5b8eb894b95868ef0" + }, + { + "url": "https://git.kernel.org/stable/c/69f49527aea12c23b78fb3d0a421950bf44fb4e2", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/69f49527aea12c23b78fb3d0a421950bf44fb4e2" + }, + { + "url": "https://git.kernel.org/stable/c/5e4f25091e6d06e99a23f724c839a58a8776a527", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5e4f25091e6d06e99a23f724c839a58a8776a527" + }, + { + "url": "https://git.kernel.org/stable/c/d33fe1714a44ff540629b149d8fab4ac6967585c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d33fe1714a44ff540629b149d8fab4ac6967585c" + } + ] + }, + "generator": { + "engine": "bippy-c9c4e1df01b2" } } \ No newline at end of file diff --git a/2024/42xxx/CVE-2024-42094.json b/2024/42xxx/CVE-2024-42094.json index 30bdadca69a..42ac98ed34a 100644 --- a/2024/42xxx/CVE-2024-42094.json +++ b/2024/42xxx/CVE-2024-42094.json @@ -1,18 +1,158 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42094", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/iucv: Avoid explicit cpumask var allocation on stack\n\nFor CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask\nvariable on stack is not recommended since it can cause potential stack\noverflow.\n\nInstead, kernel code should always use *cpumask_var API(s) to allocate\ncpumask var in config-neutral way, leaving allocation strategy to\nCONFIG_CPUMASK_OFFSTACK.\n\nUse *cpumask_var API(s) to address it." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "2b085521be52" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.19.317", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.279", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.221", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.162", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.97", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.37", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.8", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/2b085521be5292016097b5e7ca81b26be3f7098d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2b085521be5292016097b5e7ca81b26be3f7098d" + }, + { + "url": "https://git.kernel.org/stable/c/842afb47d84536fc976fece8fb6c54bea711ad1a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/842afb47d84536fc976fece8fb6c54bea711ad1a" + }, + { + "url": "https://git.kernel.org/stable/c/9dadab0db7d904413ea1cdaa13f127da05c31e71", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9dadab0db7d904413ea1cdaa13f127da05c31e71" + }, + { + "url": "https://git.kernel.org/stable/c/0af718a690acc089aa1bbb95a93df833d864ef53", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0af718a690acc089aa1bbb95a93df833d864ef53" + }, + { + "url": "https://git.kernel.org/stable/c/d85ca8179a54ff8cf1e1f8c3c9e3799831319bae", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d85ca8179a54ff8cf1e1f8c3c9e3799831319bae" + }, + { + "url": "https://git.kernel.org/stable/c/724e7965af054079242b8d6f7e50ee226730a756", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/724e7965af054079242b8d6f7e50ee226730a756" + }, + { + "url": "https://git.kernel.org/stable/c/2d090c7f7be3b26fcb80ac04d08a4a8062b1d959", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2d090c7f7be3b26fcb80ac04d08a4a8062b1d959" + }, + { + "url": "https://git.kernel.org/stable/c/be4e1304419c99a164b4c0e101c7c2a756b635b9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/be4e1304419c99a164b4c0e101c7c2a756b635b9" + } + ] + }, + "generator": { + "engine": "bippy-c9c4e1df01b2" } } \ No newline at end of file diff --git a/2024/42xxx/CVE-2024-42095.json b/2024/42xxx/CVE-2024-42095.json index 4f2f2975b39..b997939c270 100644 --- a/2024/42xxx/CVE-2024-42095.json +++ b/2024/42xxx/CVE-2024-42095.json @@ -1,18 +1,151 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42095", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250_omap: Implementation of Errata i2310\n\nAs per Errata i2310[0], Erroneous timeout can be triggered,\nif this Erroneous interrupt is not cleared then it may leads\nto storm of interrupts, therefore apply Errata i2310 solution.\n\n[0] https://www.ti.com/lit/pdf/sprz536 page 23" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "9443acbd251f", + "version_value": "cb8793006698" + }, + { + "version_affected": "<", + "version_name": "b67e830d38fa", + "version_value": "87257a28271c" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.14", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.14", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.221", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.162", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.97", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.37", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.8", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/cb879300669881970eabebe64bd509dbbe42b9de", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/cb879300669881970eabebe64bd509dbbe42b9de" + }, + { + "url": "https://git.kernel.org/stable/c/87257a28271c828a98f762bf2dd803c1793d2b5b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/87257a28271c828a98f762bf2dd803c1793d2b5b" + }, + { + "url": "https://git.kernel.org/stable/c/98840e410d53329f5331ecdce095e740791963d0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/98840e410d53329f5331ecdce095e740791963d0" + }, + { + "url": "https://git.kernel.org/stable/c/e67d7f38008e56fb691b6a72cadf16c107c2f48b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e67d7f38008e56fb691b6a72cadf16c107c2f48b" + }, + { + "url": "https://git.kernel.org/stable/c/6270051f656004ca5cde644c73cb1fa4d718792e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6270051f656004ca5cde644c73cb1fa4d718792e" + }, + { + "url": "https://git.kernel.org/stable/c/9d141c1e615795eeb93cd35501ad144ee997a826", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9d141c1e615795eeb93cd35501ad144ee997a826" + } + ] + }, + "generator": { + "engine": "bippy-c9c4e1df01b2" } } \ No newline at end of file diff --git a/2024/42xxx/CVE-2024-42096.json b/2024/42xxx/CVE-2024-42096.json index 2d7a7d36a2a..137bff80a23 100644 --- a/2024/42xxx/CVE-2024-42096.json +++ b/2024/42xxx/CVE-2024-42096.json @@ -1,18 +1,158 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42096", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86: stop playing stack games in profile_pc()\n\nThe 'profile_pc()' function is used for timer-based profiling, which\nisn't really all that relevant any more to begin with, but it also ends\nup making assumptions based on the stack layout that aren't necessarily\nvalid.\n\nBasically, the code tries to account the time spent in spinlocks to the\ncaller rather than the spinlock, and while I support that as a concept,\nit's not worth the code complexity or the KASAN warnings when no serious\nprofiling is done using timers anyway these days.\n\nAnd the code really does depend on stack layout that is only true in the\nsimplest of cases. We've lost the comment at some point (I think when\nthe 32-bit and 64-bit code was unified), but it used to say:\n\n\tAssume the lock function has either no stack frame or a copy\n\tof eflags from PUSHF.\n\nwhich explains why it just blindly loads a word or two straight off the\nstack pointer and then takes a minimal look at the values to just check\nif they might be eflags or the return pc:\n\n\tEflags always has bits 22 and up cleared unlike kernel addresses\n\nbut that basic stack layout assumption assumes that there isn't any lock\ndebugging etc going on that would complicate the code and cause a stack\nframe.\n\nIt causes KASAN unhappiness reported for years by syzkaller [1] and\nothers [2].\n\nWith no real practical reason for this any more, just remove the code.\n\nJust for historical interest, here's some background commits relating to\nthis code from 2006:\n\n 0cb91a229364 (\"i386: Account spinlocks to the caller during profiling for !FP kernels\")\n 31679f38d886 (\"Simplify profile_pc on x86-64\")\n\nand a code unification from 2009:\n\n ef4512882dbe (\"x86: time_32/64.c unify profile_pc\")\n\nbut the basics of this thing actually goes back to before the git tree." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "65ebdde16e7f" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.19.317", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.279", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.221", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.162", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.97", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.37", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.8", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/65ebdde16e7f5da99dbf8a548fb635837d78384e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/65ebdde16e7f5da99dbf8a548fb635837d78384e" + }, + { + "url": "https://git.kernel.org/stable/c/27c3be840911b15a3f24ed623f86153c825b6b29", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/27c3be840911b15a3f24ed623f86153c825b6b29" + }, + { + "url": "https://git.kernel.org/stable/c/49c09ca35a5f521d7fa18caf62fdf378f15e8aa4", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/49c09ca35a5f521d7fa18caf62fdf378f15e8aa4" + }, + { + "url": "https://git.kernel.org/stable/c/2d07fea561d64357fb7b3f3751e653bf20306d77", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2d07fea561d64357fb7b3f3751e653bf20306d77" + }, + { + "url": "https://git.kernel.org/stable/c/161cef818545ecf980f0e2ebaf8ba7326ce53c2b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/161cef818545ecf980f0e2ebaf8ba7326ce53c2b" + }, + { + "url": "https://git.kernel.org/stable/c/16222beb9f8e5ceb0beeb5cbe54bef16df501a92", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/16222beb9f8e5ceb0beeb5cbe54bef16df501a92" + }, + { + "url": "https://git.kernel.org/stable/c/a3b65c8cbc139bfce9541bc81c1bb766e5ba3f68", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a3b65c8cbc139bfce9541bc81c1bb766e5ba3f68" + }, + { + "url": "https://git.kernel.org/stable/c/093d9603b60093a9aaae942db56107f6432a5dca", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/093d9603b60093a9aaae942db56107f6432a5dca" + } + ] + }, + "generator": { + "engine": "bippy-c9c4e1df01b2" } } \ No newline at end of file diff --git a/2024/42xxx/CVE-2024-42097.json b/2024/42xxx/CVE-2024-42097.json index 8160dfd4112..cafa5c4f053 100644 --- a/2024/42xxx/CVE-2024-42097.json +++ b/2024/42xxx/CVE-2024-42097.json @@ -1,18 +1,158 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42097", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: emux: improve patch ioctl data validation\n\nIn load_data(), make the validation of and skipping over the main info\nblock match that in load_guspatch().\n\nIn load_guspatch(), add checking that the specified patch length matches\nthe actually supplied data, like load_data() already did." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "40d7def67841" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.19.317", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.279", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.221", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.162", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.97", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.37", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.8", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/40d7def67841343c10f8642a41031fecbb248bab", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/40d7def67841343c10f8642a41031fecbb248bab" + }, + { + "url": "https://git.kernel.org/stable/c/79d9a000f0220cdaba1682d2a23c0d0c61d620a3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/79d9a000f0220cdaba1682d2a23c0d0c61d620a3" + }, + { + "url": "https://git.kernel.org/stable/c/d23982ea9aa438f35a8c8a6305943e98a8db90f6", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d23982ea9aa438f35a8c8a6305943e98a8db90f6" + }, + { + "url": "https://git.kernel.org/stable/c/7a18293fd8d8519c2f7a03753bc1583b18e3db69", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7a18293fd8d8519c2f7a03753bc1583b18e3db69" + }, + { + "url": "https://git.kernel.org/stable/c/d0ff2443fcbb472206d45a5d2a90cc694065804e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d0ff2443fcbb472206d45a5d2a90cc694065804e" + }, + { + "url": "https://git.kernel.org/stable/c/d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2" + }, + { + "url": "https://git.kernel.org/stable/c/87039b83fb7bfd7d0e0499aaa8e6c049906b4d14", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/87039b83fb7bfd7d0e0499aaa8e6c049906b4d14" + }, + { + "url": "https://git.kernel.org/stable/c/89b32ccb12ae67e630c6453d778ec30a592a212f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/89b32ccb12ae67e630c6453d778ec30a592a212f" + } + ] + }, + "generator": { + "engine": "bippy-c9c4e1df01b2" } } \ No newline at end of file diff --git a/2024/42xxx/CVE-2024-42098.json b/2024/42xxx/CVE-2024-42098.json index f0e799e14fb..45ae6fa65bc 100644 --- a/2024/42xxx/CVE-2024-42098.json +++ b/2024/42xxx/CVE-2024-42098.json @@ -1,18 +1,125 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42098", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ecdh - explicitly zeroize private_key\n\nprivate_key is overwritten with the key parameter passed in by the\ncaller (if present), or alternatively a newly generated private key.\nHowever, it is possible that the caller provides a key (or the newly\ngenerated key) which is shorter than the previous key. In that\nscenario, some key material from the previous key would not be\noverwritten. The easiest solution is to explicitly zeroize the entire\nprivate_key array first.\n\nNote that this patch slightly changes the behavior of this function:\npreviously, if the ecc_gen_privkey failed, the old private_key would\nremain. Now, the private_key is always zeroized. This behavior is\nconsistent with the case where params.key is set and ecc_is_key_valid\nfails." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "39173b04abda" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.15.162", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.97", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.37", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.8", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/39173b04abda87872b43c331468a4a14f8f05ce8", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/39173b04abda87872b43c331468a4a14f8f05ce8" + }, + { + "url": "https://git.kernel.org/stable/c/fd7ef325911eba1b7191b83cb580463242f2090d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/fd7ef325911eba1b7191b83cb580463242f2090d" + }, + { + "url": "https://git.kernel.org/stable/c/80575b252ab0358b7e93895b2a510beb3cb3f975", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/80575b252ab0358b7e93895b2a510beb3cb3f975" + }, + { + "url": "https://git.kernel.org/stable/c/d96187eb8e59b572a8e6a68b6a9837a867ea29df", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d96187eb8e59b572a8e6a68b6a9837a867ea29df" + }, + { + "url": "https://git.kernel.org/stable/c/73e5984e540a76a2ee1868b91590c922da8c24c9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/73e5984e540a76a2ee1868b91590c922da8c24c9" + } + ] + }, + "generator": { + "engine": "bippy-c9c4e1df01b2" } } \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6726.json b/2024/6xxx/CVE-2024-6726.json index 4daff2a2614..6f5e061c6c8 100644 --- a/2024/6xxx/CVE-2024-6726.json +++ b/2024/6xxx/CVE-2024-6726.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6726", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@perforce.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Versions of Delphix Engine prior to Release 25.0.0.0 contain a flaw which results in Remote Code Execution (RCE)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Delphix", + "product": { + "product_data": [ + { + "product_name": "Delphix Engine", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Release 0.0.0", + "version_value": "25.0.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://portal.perforce.com/s/detail/a91PA000001SUDtYAO", + "refsource": "MISC", + "name": "https://portal.perforce.com/s/detail/a91PA000001SUDtYAO" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/6xxx/CVE-2024-6727.json b/2024/6xxx/CVE-2024-6727.json index 047c5eae0a1..ef70a5df558 100644 --- a/2024/6xxx/CVE-2024-6727.json +++ b/2024/6xxx/CVE-2024-6727.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6727", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@perforce.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw in versions of Delphix Data Control Tower (DCT) prior to 19.0.0 results in broken authentication through the enable-scale-testing functionality of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Delphix", + "product": { + "product_data": [ + { + "product_name": "Data Control Tower (DCT)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0.0.0", + "version_value": "19.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://portal.perforce.com/s/detail/a91PA000001SUFVYA4", + "refsource": "MISC", + "name": "https://portal.perforce.com/s/detail/a91PA000001SUFVYA4" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1" } ] }