admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-05-01 15:01:05 +00:00
parent 52c5722dc3
commit fc31acca57
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
100 changed files with 2944 additions and 7506 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2017/9xxx/CVE-2017-9844.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804."
"value": "SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. NOTE: The vendor states that the devserver package of Visual Composer deserializes a malicious object that may cause legitimate users accessing a service, either by crashing or flooding the service."
}
]
},
@ -61,6 +61,11 @@
"name": "https://erpscan.io/advisories/erpscan-17-014-sap-netweaver-java-deserialization-untrusted-user-value-metadatauploader/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-17-014-sap-netweaver-java-deserialization-untrusted-user-value-metadatauploader/"
},
{
"refsource": "MISC",
"name": "https://me.sap.com/notes/2399804",
"url": "https://me.sap.com/notes/2399804"
}
]
}

148
2022/49xxx/CVE-2022-49762.json
View File

@ -1,18 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49762",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs: check overflow when iterating ATTR_RECORDs\n\nKernel iterates over ATTR_RECORDs in mft record in ntfs_attr_find(). \nBecause the ATTR_RECORDs are next to each other, kernel can get the next\nATTR_RECORD from end address of current ATTR_RECORD, through current\nATTR_RECORD length field.\n\nThe problem is that during iteration, when kernel calculates the end\naddress of current ATTR_RECORD, kernel may trigger an integer overflow bug\nin executing `a = (ATTR_RECORD*)((u8*)a + le32_to_cpu(a->length))`. This\nmay wrap, leading to a forever iteration on 32bit systems.\n\nThis patch solves it by adding some checks on calculating end address\nof current ATTR_RECORD during iteration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "5559eb5809353a83a40a1e4e7f066431c7b83020"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.9.334",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.300",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.267",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.225",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.156",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.80",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.10",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/5559eb5809353a83a40a1e4e7f066431c7b83020",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5559eb5809353a83a40a1e4e7f066431c7b83020"
},
{
"url": "https://git.kernel.org/stable/c/86f36de14dce5802856bb7a5921d74439db00b64",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/86f36de14dce5802856bb7a5921d74439db00b64"
},
{
"url": "https://git.kernel.org/stable/c/45683723f6b53e39e8a4cec0894e61fd6ec71989",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/45683723f6b53e39e8a4cec0894e61fd6ec71989"
},
{
"url": "https://git.kernel.org/stable/c/b612f924f296408d7d02fb4cd01218afd4ed7184",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b612f924f296408d7d02fb4cd01218afd4ed7184"
},
{
"url": "https://git.kernel.org/stable/c/957732a09c3828267c2819d31c425aa793dd475b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/957732a09c3828267c2819d31c425aa793dd475b"
},
{
"url": "https://git.kernel.org/stable/c/b63ddb3ba61e2d3539f87e095c881e552bc45dab",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b63ddb3ba61e2d3539f87e095c881e552bc45dab"
},
{
"url": "https://git.kernel.org/stable/c/785b2af9654b8beac55644e36da0085c5d776361",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/785b2af9654b8beac55644e36da0085c5d776361"
},
{
"url": "https://git.kernel.org/stable/c/63095f4f3af59322bea984a6ae44337439348fe0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/63095f4f3af59322bea984a6ae44337439348fe0"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

148
2022/49xxx/CVE-2022-49763.json
View File

@ -1,18 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49763",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs: fix use-after-free in ntfs_attr_find()\n\nPatch series \"ntfs: fix bugs about Attribute\", v2.\n\nThis patchset fixes three bugs relative to Attribute in record:\n\nPatch 1 adds a sanity check to ensure that, attrs_offset field in first\nmft record loading from disk is within bounds.\n\nPatch 2 moves the ATTR_RECORD's bounds checking earlier, to avoid\ndereferencing ATTR_RECORD before checking this ATTR_RECORD is within\nbounds.\n\nPatch 3 adds an overflow checking to avoid possible forever loop in\nntfs_attr_find().\n\nWithout patch 1 and patch 2, the kernel triggersa KASAN use-after-free\ndetection as reported by Syzkaller.\n\nAlthough one of patch 1 or patch 2 can fix this, we still need both of\nthem. Because patch 1 fixes the root cause, and patch 2 not only fixes\nthe direct cause, but also fixes the potential out-of-bounds bug.\n\n\nThis patch (of 3):\n\nSyzkaller reported use-after-free read as follows:\n==================================================================\nBUG: KASAN: use-after-free in ntfs_attr_find+0xc02/0xce0 fs/ntfs/attrib.c:597\nRead of size 2 at addr ffff88807e352009 by task syz-executor153/3607\n\n[...]\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:317 [inline]\n print_report.cold+0x2ba/0x719 mm/kasan/report.c:433\n kasan_report+0xb1/0x1e0 mm/kasan/report.c:495\n ntfs_attr_find+0xc02/0xce0 fs/ntfs/attrib.c:597\n ntfs_attr_lookup+0x1056/0x2070 fs/ntfs/attrib.c:1193\n ntfs_read_inode_mount+0x89a/0x2580 fs/ntfs/inode.c:1845\n ntfs_fill_super+0x1799/0x9320 fs/ntfs/super.c:2854\n mount_bdev+0x34d/0x410 fs/super.c:1400\n legacy_get_tree+0x105/0x220 fs/fs_context.c:610\n vfs_get_tree+0x89/0x2f0 fs/super.c:1530\n do_new_mount fs/namespace.c:3040 [inline]\n path_mount+0x1326/0x1e20 fs/namespace.c:3370\n do_mount fs/namespace.c:3383 [inline]\n __do_sys_mount fs/namespace.c:3591 [inline]\n __se_sys_mount fs/namespace.c:3568 [inline]\n __x64_sys_mount+0x27f/0x300 fs/namespace.c:3568\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n [...]\n </TASK>\n\nThe buggy address belongs to the physical page:\npage:ffffea0001f8d400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e350\nhead:ffffea0001f8d400 order:3 compound_mapcount:0 compound_pincount:0\nflags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000010200 0000000000000000 dead000000000122 ffff888011842140\nraw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\nMemory state around the buggy address:\n ffff88807e351f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ffff88807e351f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n>ffff88807e352000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff88807e352080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff88807e352100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n==================================================================\n\nKernel will loads $MFT/$DATA's first mft record in\nntfs_read_inode_mount().\n\nYet the problem is that after loading, kernel doesn't check whether\nattrs_offset field is a valid value.\n\nTo be more specific, if attrs_offset field is larger than bytes_allocated\nfield, then it may trigger the out-of-bounds read bug(reported as\nuse-after-free bug) in ntfs_attr_find(), when kernel tries to access the\ncorresponding mft record's attribute.\n\nThis patch solves it by adding the sanity check between attrs_offset field\nand bytes_allocated field, after loading the first mft record."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "79f3ac7dcd12c05b7539239a4c6fa229a50d786c"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.9.334",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.300",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.267",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.225",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.156",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.80",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.10",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/79f3ac7dcd12c05b7539239a4c6fa229a50d786c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/79f3ac7dcd12c05b7539239a4c6fa229a50d786c"
},
{
"url": "https://git.kernel.org/stable/c/fb2004bafd1932e08d21ca604ee5844f2b7f212d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fb2004bafd1932e08d21ca604ee5844f2b7f212d"
},
{
"url": "https://git.kernel.org/stable/c/d0006d739738a658a9c29b438444259d9f71dfa0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d0006d739738a658a9c29b438444259d9f71dfa0"
},
{
"url": "https://git.kernel.org/stable/c/266bd5306286316758e6246ea0345133427b0f62",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/266bd5306286316758e6246ea0345133427b0f62"
},
{
"url": "https://git.kernel.org/stable/c/b825bfbbaafbe8da2037e3a778ad660c59f9e054",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b825bfbbaafbe8da2037e3a778ad660c59f9e054"
},
{
"url": "https://git.kernel.org/stable/c/5330c423b86263ac7883fef0260b9e2229cb531e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5330c423b86263ac7883fef0260b9e2229cb531e"
},
{
"url": "https://git.kernel.org/stable/c/4863f815463034f588a035cfd99cdca97a4f1069",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4863f815463034f588a035cfd99cdca97a4f1069"
},
{
"url": "https://git.kernel.org/stable/c/d85a1bec8e8d552ab13163ca1874dcd82f3d1550",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d85a1bec8e8d552ab13163ca1874dcd82f3d1550"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

82
2022/49xxx/CVE-2022-49764.json
View File

@ -1,18 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49764",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent bpf program recursion for raw tracepoint probes\n\nWe got report from sysbot [1] about warnings that were caused by\nbpf program attached to contention_begin raw tracepoint triggering\nthe same tracepoint by using bpf_trace_printk helper that takes\ntrace_printk_lock lock.\n\n Call Trace:\n <TASK>\n ? trace_event_raw_event_bpf_trace_printk+0x5f/0x90\n bpf_trace_printk+0x2b/0xe0\n bpf_prog_a9aec6167c091eef_prog+0x1f/0x24\n bpf_trace_run2+0x26/0x90\n native_queued_spin_lock_slowpath+0x1c6/0x2b0\n _raw_spin_lock_irqsave+0x44/0x50\n bpf_trace_printk+0x3f/0xe0\n bpf_prog_a9aec6167c091eef_prog+0x1f/0x24\n bpf_trace_run2+0x26/0x90\n native_queued_spin_lock_slowpath+0x1c6/0x2b0\n _raw_spin_lock_irqsave+0x44/0x50\n bpf_trace_printk+0x3f/0xe0\n bpf_prog_a9aec6167c091eef_prog+0x1f/0x24\n bpf_trace_run2+0x26/0x90\n native_queued_spin_lock_slowpath+0x1c6/0x2b0\n _raw_spin_lock_irqsave+0x44/0x50\n bpf_trace_printk+0x3f/0xe0\n bpf_prog_a9aec6167c091eef_prog+0x1f/0x24\n bpf_trace_run2+0x26/0x90\n native_queued_spin_lock_slowpath+0x1c6/0x2b0\n _raw_spin_lock_irqsave+0x44/0x50\n __unfreeze_partials+0x5b/0x160\n ...\n\nThe can be reproduced by attaching bpf program as raw tracepoint on\ncontention_begin tracepoint. The bpf prog calls bpf_trace_printk\nhelper. Then by running perf bench the spin lock code is forced to\ntake slow path and call contention_begin tracepoint.\n\nFixing this by skipping execution of the bpf program if it's\nalready running, Using bpf prog 'active' field, which is being\ncurrently used by trampoline programs for the same reason.\n\nMoving bpf_prog_inc_misses_counter to syscall.c because\ntrampoline.c is compiled in just for CONFIG_BPF_JIT option.\n\n[1] https://lore.kernel.org/bpf/YxhFe3EwqchC%2FfYf@krava/T/#t"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "2e5399879024fedd6cdc41f73fbf9bbe7208f899"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.0.10",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/2e5399879024fedd6cdc41f73fbf9bbe7208f899",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2e5399879024fedd6cdc41f73fbf9bbe7208f899"
},
{
"url": "https://git.kernel.org/stable/c/05b24ff9b2cfabfcfd951daaa915a036ab53c9e1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/05b24ff9b2cfabfcfd951daaa915a036ab53c9e1"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

93
2022/49xxx/CVE-2022-49765.json
View File

@ -1,18 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49765",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: use a dedicated spinlock for trans_fd\n\nShamelessly copying the explanation from Tetsuo Handa's suggested\npatch[1] (slightly reworded):\nsyzbot is reporting inconsistent lock state in p9_req_put()[2],\nfor p9_tag_remove() from p9_req_put() from IRQ context is using\nspin_lock_irqsave() on \"struct p9_client\"->lock but trans_fd\n(not from IRQ context) is using spin_lock().\n\nSince the locks actually protect different things in client.c and in\ntrans_fd.c, just replace trans_fd.c's lock by a new one specific to the\ntransport (client.c's protect the idr for fid/tag allocations,\nwhile trans_fd.c's protects its own req list and request status field\nthat acts as the transport's state machine)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "43bbadb7e4636dc02f6a283c2a39e6438e6173cd"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15.80",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.10",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/43bbadb7e4636dc02f6a283c2a39e6438e6173cd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/43bbadb7e4636dc02f6a283c2a39e6438e6173cd"
},
{
"url": "https://git.kernel.org/stable/c/717b9b4f38703d7f5293059e3a242d16f76fa045",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/717b9b4f38703d7f5293059e3a242d16f76fa045"
},
{
"url": "https://git.kernel.org/stable/c/296ab4a813841ba1d5f40b03190fd1bd8f25aab0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/296ab4a813841ba1d5f40b03190fd1bd8f25aab0"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

82
2022/49xxx/CVE-2022-49766.json
View File

@ -1,18 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49766",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: Bounds-check struct nlmsgerr creation\n\nIn preparation for FORTIFY_SOURCE doing bounds-check on memcpy(),\nswitch from __nlmsg_put to nlmsg_put(), and explain the bounds check\nfor dealing with the memcpy() across a composite flexible array struct.\nAvoids this future run-time warning:\n\n memcpy: detected field-spanning write (size 32) of single field \"&errmsg->msg\" at net/netlink/af_netlink.c:2447 (size 16)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "aff4eb16f589c3af322a2582044bca365381fcd6"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.0.10",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/aff4eb16f589c3af322a2582044bca365381fcd6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/aff4eb16f589c3af322a2582044bca365381fcd6"
},
{
"url": "https://git.kernel.org/stable/c/710d21fdff9a98d621cd4e64167f3ef8af4e2fd1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/710d21fdff9a98d621cd4e64167f3ef8af4e2fd1"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

148
2022/49xxx/CVE-2022-49767.json
View File

@ -1,18 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49767",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\n9p/trans_fd: always use O_NONBLOCK read/write\n\nsyzbot is reporting hung task at p9_fd_close() [1], for p9_mux_poll_stop()\n from p9_conn_destroy() from p9_fd_close() is failing to interrupt already\nstarted kernel_read() from p9_fd_read() from p9_read_work() and/or\nkernel_write() from p9_fd_write() from p9_write_work() requests.\n\nSince p9_socket_open() sets O_NONBLOCK flag, p9_mux_poll_stop() does not\nneed to interrupt kernel_read()/kernel_write(). However, since p9_fd_open()\ndoes not set O_NONBLOCK flag, but pipe blocks unless signal is pending,\np9_mux_poll_stop() needs to interrupt kernel_read()/kernel_write() when\nthe file descriptor refers to a pipe. In other words, pipe file descriptor\nneeds to be handled as if socket file descriptor.\n\nWe somehow need to interrupt kernel_read()/kernel_write() on pipes.\n\nA minimal change, which this patch is doing, is to set O_NONBLOCK flag\n from p9_fd_open(), for O_NONBLOCK flag does not affect reading/writing\nof regular files. But this approach changes O_NONBLOCK flag on userspace-\nsupplied file descriptors (which might break userspace programs), and\nO_NONBLOCK flag could be changed by userspace. It would be possible to set\nO_NONBLOCK flag every time p9_fd_read()/p9_fd_write() is invoked, but still\nremains small race window for clearing O_NONBLOCK flag.\n\nIf we don't want to manipulate O_NONBLOCK flag, we might be able to\nsurround kernel_read()/kernel_write() with set_thread_flag(TIF_SIGPENDING)\nand recalc_sigpending(). Since p9_read_work()/p9_write_work() works are\nprocessed by kernel threads which process global system_wq workqueue,\nsignals could not be delivered from remote threads when p9_mux_poll_stop()\n from p9_conn_destroy() from p9_fd_close() is called. Therefore, calling\nset_thread_flag(TIF_SIGPENDING)/recalc_sigpending() every time would be\nneeded if we count on signals for making kernel_read()/kernel_write()\nnon-blocking.\n\n[Dominique: add comment at Christian's suggestion]"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "0b5e6bd72b8171364616841603a70e4ba9837063"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.9.334",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.300",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.267",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.225",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.156",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.80",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.10",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0b5e6bd72b8171364616841603a70e4ba9837063",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0b5e6bd72b8171364616841603a70e4ba9837063"
},
{
"url": "https://git.kernel.org/stable/c/9f8554615df668e4bf83294633ee9d232b28ce45",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9f8554615df668e4bf83294633ee9d232b28ce45"
},
{
"url": "https://git.kernel.org/stable/c/7abf40f06a76c0dff42eada10597917e9776fbd4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7abf40f06a76c0dff42eada10597917e9776fbd4"
},
{
"url": "https://git.kernel.org/stable/c/b1ad04da7fe4515e2ce2d5f2dcab3b5b6d45614b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b1ad04da7fe4515e2ce2d5f2dcab3b5b6d45614b"
},
{
"url": "https://git.kernel.org/stable/c/a8e2fc8f7b41fa9d9ca5f624f4e4d34fce5b40a9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a8e2fc8f7b41fa9d9ca5f624f4e4d34fce5b40a9"
},
{
"url": "https://git.kernel.org/stable/c/0e07032b4b4724b8ad1003698cb81083c1818999",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0e07032b4b4724b8ad1003698cb81083c1818999"
},
{
"url": "https://git.kernel.org/stable/c/5af16182c5639349415118e9e9aecd8355f7a08b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5af16182c5639349415118e9e9aecd8355f7a08b"
},
{
"url": "https://git.kernel.org/stable/c/ef575281b21e9a34dfae544a187c6aac2ae424a9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ef575281b21e9a34dfae544a187c6aac2ae424a9"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

148
2022/49xxx/CVE-2022-49768.json
View File

@ -1,18 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49768",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\n9p: trans_fd/p9_conn_cancel: drop client lock earlier\n\nsyzbot reported a double-lock here and we no longer need this\nlock after requests have been moved off to local list:\njust drop the lock earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "82825dbf393f7c7979d462f9609a15bde8092b3f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.9.334",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.300",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.267",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.225",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.156",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.80",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.10",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/82825dbf393f7c7979d462f9609a15bde8092b3f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/82825dbf393f7c7979d462f9609a15bde8092b3f"
},
{
"url": "https://git.kernel.org/stable/c/e3031280fe4eaf61a09e60823331f81f321be8e1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e3031280fe4eaf61a09e60823331f81f321be8e1"
},
{
"url": "https://git.kernel.org/stable/c/fec1406f5e7ab20b71f6d231792b0040e3300aaf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fec1406f5e7ab20b71f6d231792b0040e3300aaf"
},
{
"url": "https://git.kernel.org/stable/c/96760723aae1b45f733f702abb4333137143909f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/96760723aae1b45f733f702abb4333137143909f"
},
{
"url": "https://git.kernel.org/stable/c/f14858bc77c567e089965962877ee726ffad0556",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f14858bc77c567e089965962877ee726ffad0556"
},
{
"url": "https://git.kernel.org/stable/c/a4f1a01b2e81378fce9ca528d4d8a049e4b58fcd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a4f1a01b2e81378fce9ca528d4d8a049e4b58fcd"
},
{
"url": "https://git.kernel.org/stable/c/612c977f5d481f551d03d83d0aef588845c1300c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/612c977f5d481f551d03d83d0aef588845c1300c"
},
{
"url": "https://git.kernel.org/stable/c/52f1c45dde9136f964d63a77d19826c8a74e2c7f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/52f1c45dde9136f964d63a77d19826c8a74e2c7f"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

148
2022/49xxx/CVE-2022-49769.json
View File

@ -1,18 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49769",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Check sb_bsize_shift after reading superblock\n\nFuzzers like to scribble over sb_bsize_shift but in reality it's very\nunlikely that this field would be corrupted on its own. Nevertheless it\nshould be checked to avoid the possibility of messy mount errors due to\nbad calculations. It's always a fixed value based on the block size so\nwe can just check that it's the expected value.\n\nTested with:\n\n mkfs.gfs2 -O -p lock_nolock /dev/vdb\n for i in 0 -1 64 65 32 33; do\n gfs2_edit -p sb field sb_bsize_shift $i /dev/vdb\n mount /dev/vdb /mnt/test && umount /mnt/test\n done\n\nBefore this patch we get a withdraw after\n\n[ 76.413681] gfs2: fsid=loop0.0: fatal: invalid metadata block\n[ 76.413681] bh = 19 (type: exp=5, found=4)\n[ 76.413681] function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 492\n\nand with UBSAN configured we also get complaints like\n\n[ 76.373395] UBSAN: shift-out-of-bounds in fs/gfs2/ops_fstype.c:295:19\n[ 76.373815] shift exponent 4294967287 is too large for 64-bit type 'long unsigned int'\n\nAfter the patch, these complaints don't appear, mount fails immediately\nand we get an explanation in dmesg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "d6b1e8ea6f3418c3b461ad5a35cdc93c996b2c87"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.9.334",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.300",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.267",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.225",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.156",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.80",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.10",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d6b1e8ea6f3418c3b461ad5a35cdc93c996b2c87",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d6b1e8ea6f3418c3b461ad5a35cdc93c996b2c87"
},
{
"url": "https://git.kernel.org/stable/c/1ad197097343568066a8ffaa27ee7d0ae6d9f476",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1ad197097343568066a8ffaa27ee7d0ae6d9f476"
},
{
"url": "https://git.kernel.org/stable/c/15c83fa0fd659dd9fbdc940a560b61236e876a80",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/15c83fa0fd659dd9fbdc940a560b61236e876a80"
},
{
"url": "https://git.kernel.org/stable/c/8b6534c9ae9dba5489703a19d8ba6c8f2cfa33c2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8b6534c9ae9dba5489703a19d8ba6c8f2cfa33c2"
},
{
"url": "https://git.kernel.org/stable/c/5fa30be7ba81191b0a0c7239a89befc0c94286d5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5fa30be7ba81191b0a0c7239a89befc0c94286d5"
},
{
"url": "https://git.kernel.org/stable/c/28275a7c84d21c55ab3282d897f284d8d527173c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/28275a7c84d21c55ab3282d897f284d8d527173c"
},
{
"url": "https://git.kernel.org/stable/c/16670534c7cff1acd918a6a5ec751b14e7436b76",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/16670534c7cff1acd918a6a5ec751b14e7436b76"
},
{
"url": "https://git.kernel.org/stable/c/670f8ce56dd0632dc29a0322e188cc73ce3c6b92",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/670f8ce56dd0632dc29a0322e188cc73ce3c6b92"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

126
2022/49xxx/CVE-2022-49770.json
View File

@ -1,18 +1,136 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49770",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: avoid putting the realm twice when decoding snaps fails\n\nWhen decoding the snaps fails it maybe leaving the 'first_realm'\nand 'realm' pointing to the same snaprealm memory. And then it'll\nput it twice and could cause random use-after-free, BUG_ON, etc\nissues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "274e4c79a3a2a24fba7cfe0e41113f1138785c37"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.19.268",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.226",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.157",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.81",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.10",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/274e4c79a3a2a24fba7cfe0e41113f1138785c37",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/274e4c79a3a2a24fba7cfe0e41113f1138785c37"
},
{
"url": "https://git.kernel.org/stable/c/cb7495fe957526555782ce0723f79ce92a6db22e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cb7495fe957526555782ce0723f79ce92a6db22e"
},
{
"url": "https://git.kernel.org/stable/c/044bc6d3c2c0e9090b0841e7b723875756534b45",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/044bc6d3c2c0e9090b0841e7b723875756534b45"
},
{
"url": "https://git.kernel.org/stable/c/2f6e2de3a5289004650118b61f138fe7c28e1905",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2f6e2de3a5289004650118b61f138fe7c28e1905"
},
{
"url": "https://git.kernel.org/stable/c/fd879c83e87735ab8f00ef7755752cf0cbae24b2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fd879c83e87735ab8f00ef7755752cf0cbae24b2"
},
{
"url": "https://git.kernel.org/stable/c/51884d153f7ec85e18d607b2467820a90e0f4359",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/51884d153f7ec85e18d607b2467820a90e0f4359"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

148
2022/49xxx/CVE-2022-49771.json
View File

@ -1,18 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49771",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm ioctl: fix misbehavior if list_versions races with module loading\n\n__list_versions will first estimate the required space using the\n\"dm_target_iterate(list_version_get_needed, &needed)\" call and then will\nfill the space using the \"dm_target_iterate(list_version_get_info,\n&iter_info)\" call. Each of these calls locks the targets using the\n\"down_read(&_lock)\" and \"up_read(&_lock)\" calls, however between the first\nand second \"dm_target_iterate\" there is no lock held and the target\nmodules can be loaded at this point, so the second \"dm_target_iterate\"\ncall may need more space than what was the first \"dm_target_iterate\"\nreturned.\n\nThe code tries to handle this overflow (see the beginning of\nlist_version_get_info), however this handling is incorrect.\n\nThe code sets \"param->data_size = param->data_start + needed\" and\n\"iter_info.end = (char *)vers+len\" - \"needed\" is the size returned by the\nfirst dm_target_iterate call; \"len\" is the size of the buffer allocated by\nuserspace.\n\n\"len\" may be greater than \"needed\"; in this case, the code will write up\nto \"len\" bytes into the buffer, however param->data_size is set to\n\"needed\", so it may write data past the param->data_size value. The ioctl\ninterface copies only up to param->data_size into userspace, thus part of\nthe result will be truncated.\n\nFix this bug by setting \"iter_info.end = (char *)vers + needed;\" - this\nguarantees that the second \"dm_target_iterate\" call will write only up to\nthe \"needed\" buffer and it will exit with \"DM_BUFFER_FULL_FLAG\" if it\noverflows the \"needed\" space - in this case, userspace will allocate a\nlarger buffer and retry.\n\nNote that there is also a bug in list_version_get_needed - we need to add\n\"strlen(tt->name) + 1\" to the needed size, not \"strlen(tt->name)\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "0c8d4112df329bf3dfbf27693f918c3b08676538"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.9.334",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.300",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.267",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.225",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.156",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.80",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.10",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0c8d4112df329bf3dfbf27693f918c3b08676538",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0c8d4112df329bf3dfbf27693f918c3b08676538"
},
{
"url": "https://git.kernel.org/stable/c/6a818db0d5aecf80d4ba9e10ac153f60adc629ca",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6a818db0d5aecf80d4ba9e10ac153f60adc629ca"
},
{
"url": "https://git.kernel.org/stable/c/3a1c35d72dc0b34d1e746ed705790c0f630aa427",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3a1c35d72dc0b34d1e746ed705790c0f630aa427"
},
{
"url": "https://git.kernel.org/stable/c/b545c0e1e4094d4de2bdfe9a3823f9154b0c0005",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b545c0e1e4094d4de2bdfe9a3823f9154b0c0005"
},
{
"url": "https://git.kernel.org/stable/c/f59f5a269ca5e43c567aca7f1f52500a0186e9b7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f59f5a269ca5e43c567aca7f1f52500a0186e9b7"
},
{
"url": "https://git.kernel.org/stable/c/6ffce7a92ef5c68f7e5d6f4d722c2f96280c064b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6ffce7a92ef5c68f7e5d6f4d722c2f96280c064b"
},
{
"url": "https://git.kernel.org/stable/c/5398b8e275bf81a2517b327d216c0f37ac9ac5ae",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5398b8e275bf81a2517b327d216c0f37ac9ac5ae"
},
{
"url": "https://git.kernel.org/stable/c/4fe1ec995483737f3d2a14c3fe1d8fe634972979",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4fe1ec995483737f3d2a14c3fe1d8fe634972979"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

148
2022/49xxx/CVE-2022-49772.json
View File

@ -1,18 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49772",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()\n\nsnd_usbmidi_output_open() has a check of the NULL port with\nsnd_BUG_ON(). snd_BUG_ON() was used as this shouldn't have happened,\nbut in reality, the NULL port may be seen when the device gives an\ninvalid endpoint setup at the descriptor, hence the driver skips the\nallocation. That is, the check itself is valid and snd_BUG_ON()\nshould be dropped from there. Otherwise it's confusing as if it were\na real bug, as recently syzbot stumbled on it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "872c9314769e89d8bda74ff3ac584756a45ee752"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.9.334",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.300",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.267",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.225",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.156",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.80",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.10",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/872c9314769e89d8bda74ff3ac584756a45ee752",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/872c9314769e89d8bda74ff3ac584756a45ee752"
},
{
"url": "https://git.kernel.org/stable/c/368a01e5064c13946d032ab1d65ba95020a39cc5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/368a01e5064c13946d032ab1d65ba95020a39cc5"
},
{
"url": "https://git.kernel.org/stable/c/c43991065f36f7628cd124e037b8750c4617a7a7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c43991065f36f7628cd124e037b8750c4617a7a7"
},
{
"url": "https://git.kernel.org/stable/c/e7dc436aea80308a9268e6d2d85f910ff107de9b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e7dc436aea80308a9268e6d2d85f910ff107de9b"
},
{
"url": "https://git.kernel.org/stable/c/a80369c8ca50bc885d14386087a834659ec54a54",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a80369c8ca50bc885d14386087a834659ec54a54"
},
{
"url": "https://git.kernel.org/stable/c/02b94885b2fdf1808b1874e009bfb90753f8f4db",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/02b94885b2fdf1808b1874e009bfb90753f8f4db"
},
{
"url": "https://git.kernel.org/stable/c/00f5f1bbf815a39e9eecb468d12ca55d3360eb10",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/00f5f1bbf815a39e9eecb468d12ca55d3360eb10"
},
{
"url": "https://git.kernel.org/stable/c/ad72c3c3f6eb81d2cb189ec71e888316adada5df",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ad72c3c3f6eb81d2cb189ec71e888316adada5df"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

82
2022/49xxx/CVE-2022-49773.json
View File

@ -1,18 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49773",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix optc2_configure warning on dcn314\n\n[Why]\ndcn314 uses optc2_configure_crc() that wraps\noptc1_configure_crc() + set additional registers\nnot applicable to dcn314.\nIt's not critical but when used leads to warning like:\nWARNING: drivers/gpu/drm/amd/amdgpu/../display/dc/dc_helper.c\nCall Trace:\n<TASK>\ngeneric_reg_set_ex+0x6d/0xe0 [amdgpu]\noptc2_configure_crc+0x60/0x80 [amdgpu]\ndc_stream_configure_crc+0x129/0x150 [amdgpu]\namdgpu_dm_crtc_configure_crc_source+0x5d/0xe0 [amdgpu]\n\n[How]\nUse optc1_configure_crc() directly"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "f67ef5aa88e3db0a13ae3befab2ddf14ac00a91c"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.0.10",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f67ef5aa88e3db0a13ae3befab2ddf14ac00a91c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f67ef5aa88e3db0a13ae3befab2ddf14ac00a91c"
},
{
"url": "https://git.kernel.org/stable/c/e7e4f77c991c9abf90924929a9d55f90b0bb78de",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e7e4f77c991c9abf90924929a9d55f90b0bb78de"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

92
2022/49xxx/CVE-2022-49774.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49774",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/xen: Fix eventfd error handling in kvm_xen_eventfd_assign()\n\nShould not call eventfd_ctx_put() in case of error.\n\n[Introduce new goto target instead. - Paolo]"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2fd6df2f2b47d4301b1ee0fe9d627d1c061a5988",
"version_value": "d76f46f47dfde220712d1420ee5dbc546c8fc674"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.19",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.19",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.10",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d76f46f47dfde220712d1420ee5dbc546c8fc674",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d76f46f47dfde220712d1420ee5dbc546c8fc674"
},
{
"url": "https://git.kernel.org/stable/c/7353633814f6e5b4899fb9ee1483709d6bb0e1cd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7353633814f6e5b4899fb9ee1483709d6bb0e1cd"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

158
2022/49xxx/CVE-2022-49775.json
View File

@ -1,18 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49775",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: cdg: allow tcp_cdg_release() to be called multiple times\n\nApparently, mptcp is able to call tcp_disconnect() on an already\ndisconnected flow. This is generally fine, unless current congestion\ncontrol is CDG, because it might trigger a double-free [1]\n\nInstead of fixing MPTCP, and future bugs, we can make tcp_disconnect()\nmore resilient.\n\n[1]\nBUG: KASAN: double-free in slab_free mm/slub.c:3539 [inline]\nBUG: KASAN: double-free in kfree+0xe2/0x580 mm/slub.c:4567\n\nCPU: 0 PID: 3645 Comm: kworker/0:7 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022\nWorkqueue: events mptcp_worker\nCall Trace:\n<TASK>\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_address_description mm/kasan/report.c:317 [inline]\nprint_report.cold+0x2ba/0x719 mm/kasan/report.c:433\nkasan_report_invalid_free+0x81/0x190 mm/kasan/report.c:462\n____kasan_slab_free+0x18b/0x1c0 mm/kasan/common.c:356\nkasan_slab_free include/linux/kasan.h:200 [inline]\nslab_free_hook mm/slub.c:1759 [inline]\nslab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1785\nslab_free mm/slub.c:3539 [inline]\nkfree+0xe2/0x580 mm/slub.c:4567\ntcp_disconnect+0x980/0x1e20 net/ipv4/tcp.c:3145\n__mptcp_close_ssk+0x5ca/0x7e0 net/mptcp/protocol.c:2327\nmptcp_do_fastclose net/mptcp/protocol.c:2592 [inline]\nmptcp_worker+0x78c/0xff0 net/mptcp/protocol.c:2627\nprocess_one_work+0x991/0x1610 kernel/workqueue.c:2289\nworker_thread+0x665/0x1080 kernel/workqueue.c:2436\nkthread+0x2e4/0x3a0 kernel/kthread.c:376\nret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306\n</TASK>\n\nAllocated by task 3671:\nkasan_save_stack+0x1e/0x40 mm/kasan/common.c:38\nkasan_set_track mm/kasan/common.c:45 [inline]\nset_alloc_info mm/kasan/common.c:437 [inline]\n____kasan_kmalloc mm/kasan/common.c:516 [inline]\n____kasan_kmalloc mm/kasan/common.c:475 [inline]\n__kasan_kmalloc+0xa9/0xd0 mm/kasan/common.c:525\nkmalloc_array include/linux/slab.h:640 [inline]\nkcalloc include/linux/slab.h:671 [inline]\ntcp_cdg_init+0x10d/0x170 net/ipv4/tcp_cdg.c:380\ntcp_init_congestion_control+0xab/0x550 net/ipv4/tcp_cong.c:193\ntcp_reinit_congestion_control net/ipv4/tcp_cong.c:217 [inline]\ntcp_set_congestion_control+0x96c/0xaa0 net/ipv4/tcp_cong.c:391\ndo_tcp_setsockopt+0x505/0x2320 net/ipv4/tcp.c:3513\ntcp_setsockopt+0xd4/0x100 net/ipv4/tcp.c:3801\nmptcp_setsockopt+0x35f/0x2570 net/mptcp/sockopt.c:844\n__sys_setsockopt+0x2d6/0x690 net/socket.c:2252\n__do_sys_setsockopt net/socket.c:2263 [inline]\n__se_sys_setsockopt net/socket.c:2260 [inline]\n__x64_sys_setsockopt+0xba/0x150 net/socket.c:2260\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFreed by task 16:\nkasan_save_stack+0x1e/0x40 mm/kasan/common.c:38\nkasan_set_track+0x21/0x30 mm/kasan/common.c:45\nkasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370\n____kasan_slab_free mm/kasan/common.c:367 [inline]\n____kasan_slab_free+0x166/0x1c0 mm/kasan/common.c:329\nkasan_slab_free include/linux/kasan.h:200 [inline]\nslab_free_hook mm/slub.c:1759 [inline]\nslab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1785\nslab_free mm/slub.c:3539 [inline]\nkfree+0xe2/0x580 mm/slub.c:4567\ntcp_cleanup_congestion_control+0x70/0x120 net/ipv4/tcp_cong.c:226\ntcp_v4_destroy_sock+0xdd/0x750 net/ipv4/tcp_ipv4.c:2254\ntcp_v6_destroy_sock+0x11/0x20 net/ipv6/tcp_ipv6.c:1969\ninet_csk_destroy_sock+0x196/0x440 net/ipv4/inet_connection_sock.c:1157\ntcp_done+0x23b/0x340 net/ipv4/tcp.c:4649\ntcp_rcv_state_process+0x40e7/0x4990 net/ipv4/tcp_input.c:6624\ntcp_v6_do_rcv+0x3fc/0x13c0 net/ipv6/tcp_ipv6.c:1525\ntcp_v6_rcv+0x2e8e/0x3830 net/ipv6/tcp_ipv6.c:1759\nip6_protocol_deliver_rcu+0x2db/0x1950 net/ipv6/ip6_input.c:439\nip6_input_finish+0x14c/0x2c0 net/ipv6/ip6_input.c:484\nNF_HOOK include/linux/netfilter.h:302 [inline]\nNF_HOOK include/linux/netfilter.h:296 [inline]\nip6_input+0x9c/0xd\n---truncated---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2b0a8c9eee81882fc0001ccf6d9af62cdc682f9e",
"version_value": "0b19171439016a8e4c97eafe543670ac86e2b8fe"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.2",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.2",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.9.334",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.300",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.267",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.225",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.156",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.80",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.10",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0b19171439016a8e4c97eafe543670ac86e2b8fe",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0b19171439016a8e4c97eafe543670ac86e2b8fe"
},
{
"url": "https://git.kernel.org/stable/c/4026033907cc6186d86b48daa4a252c860db2536",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4026033907cc6186d86b48daa4a252c860db2536"
},
{
"url": "https://git.kernel.org/stable/c/9e481d87349d2282f400ee1d010a169c99f766b8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9e481d87349d2282f400ee1d010a169c99f766b8"
},
{
"url": "https://git.kernel.org/stable/c/78be2ee0112409ae4e9ee9e326151e0559b3d239",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/78be2ee0112409ae4e9ee9e326151e0559b3d239"
},
{
"url": "https://git.kernel.org/stable/c/35309be06b6feded2ab2cafbc2bca8534c2fa41e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/35309be06b6feded2ab2cafbc2bca8534c2fa41e"
},
{
"url": "https://git.kernel.org/stable/c/b49026d9c86f35a4c5bfb8d7345c9c4379828c6b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b49026d9c86f35a4c5bfb8d7345c9c4379828c6b"
},
{
"url": "https://git.kernel.org/stable/c/1b639be27cbf428a5ca01dcf8b5d654194c956f8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1b639be27cbf428a5ca01dcf8b5d654194c956f8"
},
{
"url": "https://git.kernel.org/stable/c/72e560cb8c6f80fc2b4afc5d3634a32465e13a51",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/72e560cb8c6f80fc2b4afc5d3634a32465e13a51"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

147
2022/49xxx/CVE-2022-49776.json
View File

@ -1,18 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49776",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacvlan: enforce a consistent minimal mtu\n\nmacvlan should enforce a minimal mtu of 68, even at link creation.\n\nThis patch avoids the current behavior (which could lead to crashes\nin ipv6 stack if the link is brought up)\n\n$ ip link add macvlan1 link eno1 mtu 8 type macvlan # This should fail !\n$ ip link sh dev macvlan1\n5: macvlan1@eno1: <BROADCAST,MULTICAST> mtu 8 qdisc noop\n state DOWN mode DEFAULT group default qlen 1000\n link/ether 02:47:6c:24:74:82 brd ff:ff:ff:ff:ff:ff\n$ ip link set macvlan1 mtu 67\nError: mtu less than device minimum.\n$ ip link set macvlan1 mtu 68\n$ ip link set macvlan1 mtu 8\nError: mtu less than device minimum."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "91572088e3fdbf4fe31cf397926d8b890fdb3237",
"version_value": "d2fee7d121d189c6dc905b727d60e7043a6655bb"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.10",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.10",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.300",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.267",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.225",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.156",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.80",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.10",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d2fee7d121d189c6dc905b727d60e7043a6655bb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d2fee7d121d189c6dc905b727d60e7043a6655bb"
},
{
"url": "https://git.kernel.org/stable/c/650137a7c0b2892df2e5b0bc112d7b09a78c93c8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/650137a7c0b2892df2e5b0bc112d7b09a78c93c8"
},
{
"url": "https://git.kernel.org/stable/c/a62aa84fe19eb24d083d600a074c009a0a66d4f3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a62aa84fe19eb24d083d600a074c009a0a66d4f3"
},
{
"url": "https://git.kernel.org/stable/c/e929ec98c0c3b10d9c07f3776df0c1a02d7a763e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e929ec98c0c3b10d9c07f3776df0c1a02d7a763e"
},
{
"url": "https://git.kernel.org/stable/c/e41cbf98df22d08402e65174d147cbb187fe1a33",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e41cbf98df22d08402e65174d147cbb187fe1a33"
},
{
"url": "https://git.kernel.org/stable/c/2b055c719d8f94c15ec9b7659978133030c6a353",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2b055c719d8f94c15ec9b7659978133030c6a353"
},
{
"url": "https://git.kernel.org/stable/c/b64085b00044bdf3cd1c9825e9ef5b2e0feae91a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b64085b00044bdf3cd1c9825e9ef5b2e0feae91a"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

156
2022/49xxx/CVE-2022-49777.json
View File

@ -1,18 +1,166 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49777",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: i8042 - fix leaking of platform device on module removal\n\nAvoid resetting the module-wide i8042_platform_device pointer in\ni8042_probe() or i8042_remove(), so that the device can be properly\ndestroyed by i8042_exit() on module unload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "68fdb0499653a2519691e645fcb72944f6e1e220",
"version_value": "81df118e79b2136b5c016394f67a051dc508b7b6"
},
{
"version_affected": "<",
"version_name": "f93d5dca7d84a4c725acf87db74b12c5686bd83e",
"version_value": "4f348b60c79671eee33c1389efe89109c93047da"
},
{
"version_affected": "<",
"version_name": "bb672eff7447f8a26c8a66ddee613afd279bd760",
"version_value": "3f25add5ecf88de0f8ff2b27b6c0731a1f1b38ed"
},
{
"version_affected": "<",
"version_name": "dd33054e4c18a54645072c7a62d46cdf6d05dace",
"version_value": "d5f7f6e63fed9c2ed09725d90059a28907e197e3"
},
{
"version_affected": "<",
"version_name": "9222ba68c3f4065f6364b99cc641b6b019ef2d42",
"version_value": "a32cd7feb0127bf629a82686b6e2c128139a86e5"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.16",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.16",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.267",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.225",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.156",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.80",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.10",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/81df118e79b2136b5c016394f67a051dc508b7b6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/81df118e79b2136b5c016394f67a051dc508b7b6"
},
{
"url": "https://git.kernel.org/stable/c/4f348b60c79671eee33c1389efe89109c93047da",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4f348b60c79671eee33c1389efe89109c93047da"
},
{
"url": "https://git.kernel.org/stable/c/3f25add5ecf88de0f8ff2b27b6c0731a1f1b38ed",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3f25add5ecf88de0f8ff2b27b6c0731a1f1b38ed"
},
{
"url": "https://git.kernel.org/stable/c/d5f7f6e63fed9c2ed09725d90059a28907e197e3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d5f7f6e63fed9c2ed09725d90059a28907e197e3"
},
{
"url": "https://git.kernel.org/stable/c/a32cd7feb0127bf629a82686b6e2c128139a86e5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a32cd7feb0127bf629a82686b6e2c128139a86e5"
},
{
"url": "https://git.kernel.org/stable/c/81cd7e8489278d28794e7b272950c3e00c344e44",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/81cd7e8489278d28794e7b272950c3e00c344e44"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

92
2022/49xxx/CVE-2022-49778.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49778",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/mm: fix incorrect file_map_count for non-leaf pmd/pud\n\nThe page table check trigger BUG_ON() unexpectedly when collapse hugepage:\n\n ------------[ cut here ]------------\n kernel BUG at mm/page_table_check.c:82!\n Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n Dumping ftrace buffer:\n (ftrace buffer empty)\n Modules linked in:\n CPU: 6 PID: 68 Comm: khugepaged Not tainted 6.1.0-rc3+ #750\n Hardware name: linux,dummy-virt (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : page_table_check_clear.isra.0+0x258/0x3f0\n lr : page_table_check_clear.isra.0+0x240/0x3f0\n[...]\n Call trace:\n page_table_check_clear.isra.0+0x258/0x3f0\n __page_table_check_pmd_clear+0xbc/0x108\n pmdp_collapse_flush+0xb0/0x160\n collapse_huge_page+0xa08/0x1080\n hpage_collapse_scan_pmd+0xf30/0x1590\n khugepaged_scan_mm_slot.constprop.0+0x52c/0xac8\n khugepaged+0x338/0x518\n kthread+0x278/0x2f8\n ret_from_fork+0x10/0x20\n[...]\n\nSince pmd_user_accessible_page() doesn't check if a pmd is leaf, it\ndecrease file_map_count for a non-leaf pmd comes from collapse_huge_page().\nand so trigger BUG_ON() unexpectedly.\n\nFix this problem by using pmd_leaf() insteal of pmd_present() in\npmd_user_accessible_page(). Moreover, use pud_leaf() for\npud_user_accessible_page() too."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "42b2547137f5c974bb1bfd657c869fe96b96d86f",
"version_value": "2d458046df634088611d44fd77f45465e833ef78"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.19",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.19",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.10",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/2d458046df634088611d44fd77f45465e833ef78",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2d458046df634088611d44fd77f45465e833ef78"
},
{
"url": "https://git.kernel.org/stable/c/5b47348fc0b18a78c96f8474cc90b7525ad1bbfe",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5b47348fc0b18a78c96f8474cc90b7525ad1bbfe"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2022/49xxx/CVE-2022-49779.json
View File

@ -1,18 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49779",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case\n\nIn __unregister_kprobe_top(), if the currently unregistered probe has\npost_handler but other child probes of the aggrprobe do not have\npost_handler, the post_handler of the aggrprobe is cleared. If this is\na ftrace-based probe, there is a problem. In later calls to\ndisarm_kprobe(), we will use kprobe_ftrace_ops because post_handler is\nNULL. But we're armed with kprobe_ipmodify_ops. This triggers a WARN in\n__disarm_kprobe_ftrace() and may even cause use-after-free:\n\n Failed to disarm kprobe-ftrace at kernel_clone+0x0/0x3c0 (error -2)\n WARNING: CPU: 5 PID: 137 at kernel/kprobes.c:1135 __disarm_kprobe_ftrace.isra.21+0xcf/0xe0\n Modules linked in: testKprobe_007(-)\n CPU: 5 PID: 137 Comm: rmmod Not tainted 6.1.0-rc4-dirty #18\n [...]\n Call Trace:\n <TASK>\n __disable_kprobe+0xcd/0xe0\n __unregister_kprobe_top+0x12/0x150\n ? mutex_lock+0xe/0x30\n unregister_kprobes.part.23+0x31/0xa0\n unregister_kprobe+0x32/0x40\n __x64_sys_delete_module+0x15e/0x260\n ? do_user_addr_fault+0x2cd/0x6b0\n do_syscall_64+0x3a/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n [...]\n\nFor the kprobe-on-ftrace case, we keep the post_handler setting to\nidentify this aggrprobe armed with kprobe_ipmodify_ops. This way we\ncan disarm it correctly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0bc11ed5ab60c135aa764a62c02cd5ea68289de4",
"version_value": "7b0007b28dd970176f2e297c06ae63eea2447127"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.4",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.4",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.225",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.156",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.80",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.10",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/7b0007b28dd970176f2e297c06ae63eea2447127",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7b0007b28dd970176f2e297c06ae63eea2447127"
},
{
"url": "https://git.kernel.org/stable/c/7d606ae1abcc3eab5408e42444d789dc7def51b8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7d606ae1abcc3eab5408e42444d789dc7def51b8"
},
{
"url": "https://git.kernel.org/stable/c/c49cc2c059b503e962c2f13a806c105f9b757df4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c49cc2c059b503e962c2f13a806c105f9b757df4"
},
{
"url": "https://git.kernel.org/stable/c/55788ebbe8b365b4375bd56b4ba7db79d393a370",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/55788ebbe8b365b4375bd56b4ba7db79d393a370"
},
{
"url": "https://git.kernel.org/stable/c/5dd7caf0bdc5d0bae7cf9776b4d739fb09bd5ebb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5dd7caf0bdc5d0bae7cf9776b4d739fb09bd5ebb"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

136
2022/49xxx/CVE-2022-49780.json
View File

@ -1,18 +1,146 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49780",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()\n\nIf device_register() fails in tcm_loop_setup_hba_bus(), the name allocated\nby dev_set_name() need be freed. As comment of device_register() says, it\nshould use put_device() to give up the reference in the error path. So fix\nthis by calling put_device(), then the name can be freed in kobject_cleanup().\nThe 'tl_hba' will be freed in tcm_loop_release_adapter(), so it don't need\ngoto error label in this case."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3703b2c5d041a68095cdd22380c23ce27d449ad7",
"version_value": "41a6b8b527a5957fab41c3c05e25ad125268e2e9"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.39",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.39",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.267",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.225",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.156",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.80",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.10",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/41a6b8b527a5957fab41c3c05e25ad125268e2e9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/41a6b8b527a5957fab41c3c05e25ad125268e2e9"
},
{
"url": "https://git.kernel.org/stable/c/28f7ff5e7559d226e63c7c5de74eb075a83d8c53",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/28f7ff5e7559d226e63c7c5de74eb075a83d8c53"
},
{
"url": "https://git.kernel.org/stable/c/75205f1b47a88c3fac4f30bd7567e89b2887c7fd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/75205f1b47a88c3fac4f30bd7567e89b2887c7fd"
},
{
"url": "https://git.kernel.org/stable/c/a636772988bafab89278e7bb3420d8e8eacfe912",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a636772988bafab89278e7bb3420d8e8eacfe912"
},
{
"url": "https://git.kernel.org/stable/c/dce0589a3faec9e2e543e97bca7e62592ec85585",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dce0589a3faec9e2e543e97bca7e62592ec85585"
},
{
"url": "https://git.kernel.org/stable/c/bc68e428d4963af0201e92159629ab96948f0893",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bc68e428d4963af0201e92159629ab96948f0893"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

92
2022/49xxx/CVE-2022-49781.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49781",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/amd: Fix crash due to race between amd_pmu_enable_all, perf NMI and throttling\n\namd_pmu_enable_all() does:\n\n if (!test_bit(idx, cpuc->active_mask))\n continue;\n\n amd_pmu_enable_event(cpuc->events[idx]);\n\nA perf NMI of another event can come between these two steps. Perf NMI\nhandler internally disables and enables _all_ events, including the one\nwhich nmi-intercepted amd_pmu_enable_all() was in process of enabling.\nIf that unintentionally enabled event has very low sampling period and\ncauses immediate successive NMI, causing the event to be throttled,\ncpuc->events[idx] and cpuc->active_mask gets cleared by x86_pmu_stop().\nThis will result in amd_pmu_enable_event() getting called with event=NULL\nwhen amd_pmu_enable_all() resumes after handling the NMIs. This causes a\nkernel crash:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000198\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n [...]\n Call Trace:\n <TASK>\n amd_pmu_enable_all+0x68/0xb0\n ctx_resched+0xd9/0x150\n event_function+0xb8/0x130\n ? hrtimer_start_range_ns+0x141/0x4a0\n ? perf_duration_warn+0x30/0x30\n remote_function+0x4d/0x60\n __flush_smp_call_function_queue+0xc4/0x500\n flush_smp_call_function_queue+0x11d/0x1b0\n do_idle+0x18f/0x2d0\n cpu_startup_entry+0x19/0x20\n start_secondary+0x121/0x160\n secondary_startup_64_no_verify+0xe5/0xeb\n </TASK>\n\namd_pmu_disable_all()/amd_pmu_enable_all() calls inside perf NMI handler\nwere recently added as part of BRS enablement but I'm not sure whether\nwe really need them. We can just disable BRS in the beginning and enable\nit back while returning from NMI. This will solve the issue by not\nenabling those events whose active_masks are set but are not yet enabled\nin hw pmu."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ada543459cab7f653dcacdaba4011a8bb19c627c",
"version_value": "fd5e454b856ed86b090336e269695d9908609b71"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.19",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.19",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.10",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/fd5e454b856ed86b090336e269695d9908609b71",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fd5e454b856ed86b090336e269695d9908609b71"
},
{
"url": "https://git.kernel.org/stable/c/baa014b9543c8e5e94f5d15b66abfe60750b8284",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/baa014b9543c8e5e94f5d15b66abfe60750b8284"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

87
2022/49xxx/CVE-2022-49782.json
View File

@ -1,18 +1,97 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49782",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Improve missing SIGTRAP checking\n\nTo catch missing SIGTRAP we employ a WARN in __perf_event_overflow(),\nwhich fires if pending_sigtrap was already set: returning to user space\nwithout consuming pending_sigtrap, and then having the event fire again\nwould re-enter the kernel and trigger the WARN.\n\nThis, however, seemed to miss the case where some events not associated\nwith progress in the user space task can fire and the interrupt handler\nruns before the IRQ work meant to consume pending_sigtrap (and generate\nthe SIGTRAP).\n\nsyzbot gifted us this stack trace:\n\n | WARNING: CPU: 0 PID: 3607 at kernel/events/core.c:9313 __perf_event_overflow\n | Modules linked in:\n | CPU: 0 PID: 3607 Comm: syz-executor100 Not tainted 6.1.0-rc2-syzkaller-00073-g88619e77b33d #0\n | Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022\n | RIP: 0010:__perf_event_overflow+0x498/0x540 kernel/events/core.c:9313\n | <...>\n | Call Trace:\n | <TASK>\n | perf_swevent_hrtimer+0x34f/0x3c0 kernel/events/core.c:10729\n | __run_hrtimer kernel/time/hrtimer.c:1685 [inline]\n | __hrtimer_run_queues+0x1c6/0xfb0 kernel/time/hrtimer.c:1749\n | hrtimer_interrupt+0x31c/0x790 kernel/time/hrtimer.c:1811\n | local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1096 [inline]\n | __sysvec_apic_timer_interrupt+0x17c/0x640 arch/x86/kernel/apic/apic.c:1113\n | sysvec_apic_timer_interrupt+0x40/0xc0 arch/x86/kernel/apic/apic.c:1107\n | asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649\n | <...>\n | </TASK>\n\nIn this case, syzbot produced a program with event type\nPERF_TYPE_SOFTWARE and config PERF_COUNT_SW_CPU_CLOCK. The hrtimer\nmanages to fire again before the IRQ work got a chance to run, all while\nnever having returned to user space.\n\nImprove the WARN to check for real progress in user space: approximate\nthis by storing a 32-bit hash of the current IP into pending_sigtrap,\nand if an event fires while pending_sigtrap still matches the previous\nIP, we assume no progress (false negatives are possible given we could\nreturn to user space and trigger again on the same IP)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ca7b0a10287e2733bdafb01ef0d4038536625fe3",
"version_value": "35c60b4e8ca76712dd03bafe2598e31578248916"
},
{
"version_affected": "<",
"version_name": "078c12ccf1fb943cc18c84894c76113dc89e5975",
"version_value": "b09221f1b4944d2866d06ac35e59d7a6f8916c9f"
},
{
"version_affected": "<",
"version_name": "ca6c21327c6af02b7eec31ce4b9a740a18c6c13f",
"version_value": "bb88f9695460bec25aa30ba9072595025cf6c8af"
},
{
"version_affected": "<",
"version_name": "5.15.77",
"version_value": "5.15.80"
},
{
"version_affected": "<",
"version_name": "6.0.7",
"version_value": "6.0.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/35c60b4e8ca76712dd03bafe2598e31578248916",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/35c60b4e8ca76712dd03bafe2598e31578248916"
},
{
"url": "https://git.kernel.org/stable/c/b09221f1b4944d2866d06ac35e59d7a6f8916c9f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b09221f1b4944d2866d06ac35e59d7a6f8916c9f"
},
{
"url": "https://git.kernel.org/stable/c/bb88f9695460bec25aa30ba9072595025cf6c8af",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bb88f9695460bec25aa30ba9072595025cf6c8af"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

158
2022/49xxx/CVE-2022-49870.json
View File

@ -1,168 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49870",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncapabilities: fix undefined behavior in bit shift for CAP_TO_MASK\n\nShifting signed 32-bit value by 31 bits is undefined, so changing\nsignificant bit to unsigned. The UBSAN warning calltrace like below:\n\nUBSAN: shift-out-of-bounds in security/commoncap.c:1252:2\nleft shift of 1 by 31 places cannot be represented in type 'int'\nCall Trace:\n <TASK>\n dump_stack_lvl+0x7d/0xa5\n dump_stack+0x15/0x1b\n ubsan_epilogue+0xe/0x4e\n __ubsan_handle_shift_out_of_bounds+0x1e7/0x20c\n cap_task_prctl+0x561/0x6f0\n security_task_prctl+0x5a/0xb0\n __x64_sys_prctl+0x61/0x8f0\n do_syscall_64+0x58/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n </TASK>"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "e338d263a76af78fe8f38a72131188b58fceb591",
"version_value": "5b79fa628e2ab789e629a83cd211ef9b4c1a593e"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.25",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.25",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.9.334",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.300",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.267",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.225",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.155",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.79",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.9",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/5b79fa628e2ab789e629a83cd211ef9b4c1a593e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5b79fa628e2ab789e629a83cd211ef9b4c1a593e"
},
{
"url": "https://git.kernel.org/stable/c/65b0bc7a0690861812ade523d19f82688ab819dc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/65b0bc7a0690861812ade523d19f82688ab819dc"
},
{
"url": "https://git.kernel.org/stable/c/dbaab08c8677d598244d21afb7818e44e1c5d826",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dbaab08c8677d598244d21afb7818e44e1c5d826"
},
{
"url": "https://git.kernel.org/stable/c/5661f111a1616ac105ec8cec81bff99b60f847ac",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5661f111a1616ac105ec8cec81bff99b60f847ac"
},
{
"url": "https://git.kernel.org/stable/c/fcbd2b336834bd24e1d9454ad5737856470c10d7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fcbd2b336834bd24e1d9454ad5737856470c10d7"
},
{
"url": "https://git.kernel.org/stable/c/151dc8087b5609e53b069c068e3f3ee100efa586",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/151dc8087b5609e53b069c068e3f3ee100efa586"
},
{
"url": "https://git.kernel.org/stable/c/27bdb134c043ff32c459d98f16550d0ffa0b3c34",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/27bdb134c043ff32c459d98f16550d0ffa0b3c34"
},
{
"url": "https://git.kernel.org/stable/c/46653972e3ea64f79e7f8ae3aa41a4d3fdb70a13",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/46653972e3ea64f79e7f8ae3aa41a4d3fdb70a13"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

136
2022/49xxx/CVE-2022-49871.json
View File

@ -1,146 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49871",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tun: Fix memory leaks of napi_get_frags\n\nkmemleak reports after running test_progs:\n\nunreferenced object 0xffff8881b1672dc0 (size 232):\n comm \"test_progs\", pid 394388, jiffies 4354712116 (age 841.975s)\n hex dump (first 32 bytes):\n e0 84 d7 a8 81 88 ff ff 80 2c 67 b1 81 88 ff ff .........,g.....\n 00 40 c5 9b 81 88 ff ff 00 00 00 00 00 00 00 00 .@..............\n backtrace:\n [<00000000c8f01748>] napi_skb_cache_get+0xd4/0x150\n [<0000000041c7fc09>] __napi_build_skb+0x15/0x50\n [<00000000431c7079>] __napi_alloc_skb+0x26e/0x540\n [<000000003ecfa30e>] napi_get_frags+0x59/0x140\n [<0000000099b2199e>] tun_get_user+0x183d/0x3bb0 [tun]\n [<000000008a5adef0>] tun_chr_write_iter+0xc0/0x1b1 [tun]\n [<0000000049993ff4>] do_iter_readv_writev+0x19f/0x320\n [<000000008f338ea2>] do_iter_write+0x135/0x630\n [<000000008a3377a4>] vfs_writev+0x12e/0x440\n [<00000000a6b5639a>] do_writev+0x104/0x280\n [<00000000ccf065d8>] do_syscall_64+0x3b/0x90\n [<00000000d776e329>] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe issue occurs in the following scenarios:\ntun_get_user()\n napi_gro_frags()\n napi_frags_finish()\n case GRO_NORMAL:\n gro_normal_one()\n list_add_tail(&skb->list, &napi->rx_list);\n <-- While napi->rx_count < READ_ONCE(gro_normal_batch),\n <-- gro_normal_list() is not called, napi->rx_list is not empty\n <-- not ask to complete the gro work, will cause memory leaks in\n <-- following tun_napi_del()\n...\ntun_napi_del()\n netif_napi_del()\n __netif_napi_del()\n <-- &napi->rx_list is not empty, which caused memory leaks\n\nTo fix, add napi_complete() after napi_gro_frags()."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "90e33d45940793def6f773b2d528e9f3c84ffdc7",
"version_value": "223ef6a94e52331a6a7ef31e59921e0e82d2d40a"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.15",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.15",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.267",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.225",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.155",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.79",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.9",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/223ef6a94e52331a6a7ef31e59921e0e82d2d40a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/223ef6a94e52331a6a7ef31e59921e0e82d2d40a"
},
{
"url": "https://git.kernel.org/stable/c/a4f73f6adc53fd7a3f9771cbc89a03ef39b0b755",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a4f73f6adc53fd7a3f9771cbc89a03ef39b0b755"
},
{
"url": "https://git.kernel.org/stable/c/3401f964028ac941425b9b2c8ff8a022539ef44a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3401f964028ac941425b9b2c8ff8a022539ef44a"
},
{
"url": "https://git.kernel.org/stable/c/d7569302a7a52a9305d2fb054df908ff985553bb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d7569302a7a52a9305d2fb054df908ff985553bb"
},
{
"url": "https://git.kernel.org/stable/c/8b12a020b20a78f62bedc50f26db3bf4fadf8cb9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8b12a020b20a78f62bedc50f26db3bf4fadf8cb9"
},
{
"url": "https://git.kernel.org/stable/c/1118b2049d77ca0b505775fc1a8d1909cf19a7ec",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1118b2049d77ca0b505775fc1a8d1909cf19a7ec"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

173
2022/49xxx/CVE-2022-49872.json
View File

@ -1,183 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49872",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gso: fix panic on frag_list with mixed head alloc types\n\nSince commit 3dcbdb134f32 (\"net: gso: Fix skb_segment splat when\nsplitting gso_size mangled skb having linear-headed frag_list\"), it is\nallowed to change gso_size of a GRO packet. However, that commit assumes\nthat \"checking the first list_skb member suffices; i.e if either of the\nlist_skb members have non head_frag head, then the first one has too\".\n\nIt turns out this assumption does not hold. We've seen BUG_ON being hit\nin skb_segment when skbs on the frag_list had differing head_frag with\nthe vmxnet3 driver. This happens because __netdev_alloc_skb and\n__napi_alloc_skb can return a skb that is page backed or kmalloced\ndepending on the requested size. As the result, the last small skb in\nthe GRO packet can be kmalloced.\n\nThere are three different locations where this can be fixed:\n\n(1) We could check head_frag in GRO and not allow GROing skbs with\n different head_frag. However, that would lead to performance\n regression on normal forward paths with unmodified gso_size, where\n !head_frag in the last packet is not a problem.\n\n(2) Set a flag in bpf_skb_net_grow and bpf_skb_net_shrink indicating\n that NETIF_F_SG is undesirable. That would need to eat a bit in\n sk_buff. Furthermore, that flag can be unset when all skbs on the\n frag_list are page backed. To retain good performance,\n bpf_skb_net_grow/shrink would have to walk the frag_list.\n\n(3) Walk the frag_list in skb_segment when determining whether\n NETIF_F_SG should be cleared. This of course slows things down.\n\nThis patch implements (3). To limit the performance impact in\nskb_segment, the list is walked only for skbs with SKB_GSO_DODGY set\nthat have gso_size changed. Normal paths thus will not hit it.\n\nWe could check only the last skb but since we need to walk the whole\nlist anyway, let's stay on the safe side."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "162a5a8c3aff15c449e6b38355cdf80ab4f77a5a",
"version_value": "5876b7f249a1ecbbcc8e35072c3828d6526d1c3a"
},
{
"version_affected": "<",
"version_name": "55fb612bef7fd237fb70068e2b6ff1cd1543a8ef",
"version_value": "0a9f56e525ea871d3950b90076912f5c7494f00f"
},
{
"version_affected": "<",
"version_name": "821302dd0c51d29269ef73a595bdff294419e2cd",
"version_value": "bd5362e58721e4d0d1a37796593bd6e51536ce7a"
},
{
"version_affected": "<",
"version_name": "3dcbdb134f329842a38f0e6797191b885ab00a00",
"version_value": "65ad047fd83502447269fda8fd26c99077a9af47"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.3",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.3",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.9.334",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.300",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.267",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.225",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.155",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.79",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.9",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/5876b7f249a1ecbbcc8e35072c3828d6526d1c3a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5876b7f249a1ecbbcc8e35072c3828d6526d1c3a"
},
{
"url": "https://git.kernel.org/stable/c/0a9f56e525ea871d3950b90076912f5c7494f00f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0a9f56e525ea871d3950b90076912f5c7494f00f"
},
{
"url": "https://git.kernel.org/stable/c/bd5362e58721e4d0d1a37796593bd6e51536ce7a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bd5362e58721e4d0d1a37796593bd6e51536ce7a"
},
{
"url": "https://git.kernel.org/stable/c/65ad047fd83502447269fda8fd26c99077a9af47",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/65ad047fd83502447269fda8fd26c99077a9af47"
},
{
"url": "https://git.kernel.org/stable/c/50868de7dc4e7f0fcadd6029f32bf4387c102ee6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/50868de7dc4e7f0fcadd6029f32bf4387c102ee6"
},
{
"url": "https://git.kernel.org/stable/c/ad25a115f50800c6847e0d841c5c7992a9f7c1b3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ad25a115f50800c6847e0d841c5c7992a9f7c1b3"
},
{
"url": "https://git.kernel.org/stable/c/598d9e30927b15731e83797fbd700ecf399f42dd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/598d9e30927b15731e83797fbd700ecf399f42dd"
},
{
"url": "https://git.kernel.org/stable/c/9e4b7a99a03aefd37ba7bb1f022c8efab5019165",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9e4b7a99a03aefd37ba7bb1f022c8efab5019165"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

114
2022/49xxx/CVE-2022-49873.json
View File

@ -1,124 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49873",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix wrong reg type conversion in release_reference()\n\nSome helper functions will allocate memory. To avoid memory leaks, the\nverifier requires the eBPF program to release these memories by calling\nthe corresponding helper functions.\n\nWhen a resource is released, all pointer registers corresponding to the\nresource should be invalidated. The verifier use release_references() to\ndo this job, by apply __mark_reg_unknown() to each relevant register.\n\nIt will give these registers the type of SCALAR_VALUE. A register that\nwill contain a pointer value at runtime, but of type SCALAR_VALUE, which\nmay allow the unprivileged user to get a kernel pointer by storing this\nregister into a map.\n\nUsing __mark_reg_not_init() while NOT allow_ptr_leaks can mitigate this\nproblem."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "fd978bf7fd312581a7ca454a991f0ffb34c4204b",
"version_value": "cedd4f01f67be94735f15123158f485028571037"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.20",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.20",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.155",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.79",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.9",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/cedd4f01f67be94735f15123158f485028571037",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cedd4f01f67be94735f15123158f485028571037"
},
{
"url": "https://git.kernel.org/stable/c/466ce46f251dfb259a8cbaa895ab9edd6fb56240",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/466ce46f251dfb259a8cbaa895ab9edd6fb56240"
},
{
"url": "https://git.kernel.org/stable/c/ae5ccad6c711db0f2ca1231be051935dd128b8f5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ae5ccad6c711db0f2ca1231be051935dd128b8f5"
},
{
"url": "https://git.kernel.org/stable/c/f1db20814af532f85e091231223e5e4818e8464b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f1db20814af532f85e091231223e5e4818e8464b"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

158
2022/49xxx/CVE-2022-49874.json
View File

@ -1,168 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49874",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hyperv: fix possible memory leak in mousevsc_probe()\n\nIf hid_add_device() returns error, it should call hid_destroy_device()\nto free hid_dev which is allocated in hid_allocate_device()."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "74c4fb058083b47571a4f76dcfce95085f2d8098",
"version_value": "ed75d1a1c31a0cae8ecc8bcea710b25c0be68da0"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.3",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.3",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.9.334",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.300",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.267",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.225",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.155",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.79",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.9",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/ed75d1a1c31a0cae8ecc8bcea710b25c0be68da0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ed75d1a1c31a0cae8ecc8bcea710b25c0be68da0"
},
{
"url": "https://git.kernel.org/stable/c/249b743801c00542e9324f87b380032e957a43e8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/249b743801c00542e9324f87b380032e957a43e8"
},
{
"url": "https://git.kernel.org/stable/c/a6d2fb1874c52ace1f5cf1966ee558829c5c19b6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a6d2fb1874c52ace1f5cf1966ee558829c5c19b6"
},
{
"url": "https://git.kernel.org/stable/c/e29289d0d8193fca6d2c1f0a1de75cfc80edec00",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e29289d0d8193fca6d2c1f0a1de75cfc80edec00"
},
{
"url": "https://git.kernel.org/stable/c/8597b59e3d22b27849bd3e4f92a3d466774bfb04",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8597b59e3d22b27849bd3e4f92a3d466774bfb04"
},
{
"url": "https://git.kernel.org/stable/c/5ad95d71344b7ffec360d62591633b3c465dc049",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5ad95d71344b7ffec360d62591633b3c465dc049"
},
{
"url": "https://git.kernel.org/stable/c/5f3aba6566b866f5b0a4916f0b2e8a6ae66a6451",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5f3aba6566b866f5b0a4916f0b2e8a6ae66a6451"
},
{
"url": "https://git.kernel.org/stable/c/b5bcb94b0954a026bbd671741fdb00e7141f9c91",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b5bcb94b0954a026bbd671741fdb00e7141f9c91"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

114
2022/49xxx/CVE-2022-49875.json
View File

@ -1,124 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49875",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE\n\nWhen using bpftool to pin {PROG, MAP, LINK} without FILE,\nsegmentation fault will occur. The reson is that the lack\nof FILE will cause strlen to trigger NULL pointer dereference.\nThe corresponding stacktrace is shown below:\n\ndo_pin\n do_pin_any\n do_pin_fd\n mount_bpffs_for_pin\n strlen(name) <- NULL pointer dereference\n\nFix it by adding validation to the common process."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "75a1e792c335b5c6d7fdb1014da47aeb64c5944f",
"version_value": "8c80b2fca4112d724dde477aed13f7b0510a2792"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.7",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.155",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.79",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.9",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/8c80b2fca4112d724dde477aed13f7b0510a2792",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8c80b2fca4112d724dde477aed13f7b0510a2792"
},
{
"url": "https://git.kernel.org/stable/c/6dcdd1b68b7f9333d48d48fc77b75e7f235f6a4a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6dcdd1b68b7f9333d48d48fc77b75e7f235f6a4a"
},
{
"url": "https://git.kernel.org/stable/c/da5161ba94c5e9182c301dd4f09c94f715c068bd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/da5161ba94c5e9182c301dd4f09c94f715c068bd"
},
{
"url": "https://git.kernel.org/stable/c/34de8e6e0e1f66e431abf4123934a2581cb5f133",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/34de8e6e0e1f66e431abf4123934a2581cb5f133"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

92
2022/49xxx/CVE-2022-49876.json
View File

@ -1,102 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49876",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix general-protection-fault in ieee80211_subif_start_xmit()\n\nWhen device is running and the interface status is changed, the gpf issue\nis triggered. The problem triggering process is as follows:\nThread A: Thread B\nieee80211_runtime_change_iftype() process_one_work()\n ... ...\n ieee80211_do_stop() ...\n ... ...\n sdata->bss = NULL ...\n ... ieee80211_subif_start_xmit()\n ieee80211_multicast_to_unicast\n //!sdata->bss->multicast_to_unicast\n cause gpf issue\n\nWhen the interface status is changed, the sending queue continues to send\npackets. After the bss is set to NULL, the bss is accessed. As a result,\nthis causes a general-protection-fault issue.\n\nThe following is the stack information:\ngeneral protection fault, probably for non-canonical address\n0xdffffc000000002f: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000178-0x000000000000017f]\nWorkqueue: mld mld_ifc_work\nRIP: 0010:ieee80211_subif_start_xmit+0x25b/0x1310\nCall Trace:\n<TASK>\ndev_hard_start_xmit+0x1be/0x990\n__dev_queue_xmit+0x2c9a/0x3b60\nip6_finish_output2+0xf92/0x1520\nip6_finish_output+0x6af/0x11e0\nip6_output+0x1ed/0x540\nmld_sendpack+0xa09/0xe70\nmld_ifc_work+0x71c/0xdb0\nprocess_one_work+0x9bf/0x1710\nworker_thread+0x665/0x1080\nkthread+0x2e4/0x3a0\nret_from_fork+0x1f/0x30\n</TASK>"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "f856373e2f31ffd340e47e2b00027bd4070f74b3",
"version_value": "03eb68c72cee249aeb7af7d04a83c033aca3d6d9"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.19",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.19",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.9",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/03eb68c72cee249aeb7af7d04a83c033aca3d6d9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/03eb68c72cee249aeb7af7d04a83c033aca3d6d9"
},
{
"url": "https://git.kernel.org/stable/c/780854186946e0de2be192ee7fa5125666533b3a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/780854186946e0de2be192ee7fa5125666533b3a"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

140
2022/49xxx/CVE-2022-49877.json
View File

@ -1,150 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49877",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues\n\nWhen running `test_sockmap` selftests, the following warning appears:\n\n WARNING: CPU: 2 PID: 197 at net/core/stream.c:205 sk_stream_kill_queues+0xd3/0xf0\n Call Trace:\n <TASK>\n inet_csk_destroy_sock+0x55/0x110\n tcp_rcv_state_process+0xd28/0x1380\n ? tcp_v4_do_rcv+0x77/0x2c0\n tcp_v4_do_rcv+0x77/0x2c0\n __release_sock+0x106/0x130\n __tcp_close+0x1a7/0x4e0\n tcp_close+0x20/0x70\n inet_release+0x3c/0x80\n __sock_release+0x3a/0xb0\n sock_close+0x14/0x20\n __fput+0xa3/0x260\n task_work_run+0x59/0xb0\n exit_to_user_mode_prepare+0x1b3/0x1c0\n syscall_exit_to_user_mode+0x19/0x50\n do_syscall_64+0x48/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe root case is in commit 84472b436e76 (\"bpf, sockmap: Fix more uncharged\nwhile msg has more_data\"), where I used msg->sg.size to replace the tosend,\ncausing breakage:\n\n if (msg->apply_bytes && msg->apply_bytes < tosend)\n tosend = psock->apply_bytes;"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "244ce90c8d0bd10ebf957da02c6f3fcd5d920bdf",
"version_value": "d975bec1eaeb52341acc9273db79ddb078220399"
},
{
"version_affected": "<",
"version_name": "7b812a369e6416ab06d83cdd39d8e3f752781dd0",
"version_value": "cc21dc48a78cc9e5af9a4d039cd456446a6e73ff"
},
{
"version_affected": "<",
"version_name": "168ff181f5b6e7fce684c98a30d35da1dbf8f82a",
"version_value": "95adbd2ac8de82e43fd6b347e7e1b47f74dc1abb"
},
{
"version_affected": "<",
"version_name": "84472b436e760ba439e1969a9e3c5ae7c86de39d",
"version_value": "14e8bc3bf7bd6af64d7538a0684c8238d96cdfd7"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.18",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.18",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.225",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.155",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.79",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.9",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d975bec1eaeb52341acc9273db79ddb078220399",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d975bec1eaeb52341acc9273db79ddb078220399"
},
{
"url": "https://git.kernel.org/stable/c/cc21dc48a78cc9e5af9a4d039cd456446a6e73ff",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cc21dc48a78cc9e5af9a4d039cd456446a6e73ff"
},
{
"url": "https://git.kernel.org/stable/c/95adbd2ac8de82e43fd6b347e7e1b47f74dc1abb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/95adbd2ac8de82e43fd6b347e7e1b47f74dc1abb"
},
{
"url": "https://git.kernel.org/stable/c/14e8bc3bf7bd6af64d7538a0684c8238d96cdfd7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/14e8bc3bf7bd6af64d7538a0684c8238d96cdfd7"
},
{
"url": "https://git.kernel.org/stable/c/8ec95b94716a1e4d126edc3fb2bc426a717e2dba",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8ec95b94716a1e4d126edc3fb2bc426a717e2dba"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

103
2022/49xxx/CVE-2022-49878.json
View File

@ -1,113 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49878",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, verifier: Fix memory leak in array reallocation for stack state\n\nIf an error (NULL) is returned by krealloc(), callers of realloc_array()\nwere setting their allocation pointers to NULL, but on error krealloc()\ndoes not touch the original allocation. This would result in a memory\nresource leak. Instead, free the old allocation on the error handling\npath.\n\nThe memory leak information is as follows as also reported by Zhengchao:\n\n unreferenced object 0xffff888019801800 (size 256):\n comm \"bpf_repo\", pid 6490, jiffies 4294959200 (age 17.170s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<00000000b211474b>] __kmalloc_node_track_caller+0x45/0xc0\n [<0000000086712a0b>] krealloc+0x83/0xd0\n [<00000000139aab02>] realloc_array+0x82/0xe2\n [<00000000b1ca41d1>] grow_stack_state+0xfb/0x186\n [<00000000cd6f36d2>] check_mem_access.cold+0x141/0x1341\n [<0000000081780455>] do_check_common+0x5358/0xb350\n [<0000000015f6b091>] bpf_check.cold+0xc3/0x29d\n [<000000002973c690>] bpf_prog_load+0x13db/0x2240\n [<00000000028d1644>] __sys_bpf+0x1605/0x4ce0\n [<00000000053f29bd>] __x64_sys_bpf+0x75/0xb0\n [<0000000056fedaf5>] do_syscall_64+0x35/0x80\n [<000000002bd58261>] entry_SYSCALL_64_after_hwframe+0x63/0xcd"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "c69431aab67a912836e5831f03d99a819c14c9c3",
"version_value": "06615967d4889b08b19ff3dda96e8b131282f73d"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.79",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.9",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/06615967d4889b08b19ff3dda96e8b131282f73d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/06615967d4889b08b19ff3dda96e8b131282f73d"
},
{
"url": "https://git.kernel.org/stable/c/3e210891c4a4c2d858cd6f9f61d5809af251d4df",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3e210891c4a4c2d858cd6f9f61d5809af251d4df"
},
{
"url": "https://git.kernel.org/stable/c/42378a9ca55347102bbf86708776061d8fe3ece2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/42378a9ca55347102bbf86708776061d8fe3ece2"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

115
2022/49xxx/CVE-2022-49879.json
View File

@ -1,125 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49879",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix BUG_ON() when directory entry has invalid rec_len\n\nThe rec_len field in the directory entry has to be a multiple of 4. A\ncorrupted filesystem image can be used to hit a BUG() in\next4_rec_len_to_disk(), called from make_indexed_dir().\n\n ------------[ cut here ]------------\n kernel BUG at fs/ext4/ext4.h:2413!\n ...\n RIP: 0010:make_indexed_dir+0x53f/0x5f0\n ...\n Call Trace:\n <TASK>\n ? add_dirent_to_buf+0x1b2/0x200\n ext4_add_entry+0x36e/0x480\n ext4_add_nondir+0x2b/0xc0\n ext4_create+0x163/0x200\n path_openat+0x635/0xe90\n do_filp_open+0xb4/0x160\n ? __create_object.isra.0+0x1de/0x3b0\n ? _raw_spin_unlock+0x12/0x30\n do_sys_openat2+0x91/0x150\n __x64_sys_open+0x6c/0xa0\n do_syscall_64+0x3c/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThe fix simply adds a call to ext4_check_dir_entry() to validate the\ndirectory entry, returning -EFSCORRUPTED if the entry is invalid."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "2fa24d0274fbf913b56ee31f15bc01168669d909"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/2fa24d0274fbf913b56ee31f15bc01168669d909",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2fa24d0274fbf913b56ee31f15bc01168669d909"
},
{
"url": "https://git.kernel.org/stable/c/156451a67b93986fb07c274ef6995ff40766c5ad",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/156451a67b93986fb07c274ef6995ff40766c5ad"
},
{
"url": "https://git.kernel.org/stable/c/999cff2b6ce3b45c08abf793bf55534777421327",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/999cff2b6ce3b45c08abf793bf55534777421327"
},
{
"url": "https://git.kernel.org/stable/c/ce1ee2c8827fb6493e91acbd50f664cf2a972c3d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ce1ee2c8827fb6493e91acbd50f664cf2a972c3d"
},
{
"url": "https://git.kernel.org/stable/c/17a0bc9bd697f75cfdf9b378d5eb2d7409c91340",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/17a0bc9bd697f75cfdf9b378d5eb2d7409c91340"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

148
2022/49xxx/CVE-2022-49880.json
View File

@ -1,158 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49880",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix warning in 'ext4_da_release_space'\n\nSyzkaller report issue as follows:\nEXT4-fs (loop0): Free/Dirty block details\nEXT4-fs (loop0): free_blocks=0\nEXT4-fs (loop0): dirty_blocks=0\nEXT4-fs (loop0): Block reservation details\nEXT4-fs (loop0): i_reserved_data_blocks=0\nEXT4-fs warning (device loop0): ext4_da_release_space:1527: ext4_da_release_space: ino 18, to_free 1 with only 0 reserved data blocks\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 92 at fs/ext4/inode.c:1528 ext4_da_release_space+0x25e/0x370 fs/ext4/inode.c:1524\nModules linked in:\nCPU: 0 PID: 92 Comm: kworker/u4:4 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022\nWorkqueue: writeback wb_workfn (flush-7:0)\nRIP: 0010:ext4_da_release_space+0x25e/0x370 fs/ext4/inode.c:1528\nRSP: 0018:ffffc900015f6c90 EFLAGS: 00010296\nRAX: 42215896cd52ea00 RBX: 0000000000000000 RCX: 42215896cd52ea00\nRDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000\nRBP: 1ffff1100e907d96 R08: ffffffff816aa79d R09: fffff520002bece5\nR10: fffff520002bece5 R11: 1ffff920002bece4 R12: ffff888021fd2000\nR13: ffff88807483ecb0 R14: 0000000000000001 R15: ffff88807483e740\nFS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005555569ba628 CR3: 000000000c88e000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n ext4_es_remove_extent+0x1ab/0x260 fs/ext4/extents_status.c:1461\n mpage_release_unused_pages+0x24d/0xef0 fs/ext4/inode.c:1589\n ext4_writepages+0x12eb/0x3be0 fs/ext4/inode.c:2852\n do_writepages+0x3c3/0x680 mm/page-writeback.c:2469\n __writeback_single_inode+0xd1/0x670 fs/fs-writeback.c:1587\n writeback_sb_inodes+0xb3b/0x18f0 fs/fs-writeback.c:1870\n wb_writeback+0x41f/0x7b0 fs/fs-writeback.c:2044\n wb_do_writeback fs/fs-writeback.c:2187 [inline]\n wb_workfn+0x3cb/0xef0 fs/fs-writeback.c:2227\n process_one_work+0x877/0xdb0 kernel/workqueue.c:2289\n worker_thread+0xb14/0x1330 kernel/workqueue.c:2436\n kthread+0x266/0x300 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306\n </TASK>\n\nAbove issue may happens as follows:\next4_da_write_begin\n ext4_create_inline_data\n ext4_clear_inode_flag(inode, EXT4_INODE_EXTENTS);\n ext4_set_inode_flag(inode, EXT4_INODE_INLINE_DATA);\n__ext4_ioctl\n ext4_ext_migrate -> will lead to eh->eh_entries not zero, and set extent flag\next4_da_write_begin\n ext4_da_convert_inline_data_to_extent\n ext4_da_write_inline_data_begin\n ext4_da_map_blocks\n ext4_insert_delayed_block\n\t if (!ext4_es_scan_clu(inode, &ext4_es_is_delonly, lblk))\n\t if (!ext4_es_scan_clu(inode, &ext4_es_is_mapped, lblk))\n\t ext4_clu_mapped(inode, EXT4_B2C(sbi, lblk)); -> will return 1\n\t allocated = true;\n ext4_es_insert_delayed_block(inode, lblk, allocated);\next4_writepages\n mpage_map_and_submit_extent(handle, &mpd, &give_up_on_write); -> return -ENOSPC\n mpage_release_unused_pages(&mpd, give_up_on_write); -> give_up_on_write == 1\n ext4_es_remove_extent\n ext4_da_release_space(inode, reserved);\n if (unlikely(to_free > ei->i_reserved_data_blocks))\n\t -> to_free == 1 but ei->i_reserved_data_blocks == 0\n\t -> then trigger warning as above\n\nTo solve above issue, forbid inode do migrate which has inline data."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "0de5ee103747fd3a24f1c010c79caabe35e8f0bb"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.9.333",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.299",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.265",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0de5ee103747fd3a24f1c010c79caabe35e8f0bb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0de5ee103747fd3a24f1c010c79caabe35e8f0bb"
},
{
"url": "https://git.kernel.org/stable/c/c3bf1e95cfa7d950dc3c064d0c2e3d06b427bc63",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c3bf1e95cfa7d950dc3c064d0c2e3d06b427bc63"
},
{
"url": "https://git.kernel.org/stable/c/890d738f569fa9412b70ba09f15407f17a52da20",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/890d738f569fa9412b70ba09f15407f17a52da20"
},
{
"url": "https://git.kernel.org/stable/c/72743d5598b9096950bbfd6a9b7f173d156eea97",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/72743d5598b9096950bbfd6a9b7f173d156eea97"
},
{
"url": "https://git.kernel.org/stable/c/5370b965b7a945bb8f48b9ee23d83a76a947902e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5370b965b7a945bb8f48b9ee23d83a76a947902e"
},
{
"url": "https://git.kernel.org/stable/c/0a43c015e98121c91a76154edf42280ce1a8a883",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0a43c015e98121c91a76154edf42280ce1a8a883"
},
{
"url": "https://git.kernel.org/stable/c/89bee03d2fb8c54119b38ac6c24e7d60fae036b6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/89bee03d2fb8c54119b38ac6c24e7d60fae036b6"
},
{
"url": "https://git.kernel.org/stable/c/1b8f787ef547230a3249bcf897221ef0cc78481b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1b8f787ef547230a3249bcf897221ef0cc78481b"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

136
2022/49xxx/CVE-2022-49881.json
View File

@ -1,146 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49881",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: fix memory leak in query_regdb_file()\n\nIn the function query_regdb_file() the alpha2 parameter is duplicated\nusing kmemdup() and subsequently freed in regdb_fw_cb(). However,\nrequest_firmware_nowait() can fail without calling regdb_fw_cb() and\nthus leak memory."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "007f6c5e6eb45c81ee89368a5f226572ae638831",
"version_value": "219446396786330937bcd382a7bc4ccd767383bc"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.15",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.15",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.267",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.225",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.155",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.79",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.9",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/219446396786330937bcd382a7bc4ccd767383bc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/219446396786330937bcd382a7bc4ccd767383bc"
},
{
"url": "https://git.kernel.org/stable/c/0ede1a988299e95d54bd89551fd635980572e920",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0ede1a988299e95d54bd89551fd635980572e920"
},
{
"url": "https://git.kernel.org/stable/c/e1e12180321f416d83444f2cdc9259e0f5093d35",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e1e12180321f416d83444f2cdc9259e0f5093d35"
},
{
"url": "https://git.kernel.org/stable/c/38c9fa2cc6bf4b6e1a74057aef8b5cffd23d3264",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/38c9fa2cc6bf4b6e1a74057aef8b5cffd23d3264"
},
{
"url": "https://git.kernel.org/stable/c/e9b5a4566d5bc71cc901be50d1fa24da00613120",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e9b5a4566d5bc71cc901be50d1fa24da00613120"
},
{
"url": "https://git.kernel.org/stable/c/57b962e627ec0ae53d4d16d7bd1033e27e67677a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/57b962e627ec0ae53d4d16d7bd1033e27e67677a"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

92
2022/49xxx/CVE-2022-49882.json
View File

@ -1,102 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49882",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Reject attempts to consume or refresh inactive gfn_to_pfn_cache\n\nReject kvm_gpc_check() and kvm_gpc_refresh() if the cache is inactive.\nNot checking the active flag during refresh is particularly egregious, as\nKVM can end up with a valid, inactive cache, which can lead to a variety\nof use-after-free bugs, e.g. consuming a NULL kernel pointer or missing\nan mmu_notifier invalidation due to the cache not being on the list of\ngfns to invalidate.\n\nNote, \"active\" needs to be set if and only if the cache is on the list\nof caches, i.e. is reachable via mmu_notifier events. If a relevant\nmmu_notifier event occurs while the cache is \"active\" but not on the\nlist, KVM will not acquire the cache's lock and so will not serailize\nthe mmu_notifier event with active users and/or kvm_gpc_refresh().\n\nA race between KVM_XEN_ATTR_TYPE_SHARED_INFO and KVM_XEN_HVM_EVTCHN_SEND\ncan be exploited to trigger the bug.\n\n1. Deactivate shinfo cache:\n\nkvm_xen_hvm_set_attr\ncase KVM_XEN_ATTR_TYPE_SHARED_INFO\n kvm_gpc_deactivate\n kvm_gpc_unmap\n gpc->valid = false\n gpc->khva = NULL\n gpc->active = false\n\nResult: active = false, valid = false\n\n2. Cause cache refresh:\n\nkvm_arch_vm_ioctl\ncase KVM_XEN_HVM_EVTCHN_SEND\n kvm_xen_hvm_evtchn_send\n kvm_xen_set_evtchn\n kvm_xen_set_evtchn_fast\n kvm_gpc_check\n return -EWOULDBLOCK because !gpc->valid\n kvm_xen_set_evtchn_fast\n return -EWOULDBLOCK\n kvm_gpc_refresh\n hva_to_pfn_retry\n gpc->valid = true\n gpc->khva = not NULL\n\nResult: active = false, valid = true\n\n3. Race ioctl KVM_XEN_HVM_EVTCHN_SEND against ioctl\nKVM_XEN_ATTR_TYPE_SHARED_INFO:\n\nkvm_arch_vm_ioctl\ncase KVM_XEN_HVM_EVTCHN_SEND\n kvm_xen_hvm_evtchn_send\n kvm_xen_set_evtchn\n kvm_xen_set_evtchn_fast\n read_lock gpc->lock\n kvm_xen_hvm_set_attr case\n KVM_XEN_ATTR_TYPE_SHARED_INFO\n mutex_lock kvm->lock\n kvm_xen_shared_info_init\n kvm_gpc_activate\n gpc->khva = NULL\n kvm_gpc_check\n [ Check passes because gpc->valid is\n still true, even though gpc->khva\n is already NULL. ]\n shinfo = gpc->khva\n pending_bits = shinfo->evtchn_pending\n CRASH: test_and_set_bit(..., pending_bits)"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "982ed0de4753ed6e71dbd40f82a5a066baf133ed",
"version_value": "bfa9672f8fc9eb118124bab61899d2dd497f95ba"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.17",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.17",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/bfa9672f8fc9eb118124bab61899d2dd497f95ba",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bfa9672f8fc9eb118124bab61899d2dd497f95ba"
},
{
"url": "https://git.kernel.org/stable/c/ecbcf030b45666ad11bc98565e71dfbcb7be4393",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ecbcf030b45666ad11bc98565e71dfbcb7be4393"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

92
2022/49xxx/CVE-2022-49883.json
View File

@ -1,102 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49883",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: smm: number of GPRs in the SMRAM image depends on the image format\n\nOn 64 bit host, if the guest doesn't have X86_FEATURE_LM, KVM will\naccess 16 gprs to 32-bit smram image, causing out-ouf-bound ram\naccess.\n\nOn 32 bit host, the rsm_load_state_64/enter_smm_save_state_64\nis compiled out, thus access overflow can't happen."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "b443183a25ab61840a12de92f8822849e017b9c8",
"version_value": "a7ebfbea0f52550d7cdf12c38f3f5eaa7b2b6494"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.0",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.0",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/a7ebfbea0f52550d7cdf12c38f3f5eaa7b2b6494",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a7ebfbea0f52550d7cdf12c38f3f5eaa7b2b6494"
},
{
"url": "https://git.kernel.org/stable/c/696db303e54f7352623d9f640e6c51d8fa9d5588",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/696db303e54f7352623d9f640e6c51d8fa9d5588"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

92
2022/49xxx/CVE-2022-49884.json
View File

@ -1,102 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49884",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Initialize gfn_to_pfn_cache locks in dedicated helper\n\nMove the gfn_to_pfn_cache lock initialization to another helper and\ncall the new helper during VM/vCPU creation. There are race\nconditions possible due to kvm_gfn_to_pfn_cache_init()'s\nability to re-initialize the cache's locks.\n\nFor example: a race between ioctl(KVM_XEN_HVM_EVTCHN_SEND) and\nkvm_gfn_to_pfn_cache_init() leads to a corrupted shinfo gpc lock.\n\n (thread 1) | (thread 2)\n |\n kvm_xen_set_evtchn_fast |\n read_lock_irqsave(&gpc->lock, ...) |\n | kvm_gfn_to_pfn_cache_init\n | rwlock_init(&gpc->lock)\n read_unlock_irqrestore(&gpc->lock, ...) |\n\nRename \"cache_init\" and \"cache_destroy\" to activate+deactivate to\navoid implying that the cache really is destroyed/freed.\n\nNote, there more races in the newly named kvm_gpc_activate() that will\nbe addressed separately.\n\n[sean: call out that this is a bug fix]"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "982ed0de4753ed6e71dbd40f82a5a066baf133ed",
"version_value": "61242001d6c9c253df7645dab090842d8da08764"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.17",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.17",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/61242001d6c9c253df7645dab090842d8da08764",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/61242001d6c9c253df7645dab090842d8da08764"
},
{
"url": "https://git.kernel.org/stable/c/52491a38b2c2411f3f0229dc6ad610349c704a41",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/52491a38b2c2411f3f0229dc6ad610349c704a41"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

104
2022/49xxx/CVE-2022-49885.json
View File

@ -1,114 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49885",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: APEI: Fix integer overflow in ghes_estatus_pool_init()\n\nChange num_ghes from int to unsigned int, preventing an overflow\nand causing subsequent vmalloc() to fail.\n\nThe overflow happens in ghes_estatus_pool_init() when calculating\nlen during execution of the statement below as both multiplication\noperands here are signed int:\n\nlen += (num_ghes * GHES_ESOURCE_PREALLOC_MAX_SIZE);\n\nThe following call trace is observed because of this bug:\n\n[ 9.317108] swapper/0: vmalloc error: size 18446744071562596352, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1\n[ 9.317131] Call Trace:\n[ 9.317134] <TASK>\n[ 9.317137] dump_stack_lvl+0x49/0x5f\n[ 9.317145] dump_stack+0x10/0x12\n[ 9.317146] warn_alloc.cold+0x7b/0xdf\n[ 9.317150] ? __device_attach+0x16a/0x1b0\n[ 9.317155] __vmalloc_node_range+0x702/0x740\n[ 9.317160] ? device_add+0x17f/0x920\n[ 9.317164] ? dev_set_name+0x53/0x70\n[ 9.317166] ? platform_device_add+0xf9/0x240\n[ 9.317168] __vmalloc_node+0x49/0x50\n[ 9.317170] ? ghes_estatus_pool_init+0x43/0xa0\n[ 9.317176] vmalloc+0x21/0x30\n[ 9.317177] ghes_estatus_pool_init+0x43/0xa0\n[ 9.317179] acpi_hest_init+0x129/0x19c\n[ 9.317185] acpi_init+0x434/0x4a4\n[ 9.317188] ? acpi_sleep_proc_init+0x2a/0x2a\n[ 9.317190] do_one_initcall+0x48/0x200\n[ 9.317195] kernel_init_freeable+0x221/0x284\n[ 9.317200] ? rest_init+0xe0/0xe0\n[ 9.317204] kernel_init+0x1a/0x130\n[ 9.317205] ret_from_fork+0x22/0x30\n[ 9.317208] </TASK>\n\n[ rjw: Subject and changelog edits ]"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "9edf20e5a1d805855e78f241cf221d741b50d482"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/9edf20e5a1d805855e78f241cf221d741b50d482",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9edf20e5a1d805855e78f241cf221d741b50d482"
},
{
"url": "https://git.kernel.org/stable/c/c50ec15725e005e9fb20bce69b6c23b135a4a9b7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c50ec15725e005e9fb20bce69b6c23b135a4a9b7"
},
{
"url": "https://git.kernel.org/stable/c/4c10c854113720cbfe75d4f51db79b700a629e73",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4c10c854113720cbfe75d4f51db79b700a629e73"
},
{
"url": "https://git.kernel.org/stable/c/43d2748394c3feb86c0c771466f5847e274fc043",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/43d2748394c3feb86c0c771466f5847e274fc043"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

92
2022/49xxx/CVE-2022-49886.json
View File

@ -1,102 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49886",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/tdx: Panic on bad configs that #VE on \"private\" memory access\n\nAll normal kernel memory is \"TDX private memory\". This includes\neverything from kernel stacks to kernel text. Handling\nexceptions on arbitrary accesses to kernel memory is essentially\nimpossible because they can happen in horribly nasty places like\nkernel entry/exit. But, TDX hardware can theoretically _deliver_\na virtualization exception (#VE) on any access to private memory.\n\nBut, it's not as bad as it sounds. TDX can be configured to never\ndeliver these exceptions on private memory with a \"TD attribute\"\ncalled ATTR_SEPT_VE_DISABLE. The guest has no way to *set* this\nattribute, but it can check it.\n\nEnsure ATTR_SEPT_VE_DISABLE is set in early boot. panic() if it\nis unset. There is no sane way for Linux to run with this\nattribute clear so a panic() is appropriate.\n\nThere's small window during boot before the check where kernel\nhas an early #VE handler. But the handler is only for port I/O\nand will also panic() as soon as it sees any other #VE, such as\na one generated by a private memory access.\n\n[ dhansen: Rewrite changelog and rebase on new tdx_parse_tdinfo().\n\t Add Kirill's tested-by because I made changes since\n\t he wrote this. ]"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9a22bf6debbf5169f750af53c7f86eb4e3cd6712",
"version_value": "895c168c8f78079f21ad50fead7593ffa352f795"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.19",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.19",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/895c168c8f78079f21ad50fead7593ffa352f795",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/895c168c8f78079f21ad50fead7593ffa352f795"
},
{
"url": "https://git.kernel.org/stable/c/373e715e31bf4e0f129befe87613a278fac228d3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/373e715e31bf4e0f129befe87613a278fac228d3"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

115
2022/49xxx/CVE-2022-49887.json
View File

@ -1,125 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49887",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: meson: vdec: fix possible refcount leak in vdec_probe()\n\nv4l2_device_unregister need to be called to put the refcount got by\nv4l2_device_register when vdec_probe fails or vdec_remove is called."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "70119756311a0be3b95bec2e1ba714673e90feba"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/70119756311a0be3b95bec2e1ba714673e90feba",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/70119756311a0be3b95bec2e1ba714673e90feba"
},
{
"url": "https://git.kernel.org/stable/c/be6e22f54623d8a856a4f167b25be73c2ff1ff80",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/be6e22f54623d8a856a4f167b25be73c2ff1ff80"
},
{
"url": "https://git.kernel.org/stable/c/f96ad391d054bd5c36994f98afd6a12cbb5600bf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f96ad391d054bd5c36994f98afd6a12cbb5600bf"
},
{
"url": "https://git.kernel.org/stable/c/0457e7b12ece1a7e41fa0ae8b7e47c0a72a83bef",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0457e7b12ece1a7e41fa0ae8b7e47c0a72a83bef"
},
{
"url": "https://git.kernel.org/stable/c/7718999356234d9cc6a11b4641bb773928f1390f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7718999356234d9cc6a11b4641bb773928f1390f"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

103
2022/49xxx/CVE-2022-49888.json
View File

@ -1,113 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49888",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: entry: avoid kprobe recursion\n\nThe cortex_a76_erratum_1463225_debug_handler() function is called when\nhandling debug exceptions (and synchronous exceptions from BRK\ninstructions), and so is called when a probed function executes. If the\ncompiler does not inline cortex_a76_erratum_1463225_debug_handler(), it\ncan be probed.\n\nIf cortex_a76_erratum_1463225_debug_handler() is probed, any debug\nexception or software breakpoint exception will result in recursive\nexceptions leading to a stack overflow. This can be triggered with the\nftrace multiple_probes selftest, and as per the example splat below.\n\nThis is a regression caused by commit:\n\n 6459b8469753e9fe (\"arm64: entry: consolidate Cortex-A76 erratum 1463225 workaround\")\n\n... which removed the NOKPROBE_SYMBOL() annotation associated with the\nfunction.\n\nMy intent was that cortex_a76_erratum_1463225_debug_handler() would be\ninlined into its caller, el1_dbg(), which is marked noinstr and cannot\nbe probed. Mark cortex_a76_erratum_1463225_debug_handler() as\n__always_inline to ensure this.\n\nExample splat prior to this patch (with recursive entries elided):\n\n| # echo p cortex_a76_erratum_1463225_debug_handler > /sys/kernel/debug/tracing/kprobe_events\n| # echo p do_el0_svc >> /sys/kernel/debug/tracing/kprobe_events\n| # echo 1 > /sys/kernel/debug/tracing/events/kprobes/enable\n| Insufficient stack space to handle exception!\n| ESR: 0x0000000096000047 -- DABT (current EL)\n| FAR: 0xffff800009cefff0\n| Task stack: [0xffff800009cf0000..0xffff800009cf4000]\n| IRQ stack: [0xffff800008000000..0xffff800008004000]\n| Overflow stack: [0xffff00007fbc00f0..0xffff00007fbc10f0]\n| CPU: 0 PID: 145 Comm: sh Not tainted 6.0.0 #2\n| Hardware name: linux,dummy-virt (DT)\n| pstate: 604003c5 (nZCv DAIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n| pc : arm64_enter_el1_dbg+0x4/0x20\n| lr : el1_dbg+0x24/0x5c\n| sp : ffff800009cf0000\n| x29: ffff800009cf0000 x28: ffff000002c74740 x27: 0000000000000000\n| x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n| x23: 00000000604003c5 x22: ffff80000801745c x21: 0000aaaac95ac068\n| x20: 00000000f2000004 x19: ffff800009cf0040 x18: 0000000000000000\n| x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n| x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n| x11: 0000000000000010 x10: ffff800008c87190 x9 : ffff800008ca00d0\n| x8 : 000000000000003c x7 : 0000000000000000 x6 : 0000000000000000\n| x5 : 0000000000000000 x4 : 0000000000000000 x3 : 00000000000043a4\n| x2 : 00000000f2000004 x1 : 00000000f2000004 x0 : ffff800009cf0040\n| Kernel panic - not syncing: kernel stack overflow\n| CPU: 0 PID: 145 Comm: sh Not tainted 6.0.0 #2\n| Hardware name: linux,dummy-virt (DT)\n| Call trace:\n| dump_backtrace+0xe4/0x104\n| show_stack+0x18/0x4c\n| dump_stack_lvl+0x64/0x7c\n| dump_stack+0x18/0x38\n| panic+0x14c/0x338\n| test_taint+0x0/0x2c\n| panic_bad_stack+0x104/0x118\n| handle_bad_stack+0x34/0x48\n| __bad_stack+0x78/0x7c\n| arm64_enter_el1_dbg+0x4/0x20\n| el1h_64_sync_handler+0x40/0x98\n| el1h_64_sync+0x64/0x68\n| cortex_a76_erratum_1463225_debug_handler+0x0/0x34\n...\n| el1h_64_sync_handler+0x40/0x98\n| el1h_64_sync+0x64/0x68\n| cortex_a76_erratum_1463225_debug_handler+0x0/0x34\n...\n| el1h_64_sync_handler+0x40/0x98\n| el1h_64_sync+0x64/0x68\n| cortex_a76_erratum_1463225_debug_handler+0x0/0x34\n| el1h_64_sync_handler+0x40/0x98\n| el1h_64_sync+0x64/0x68\n| do_el0_svc+0x0/0x28\n| el0t_64_sync_handler+0x84/0xf0\n| el0t_64_sync+0x18c/0x190\n| Kernel Offset: disabled\n| CPU features: 0x0080,00005021,19001080\n| Memory Limit: none\n| ---[ end Kernel panic - not syncing: kernel stack overflow ]---\n\nWith this patch, cortex_a76_erratum_1463225_debug_handler() is inlined\ninto el1_dbg(), and el1_dbg() cannot be probed:\n\n| # echo p cortex_a76_erratum_1463225_debug_handler > /sys/kernel/debug/tracing/kprobe_events\n| sh: write error: No such file or directory\n| # grep -w cortex_a76_errat\n---truncated---"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6459b8469753e9feaa8b34691d097cffad905931",
"version_value": "71d6c33fe223255f4416a01514da2c0bc3e283e7"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.12",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/71d6c33fe223255f4416a01514da2c0bc3e283e7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/71d6c33fe223255f4416a01514da2c0bc3e283e7"
},
{
"url": "https://git.kernel.org/stable/c/db66629d43b2d12cb43b004a4ca6be1d03228e97",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/db66629d43b2d12cb43b004a4ca6be1d03228e97"
},
{
"url": "https://git.kernel.org/stable/c/024f4b2e1f874934943eb2d3d288ebc52c79f55c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/024f4b2e1f874934943eb2d3d288ebc52c79f55c"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

87
2022/49xxx/CVE-2022-49889.json
View File

@ -1,97 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49889",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters()\n\nOn some machines the number of listed CPUs may be bigger than the actual\nCPUs that exist. The tracing subsystem allocates a per_cpu directory with\naccess to the per CPU ring buffer via a cpuX file. But to save space, the\nring buffer will only allocate buffers for online CPUs, even though the\nCPU array will be as big as the nr_cpu_ids.\n\nWith the addition of waking waiters on the ring buffer when closing the\nfile, the ring_buffer_wake_waiters() now needs to make sure that the\nbuffer is allocated (with the irq_work allocated with it) before trying to\nwake waiters, as it will cause a NULL pointer dereference.\n\nWhile debugging this, I added a NULL check for the buffer itself (which is\nOK to do), and also NULL pointer checks against buffer->buffers (which is\nnot fine, and will WARN) as well as making sure the CPU number passed in\nis within the nr_cpu_ids (which is also not fine if it isn't).\n\n\nBugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=1204705"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2475de2bc0de17fb1b24c5e90194f84b5ca70d3e",
"version_value": "b5074df412bf3df9d6ce096b6fa03eb1082d05c9"
},
{
"version_affected": "<",
"version_name": "f4f15344110d0b5b8822ac97bc8200e71939c945",
"version_value": "49ca992f6e50d0f46ec9608f44e011cf3121f389"
},
{
"version_affected": "<",
"version_name": "f3ddb74ad0790030c9592229fb14d8c451f4e9a8",
"version_value": "7433632c9ff68a991bd0bc38cabf354e9d2de410"
},
{
"version_affected": "<",
"version_name": "5.15.75",
"version_value": "5.15.78"
},
{
"version_affected": "<",
"version_name": "6.0.3",
"version_value": "6.0.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b5074df412bf3df9d6ce096b6fa03eb1082d05c9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b5074df412bf3df9d6ce096b6fa03eb1082d05c9"
},
{
"url": "https://git.kernel.org/stable/c/49ca992f6e50d0f46ec9608f44e011cf3121f389",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/49ca992f6e50d0f46ec9608f44e011cf3121f389"
},
{
"url": "https://git.kernel.org/stable/c/7433632c9ff68a991bd0bc38cabf354e9d2de410",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7433632c9ff68a991bd0bc38cabf354e9d2de410"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

147
2022/49xxx/CVE-2022-49890.json
View File

@ -1,157 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49890",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncapabilities: fix potential memleak on error path from vfs_getxattr_alloc()\n\nIn cap_inode_getsecurity(), we will use vfs_getxattr_alloc() to\ncomplete the memory allocation of tmpbuf, if we have completed\nthe memory allocation of tmpbuf, but failed to call handler->get(...),\nthere will be a memleak in below logic:\n\n |-- ret = (int)vfs_getxattr_alloc(mnt_userns, ...)\n | /* ^^^ alloc for tmpbuf */\n |-- value = krealloc(*xattr_value, error + 1, flags)\n | /* ^^^ alloc memory */\n |-- error = handler->get(handler, ...)\n | /* error! */\n |-- *xattr_value = value\n | /* xattr_value is &tmpbuf (memory leak!) */\n\nSo we will try to free(tmpbuf) after vfs_getxattr_alloc() fails to fix it.\n\n[PM: subject line and backtrace tweaks]"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8db6c34f1dbc8e06aa016a9b829b06902c3e1340",
"version_value": "6bb00eb21c0fbf18e5d3538c9ff0cf63fd0ace85"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.299",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.265",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/6bb00eb21c0fbf18e5d3538c9ff0cf63fd0ace85",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6bb00eb21c0fbf18e5d3538c9ff0cf63fd0ace85"
},
{
"url": "https://git.kernel.org/stable/c/90577bcc01c4188416a47269f8433f70502abe98",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/90577bcc01c4188416a47269f8433f70502abe98"
},
{
"url": "https://git.kernel.org/stable/c/0c3e6288da650d1ec911a259c77bc2d88e498603",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0c3e6288da650d1ec911a259c77bc2d88e498603"
},
{
"url": "https://git.kernel.org/stable/c/cdf01c807e974048c43c7fd3ca574f6086a57906",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cdf01c807e974048c43c7fd3ca574f6086a57906"
},
{
"url": "https://git.kernel.org/stable/c/2de8eec8afb75792440b8900a01d52b8f6742fd1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2de8eec8afb75792440b8900a01d52b8f6742fd1"
},
{
"url": "https://git.kernel.org/stable/c/7480aeff0093d8c54377553ec6b31110bea37b4d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7480aeff0093d8c54377553ec6b31110bea37b4d"
},
{
"url": "https://git.kernel.org/stable/c/8cf0a1bc12870d148ae830a4ba88cfdf0e879cee",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8cf0a1bc12870d148ae830a4ba88cfdf0e879cee"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

114
2022/49xxx/CVE-2022-49891.json
View File

@ -1,124 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49891",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()\n\ntest_gen_kprobe_cmd() only free buf in fail path, hence buf will leak\nwhen there is no failure. Move kfree(buf) from fail path to common path\nto prevent the memleak. The same reason and solution in\ntest_gen_kretprobe_cmd().\n\nunreferenced object 0xffff888143b14000 (size 2048):\n comm \"insmod\", pid 52490, jiffies 4301890980 (age 40.553s)\n hex dump (first 32 bytes):\n 70 3a 6b 70 72 6f 62 65 73 2f 67 65 6e 5f 6b 70 p:kprobes/gen_kp\n 72 6f 62 65 5f 74 65 73 74 20 64 6f 5f 73 79 73 robe_test do_sys\n backtrace:\n [<000000006d7b836b>] kmalloc_trace+0x27/0xa0\n [<0000000009528b5b>] 0xffffffffa059006f\n [<000000008408b580>] do_one_initcall+0x87/0x2a0\n [<00000000c4980a7e>] do_init_module+0xdf/0x320\n [<00000000d775aad0>] load_module+0x3006/0x3390\n [<00000000e9a74b80>] __do_sys_finit_module+0x113/0x1b0\n [<000000003726480d>] do_syscall_64+0x35/0x80\n [<000000003441e93b>] entry_SYSCALL_64_after_hwframe+0x46/0xb0"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "64836248dda20c8e7427b493f7e06d9bf8f58850",
"version_value": "bef08acbe560a926b4cee9cc46404cc98ae5703b"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.6",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/bef08acbe560a926b4cee9cc46404cc98ae5703b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bef08acbe560a926b4cee9cc46404cc98ae5703b"
},
{
"url": "https://git.kernel.org/stable/c/d1b6a8e3414aeaa0985139180c145d2d0fbd2a49",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d1b6a8e3414aeaa0985139180c145d2d0fbd2a49"
},
{
"url": "https://git.kernel.org/stable/c/71aeb8d01a8c7ab5cf7da3f81b35206f56ce6bca",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/71aeb8d01a8c7ab5cf7da3f81b35206f56ce6bca"
},
{
"url": "https://git.kernel.org/stable/c/66f0919c953ef7b55e5ab94389a013da2ce80a2c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/66f0919c953ef7b55e5ab94389a013da2ce80a2c"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

114
2022/49xxx/CVE-2022-49892.json
View File

@ -1,124 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49892",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix use-after-free for dynamic ftrace_ops\n\nKASAN reported a use-after-free with ftrace ops [1]. It was found from\nvmcore that perf had registered two ops with the same content\nsuccessively, both dynamic. After unregistering the second ops, a\nuse-after-free occurred.\n\nIn ftrace_shutdown(), when the second ops is unregistered, the\nFTRACE_UPDATE_CALLS command is not set because there is another enabled\nops with the same content. Also, both ops are dynamic and the ftrace\ncallback function is ftrace_ops_list_func, so the\nFTRACE_UPDATE_TRACE_FUNC command will not be set. Eventually the value\nof 'command' will be 0 and ftrace_shutdown() will skip the rcu\nsynchronization.\n\nHowever, ftrace may be activated. When the ops is released, another CPU\nmay be accessing the ops. Add the missing synchronization to fix this\nproblem.\n\n[1]\nBUG: KASAN: use-after-free in __ftrace_ops_list_func kernel/trace/ftrace.c:7020 [inline]\nBUG: KASAN: use-after-free in ftrace_ops_list_func+0x2b0/0x31c kernel/trace/ftrace.c:7049\nRead of size 8 at addr ffff56551965bbc8 by task syz-executor.2/14468\n\nCPU: 1 PID: 14468 Comm: syz-executor.2 Not tainted 5.10.0 #7\nHardware name: linux,dummy-virt (DT)\nCall trace:\n dump_backtrace+0x0/0x40c arch/arm64/kernel/stacktrace.c:132\n show_stack+0x30/0x40 arch/arm64/kernel/stacktrace.c:196\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x1b4/0x248 lib/dump_stack.c:118\n print_address_description.constprop.0+0x28/0x48c mm/kasan/report.c:387\n __kasan_report mm/kasan/report.c:547 [inline]\n kasan_report+0x118/0x210 mm/kasan/report.c:564\n check_memory_region_inline mm/kasan/generic.c:187 [inline]\n __asan_load8+0x98/0xc0 mm/kasan/generic.c:253\n __ftrace_ops_list_func kernel/trace/ftrace.c:7020 [inline]\n ftrace_ops_list_func+0x2b0/0x31c kernel/trace/ftrace.c:7049\n ftrace_graph_call+0x0/0x4\n __might_sleep+0x8/0x100 include/linux/perf_event.h:1170\n __might_fault mm/memory.c:5183 [inline]\n __might_fault+0x58/0x70 mm/memory.c:5171\n do_strncpy_from_user lib/strncpy_from_user.c:41 [inline]\n strncpy_from_user+0x1f4/0x4b0 lib/strncpy_from_user.c:139\n getname_flags+0xb0/0x31c fs/namei.c:149\n getname+0x2c/0x40 fs/namei.c:209\n [...]\n\nAllocated by task 14445:\n kasan_save_stack+0x24/0x50 mm/kasan/common.c:48\n kasan_set_track mm/kasan/common.c:56 [inline]\n __kasan_kmalloc mm/kasan/common.c:479 [inline]\n __kasan_kmalloc.constprop.0+0x110/0x13c mm/kasan/common.c:449\n kasan_kmalloc+0xc/0x14 mm/kasan/common.c:493\n kmem_cache_alloc_trace+0x440/0x924 mm/slub.c:2950\n kmalloc include/linux/slab.h:563 [inline]\n kzalloc include/linux/slab.h:675 [inline]\n perf_event_alloc.part.0+0xb4/0x1350 kernel/events/core.c:11230\n perf_event_alloc kernel/events/core.c:11733 [inline]\n __do_sys_perf_event_open kernel/events/core.c:11831 [inline]\n __se_sys_perf_event_open+0x550/0x15f4 kernel/events/core.c:11723\n __arm64_sys_perf_event_open+0x6c/0x80 kernel/events/core.c:11723\n [...]\n\nFreed by task 14445:\n kasan_save_stack+0x24/0x50 mm/kasan/common.c:48\n kasan_set_track+0x24/0x34 mm/kasan/common.c:56\n kasan_set_free_info+0x20/0x40 mm/kasan/generic.c:358\n __kasan_slab_free.part.0+0x11c/0x1b0 mm/kasan/common.c:437\n __kasan_slab_free mm/kasan/common.c:445 [inline]\n kasan_slab_free+0x2c/0x40 mm/kasan/common.c:446\n slab_free_hook mm/slub.c:1569 [inline]\n slab_free_freelist_hook mm/slub.c:1608 [inline]\n slab_free mm/slub.c:3179 [inline]\n kfree+0x12c/0xc10 mm/slub.c:4176\n perf_event_alloc.part.0+0xa0c/0x1350 kernel/events/core.c:11434\n perf_event_alloc kernel/events/core.c:11733 [inline]\n __do_sys_perf_event_open kernel/events/core.c:11831 [inline]\n __se_sys_perf_event_open+0x550/0x15f4 kernel/events/core.c:11723\n [...]"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "edb096e00724f02db5f6ec7900f3bbd465c6c76f",
"version_value": "ea5f2fd4640ecbb9df969bf8bb27733ae2183169"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/ea5f2fd4640ecbb9df969bf8bb27733ae2183169",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ea5f2fd4640ecbb9df969bf8bb27733ae2183169"
},
{
"url": "https://git.kernel.org/stable/c/88561a66777e7a2fe06638c6dcb22a9fae0b6733",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/88561a66777e7a2fe06638c6dcb22a9fae0b6733"
},
{
"url": "https://git.kernel.org/stable/c/cc1b9961a0ceb70f6ca4e2f4b8bb71c87c7a495c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cc1b9961a0ceb70f6ca4e2f4b8bb71c87c7a495c"
},
{
"url": "https://git.kernel.org/stable/c/0e792b89e6800cd9cb4757a76a96f7ef3e8b6294",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0e792b89e6800cd9cb4757a76a96f7ef3e8b6294"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

92
2022/49xxx/CVE-2022-49893.json
View File

@ -1,102 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49893",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Fix cxl_region leak, cleanup targets at region delete\n\nWhen a region is deleted any targets that have been previously assigned\nto that region hold references to it. Trigger those references to\ndrop by detaching all targets at unregister_region() time.\n\nOtherwise that region object will leak as userspace has lost the ability\nto detach targets once region sysfs is torn down."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "b9686e8c8e39d4072081ef078c04915ee51c8af4",
"version_value": "45d9fb4b758b9d602ee7776eb6754b0349946aad"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.0",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.0",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/45d9fb4b758b9d602ee7776eb6754b0349946aad",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/45d9fb4b758b9d602ee7776eb6754b0349946aad"
},
{
"url": "https://git.kernel.org/stable/c/0d9e734018d70cecf79e2e4c6082167160a0f13f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0d9e734018d70cecf79e2e4c6082167160a0f13f"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

92
2022/49xxx/CVE-2022-49894.json
View File

@ -1,102 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49894",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Fix region HPA ordering validation\n\nSome regions may not have any address space allocated. Skip them when\nvalidating HPA order otherwise a crash like the following may result:\n\n devm_cxl_add_region: cxl_acpi cxl_acpi.0: decoder3.4: created region9\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n [..]\n RIP: 0010:store_targetN+0x655/0x1740 [cxl_core]\n [..]\n Call Trace:\n <TASK>\n kernfs_fop_write_iter+0x144/0x200\n vfs_write+0x24a/0x4d0\n ksys_write+0x69/0xf0\n do_syscall_64+0x3a/0x90\n\nstore_targetN+0x655/0x1740:\nalloc_region_ref at drivers/cxl/core/region.c:676\n(inlined by) cxl_port_attach_region at drivers/cxl/core/region.c:850\n(inlined by) cxl_region_attach at drivers/cxl/core/region.c:1290\n(inlined by) attach_target at drivers/cxl/core/region.c:1410\n(inlined by) store_targetN at drivers/cxl/core/region.c:1453"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "384e624bb211b406db40edc900bb51af8bb267d0",
"version_value": "12316b9f7c18138ae656050cfd716728e27b7e2f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.0",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.0",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/12316b9f7c18138ae656050cfd716728e27b7e2f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/12316b9f7c18138ae656050cfd716728e27b7e2f"
},
{
"url": "https://git.kernel.org/stable/c/a90accb358ae33ea982a35595573f7a045993f8b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a90accb358ae33ea982a35595573f7a045993f8b"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

92
2022/49xxx/CVE-2022-49895.json
View File

@ -1,102 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49895",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Fix decoder allocation crash\n\nWhen an intermediate port's decoders have been exhausted by existing\nregions, and creating a new region with the port in question in it's\nhierarchical path is attempted, cxl_port_attach_region() fails to find a\nport decoder (as would be expected), and drops into the failure / cleanup\npath.\n\nHowever, during cleanup of the region reference, a sanity check attempts\nto dereference the decoder, which in the above case didn't exist. This\ncauses a NULL pointer dereference BUG.\n\nTo fix this, refactor the decoder allocation and de-allocation into\nhelper routines, and in this 'free' routine, check that the decoder,\n@cxld, is valid before attempting any operations on it."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "384e624bb211b406db40edc900bb51af8bb267d0",
"version_value": "c6813b5610ac53af73edd87a660d23a0511faa47"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.0",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.0",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/c6813b5610ac53af73edd87a660d23a0511faa47",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c6813b5610ac53af73edd87a660d23a0511faa47"
},
{
"url": "https://git.kernel.org/stable/c/71ee71d7adcba648077997a29a91158d20c40b09",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/71ee71d7adcba648077997a29a91158d20c40b09"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

92
2022/49xxx/CVE-2022-49896.json
View File

@ -1,102 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49896",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/pmem: Fix cxl_pmem_region and cxl_memdev leak\n\nWhen a cxl_nvdimm object goes through a ->remove() event (device\nphysically removed, nvdimm-bridge disabled, or nvdimm device disabled),\nthen any associated regions must also be disabled. As highlighted by the\ncxl-create-region.sh test [1], a single device may host multiple\nregions, but the driver was only tracking one region at a time. This\nleads to a situation where only the last enabled region per nvdimm\ndevice is cleaned up properly. Other regions are leaked, and this also\ncauses cxl_memdev reference leaks.\n\nFix the tracking by allowing cxl_nvdimm objects to track multiple region\nassociations."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "04ad63f086d1a9649b8b082748cbc7a570ade461",
"version_value": "f43b6bfdbab78606735ba81185cf0602b81e40b6"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.0",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.0",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f43b6bfdbab78606735ba81185cf0602b81e40b6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f43b6bfdbab78606735ba81185cf0602b81e40b6"
},
{
"url": "https://git.kernel.org/stable/c/4d07ae22e79ebc2d7528bbc69daa53b86981cb3a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4d07ae22e79ebc2d7528bbc69daa53b86981cb3a"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

93
2022/49xxx/CVE-2022-49897.json
View File

@ -1,103 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49897",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfscrypt: fix keyring memory leak on mount failure\n\nCommit d7e7b9af104c (\"fscrypt: stop using keyrings subsystem for\nfscrypt_master_key\") moved the keyring destruction from __put_super() to\ngeneric_shutdown_super() so that the filesystem's block device(s) are\nstill available. Unfortunately, this causes a memory leak in the case\nwhere a mount is attempted with the test_dummy_encryption mount option,\nbut the mount fails after the option has already been processed.\n\nTo fix this, attempt the keyring destruction in both places."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "391cceee6d435e616f68631e68f5b32d480b1e67",
"version_value": "29997a6fa60de1de2fa0de471e7652efa6e95868"
},
{
"version_affected": "<",
"version_name": "e6f4fd85ef1ee6ab356bfbd64df28c1cb73aee7e",
"version_value": "cff805b1518f38d57866065343db2285f2dcd5ab"
},
{
"version_affected": "<",
"version_name": "68d15d6558a386f46d815a6ac39edecad713a1bf",
"version_value": "0b1747653b102c555bac745ebe5ca86cdd20e43f"
},
{
"version_affected": "<",
"version_name": "d7e7b9af104c7b389a0c21eb26532511bce4b510",
"version_value": "ccd30a476f8e864732de220bd50e6f372f5ebcab"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/29997a6fa60de1de2fa0de471e7652efa6e95868",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/29997a6fa60de1de2fa0de471e7652efa6e95868"
},
{
"url": "https://git.kernel.org/stable/c/cff805b1518f38d57866065343db2285f2dcd5ab",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cff805b1518f38d57866065343db2285f2dcd5ab"
},
{
"url": "https://git.kernel.org/stable/c/0b1747653b102c555bac745ebe5ca86cdd20e43f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0b1747653b102c555bac745ebe5ca86cdd20e43f"
},
{
"url": "https://git.kernel.org/stable/c/ccd30a476f8e864732de220bd50e6f372f5ebcab",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ccd30a476f8e864732de220bd50e6f372f5ebcab"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

103
2022/49xxx/CVE-2022-49898.json
View File

@ -1,113 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49898",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix tree mod log mishandling of reallocated nodes\n\nWe have been seeing the following panic in production\n\n kernel BUG at fs/btrfs/tree-mod-log.c:677!\n invalid opcode: 0000 [#1] SMP\n RIP: 0010:tree_mod_log_rewind+0x1b4/0x200\n RSP: 0000:ffffc9002c02f890 EFLAGS: 00010293\n RAX: 0000000000000003 RBX: ffff8882b448c700 RCX: 0000000000000000\n RDX: 0000000000008000 RSI: 00000000000000a7 RDI: ffff88877d831c00\n RBP: 0000000000000002 R08: 000000000000009f R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000100c40 R12: 0000000000000001\n R13: ffff8886c26d6a00 R14: ffff88829f5424f8 R15: ffff88877d831a00\n FS: 00007fee1d80c780(0000) GS:ffff8890400c0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fee1963a020 CR3: 0000000434f33002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n btrfs_get_old_root+0x12b/0x420\n btrfs_search_old_slot+0x64/0x2f0\n ? tree_mod_log_oldest_root+0x3d/0xf0\n resolve_indirect_ref+0xfd/0x660\n ? ulist_alloc+0x31/0x60\n ? kmem_cache_alloc_trace+0x114/0x2c0\n find_parent_nodes+0x97a/0x17e0\n ? ulist_alloc+0x30/0x60\n btrfs_find_all_roots_safe+0x97/0x150\n iterate_extent_inodes+0x154/0x370\n ? btrfs_search_path_in_tree+0x240/0x240\n iterate_inodes_from_logical+0x98/0xd0\n ? btrfs_search_path_in_tree+0x240/0x240\n btrfs_ioctl_logical_to_ino+0xd9/0x180\n btrfs_ioctl+0xe2/0x2ec0\n ? __mod_memcg_lruvec_state+0x3d/0x280\n ? do_sys_openat2+0x6d/0x140\n ? kretprobe_dispatcher+0x47/0x70\n ? kretprobe_rethook_handler+0x38/0x50\n ? rethook_trampoline_handler+0x82/0x140\n ? arch_rethook_trampoline_callback+0x3b/0x50\n ? kmem_cache_free+0xfb/0x270\n ? do_sys_openat2+0xd5/0x140\n __x64_sys_ioctl+0x71/0xb0\n do_syscall_64+0x2d/0x40\n\nWhich is this code in tree_mod_log_rewind()\n\n\tswitch (tm->op) {\n case BTRFS_MOD_LOG_KEY_REMOVE_WHILE_FREEING:\n\t\tBUG_ON(tm->slot < n);\n\nThis occurs because we replay the nodes in order that they happened, and\nwhen we do a REPLACE we will log a REMOVE_WHILE_FREEING for every slot,\nstarting at 0. 'n' here is the number of items in this block, which in\nthis case was 1, but we had 2 REMOVE_WHILE_FREEING operations.\n\nThe actual root cause of this was that we were replaying operations for\na block that shouldn't have been replayed. Consider the following\nsequence of events\n\n1. We have an already modified root, and we do a btrfs_get_tree_mod_seq().\n2. We begin removing items from this root, triggering KEY_REPLACE for\n it's child slots.\n3. We remove one of the 2 children this root node points to, thus triggering\n the root node promotion of the remaining child, and freeing this node.\n4. We modify a new root, and re-allocate the above node to the root node of\n this other root.\n\nThe tree mod log looks something like this\n\n\tlogical 0\top KEY_REPLACE (slot 1)\t\t\tseq 2\n\tlogical 0\top KEY_REMOVE (slot 1)\t\t\tseq 3\n\tlogical 0\top KEY_REMOVE_WHILE_FREEING (slot 0)\tseq 4\n\tlogical 4096\top LOG_ROOT_REPLACE (old logical 0)\tseq 5\n\tlogical 8192\top KEY_REMOVE_WHILE_FREEING (slot 1)\tseq 6\n\tlogical 8192\top KEY_REMOVE_WHILE_FREEING (slot 0)\tseq 7\n\tlogical 0\top LOG_ROOT_REPLACE (old logical 8192)\tseq 8\n\n>From here the bug is triggered by the following steps\n\n1. Call btrfs_get_old_root() on the new_root.\n2. We call tree_mod_log_oldest_root(btrfs_root_node(new_root)), which is\n currently logical 0.\n3. tree_mod_log_oldest_root() calls tree_mod_log_search_oldest(), which\n gives us the KEY_REPLACE seq 2, and since that's not a\n LOG_ROOT_REPLACE we incorrectly believe that we don't have an old\n root, because we expect that the most recent change should be a\n LOG_ROOT_REPLACE.\n4. Back in tree_mod_log_oldest_root() we don't have a LOG_ROOT_REPLACE,\n so we don't set old_root, we simply use our e\n---truncated---"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "bd989ba359f2acb8bc5f5490e19010fc0a6f8356",
"version_value": "007058eb8292efc4c88f921752194b83269da085"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.5",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.5",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/007058eb8292efc4c88f921752194b83269da085",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/007058eb8292efc4c88f921752194b83269da085"
},
{
"url": "https://git.kernel.org/stable/c/52b2b65c9eb56fd829dda323786db828627ff7e6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/52b2b65c9eb56fd829dda323786db828627ff7e6"
},
{
"url": "https://git.kernel.org/stable/c/968b71583130b6104c9f33ba60446d598e327a8b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/968b71583130b6104c9f33ba60446d598e327a8b"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

114
2022/49xxx/CVE-2022-49899.json
View File

@ -1,124 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49899",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfscrypt: stop using keyrings subsystem for fscrypt_master_key\n\nThe approach of fs/crypto/ internally managing the fscrypt_master_key\nstructs as the payloads of \"struct key\" objects contained in a\n\"struct key\" keyring has outlived its usefulness. The original idea was\nto simplify the code by reusing code from the keyrings subsystem.\nHowever, several issues have arisen that can't easily be resolved:\n\n- When a master key struct is destroyed, blk_crypto_evict_key() must be\n called on any per-mode keys embedded in it. (This started being the\n case when inline encryption support was added.) Yet, the keyrings\n subsystem can arbitrarily delay the destruction of keys, even past the\n time the filesystem was unmounted. Therefore, currently there is no\n easy way to call blk_crypto_evict_key() when a master key is\n destroyed. Currently, this is worked around by holding an extra\n reference to the filesystem's request_queue(s). But it was overlooked\n that the request_queue reference is *not* guaranteed to pin the\n corresponding blk_crypto_profile too; for device-mapper devices that\n support inline crypto, it doesn't. This can cause a use-after-free.\n\n- When the last inode that was using an incompletely-removed master key\n is evicted, the master key removal is completed by removing the key\n struct from the keyring. Currently this is done via key_invalidate().\n Yet, key_invalidate() takes the key semaphore. This can deadlock when\n called from the shrinker, since in fscrypt_ioctl_add_key(), memory is\n allocated with GFP_KERNEL under the same semaphore.\n\n- More generally, the fact that the keyrings subsystem can arbitrarily\n delay the destruction of keys (via garbage collection delay, or via\n random processes getting temporary key references) is undesirable, as\n it means we can't strictly guarantee that all secrets are ever wiped.\n\n- Doing the master key lookups via the keyrings subsystem results in the\n key_permission LSM hook being called. fscrypt doesn't want this, as\n all access control for encrypted files is designed to happen via the\n files themselves, like any other files. The workaround which SELinux\n users are using is to change their SELinux policy to grant key search\n access to all domains. This works, but it is an odd extra step that\n shouldn't really have to be done.\n\nThe fix for all these issues is to change the implementation to what I\nshould have done originally: don't use the keyrings subsystem to keep\ntrack of the filesystem's fscrypt_master_key structs. Instead, just\nstore them in a regular kernel data structure, and rework the reference\ncounting, locking, and lifetime accordingly. Retain support for\nRCU-mode key lookups by using a hash table. Replace fscrypt_sb_free()\nwith fscrypt_sb_delete(), which releases the keys synchronously and runs\na bit earlier during unmount, so that block devices are still available.\n\nA side effect of this patch is that neither the master keys themselves\nnor the filesystem keyrings will be listed in /proc/keys anymore.\n(\"Master key users\" and the master key users keyrings will still be\nlisted.) However, this was mostly an implementation detail, and it was\nintended just for debugging purposes. I don't know of anyone using it.\n\nThis patch does *not* change how \"master key users\" (->mk_users) works;\nthat still uses the keyrings subsystem. That is still needed for key\nquotas, and changing that isn't necessary to solve the issues listed\nabove. If we decide to change that too, it would be a separate patch.\n\nI've marked this as fixing the original commit that added the fscrypt\nkeyring, but as noted above the most important issue that this patch\nfixes wasn't introduced until the addition of inline encryption support."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "22d94f493bfb408fdd764f7b1d0363af2122fba5",
"version_value": "391cceee6d435e616f68631e68f5b32d480b1e67"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.4",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.4",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/391cceee6d435e616f68631e68f5b32d480b1e67",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/391cceee6d435e616f68631e68f5b32d480b1e67"
},
{
"url": "https://git.kernel.org/stable/c/e6f4fd85ef1ee6ab356bfbd64df28c1cb73aee7e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e6f4fd85ef1ee6ab356bfbd64df28c1cb73aee7e"
},
{
"url": "https://git.kernel.org/stable/c/68d15d6558a386f46d815a6ac39edecad713a1bf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/68d15d6558a386f46d815a6ac39edecad713a1bf"
},
{
"url": "https://git.kernel.org/stable/c/d7e7b9af104c7b389a0c21eb26532511bce4b510",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d7e7b9af104c7b389a0c21eb26532511bce4b510"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

114
2022/49xxx/CVE-2022-49900.json
View File

@ -1,124 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49900",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: piix4: Fix adapter not be removed in piix4_remove()\n\nIn piix4_probe(), the piix4 adapter will be registered in:\n\n piix4_probe()\n piix4_add_adapters_sb800() / piix4_add_adapter()\n i2c_add_adapter()\n\nBased on the probed device type, piix4_add_adapters_sb800() or single\npiix4_add_adapter() will be called.\nFor the former case, piix4_adapter_count is set as the number of adapters,\nwhile for antoher case it is not set and kept default *zero*.\n\nWhen piix4 is removed, piix4_remove() removes the adapters added in\npiix4_probe(), basing on the piix4_adapter_count value.\nBecause the count is zero for the single adapter case, the adapter won't\nbe removed and makes the sources allocated for adapter leaked, such as\nthe i2c client and device.\n\nThese sources can still be accessed by i2c or bus and cause problems.\nAn easily reproduced case is that if a new adapter is registered, i2c\nwill get the leaked adapter and try to call smbus_algorithm, which was\nalready freed:\n\nTriggered by: rmmod i2c_piix4 && modprobe max31730\n\n BUG: unable to handle page fault for address: ffffffffc053d860\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n Oops: 0000 [#1] PREEMPT SMP KASAN\n CPU: 0 PID: 3752 Comm: modprobe Tainted: G\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n RIP: 0010:i2c_default_probe (drivers/i2c/i2c-core-base.c:2259) i2c_core\n RSP: 0018:ffff888107477710 EFLAGS: 00000246\n ...\n <TASK>\n i2c_detect (drivers/i2c/i2c-core-base.c:2302) i2c_core\n __process_new_driver (drivers/i2c/i2c-core-base.c:1336) i2c_core\n bus_for_each_dev (drivers/base/bus.c:301)\n i2c_for_each_dev (drivers/i2c/i2c-core-base.c:1823) i2c_core\n i2c_register_driver (drivers/i2c/i2c-core-base.c:1861) i2c_core\n do_one_initcall (init/main.c:1296)\n do_init_module (kernel/module/main.c:2455)\n ...\n </TASK>\n ---[ end trace 0000000000000000 ]---\n\nFix this problem by correctly set piix4_adapter_count as 1 for the\nsingle adapter so it can be normally removed."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "528d53a1592b0e27c423f7cafc1df85f77fc1163",
"version_value": "bfd5e62f9a7ee214661cb6f143a3b40ccc63317f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.4",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.4",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/bfd5e62f9a7ee214661cb6f143a3b40ccc63317f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bfd5e62f9a7ee214661cb6f143a3b40ccc63317f"
},
{
"url": "https://git.kernel.org/stable/c/d78ccdce662e88f41e87e90cf2bee63c1715d2a5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d78ccdce662e88f41e87e90cf2bee63c1715d2a5"
},
{
"url": "https://git.kernel.org/stable/c/fe51636fffc8108c7c4da6aa393010e786530ad9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fe51636fffc8108c7c4da6aa393010e786530ad9"
},
{
"url": "https://git.kernel.org/stable/c/569bea74c94d37785682b11bab76f557520477cd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/569bea74c94d37785682b11bab76f557520477cd"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

92
2022/49xxx/CVE-2022-49901.json
View File

@ -1,102 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49901",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: Fix kmemleak in blk_mq_init_allocated_queue\n\nThere is a kmemleak caused by modprobe null_blk.ko\n\nunreferenced object 0xffff8881acb1f000 (size 1024):\n comm \"modprobe\", pid 836, jiffies 4294971190 (age 27.068s)\n hex dump (first 32 bytes):\n 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\n ff ff ff ff ff ff ff ff 00 53 99 9e ff ff ff ff .........S......\n backtrace:\n [<000000004a10c249>] kmalloc_node_trace+0x22/0x60\n [<00000000648f7950>] blk_mq_alloc_and_init_hctx+0x289/0x350\n [<00000000af06de0e>] blk_mq_realloc_hw_ctxs+0x2fe/0x3d0\n [<00000000e00c1872>] blk_mq_init_allocated_queue+0x48c/0x1440\n [<00000000d16b4e68>] __blk_mq_alloc_disk+0xc8/0x1c0\n [<00000000d10c98c3>] 0xffffffffc450d69d\n [<00000000b9299f48>] 0xffffffffc4538392\n [<0000000061c39ed6>] do_one_initcall+0xd0/0x4f0\n [<00000000b389383b>] do_init_module+0x1a4/0x680\n [<0000000087cf3542>] load_module+0x6249/0x7110\n [<00000000beba61b8>] __do_sys_finit_module+0x140/0x200\n [<00000000fdcfff51>] do_syscall_64+0x35/0x80\n [<000000003c0f1f71>] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThat is because q->ma_ops is set to NULL before blk_release_queue is\ncalled.\n\nblk_mq_init_queue_data\n blk_mq_init_allocated_queue\n blk_mq_realloc_hw_ctxs\n for (i = 0; i < set->nr_hw_queues; i++) {\n old_hctx = xa_load(&q->hctx_table, i);\n if (!blk_mq_alloc_and_init_hctx(.., i, ..))\t\t[1]\n if (!old_hctx)\n\t break;\n\n xa_for_each_start(&q->hctx_table, j, hctx, j)\n blk_mq_exit_hctx(q, set, hctx, j); \t\t\t[2]\n\n if (!q->nr_hw_queues)\t\t\t\t\t[3]\n goto err_hctxs;\n\n err_exit:\n q->mq_ops = NULL;\t\t\t \t\t\t[4]\n\n blk_put_queue\n blk_release_queue\n if (queue_is_mq(q))\t\t\t\t\t[5]\n blk_mq_release(q);\n\n[1]: blk_mq_alloc_and_init_hctx failed at i != 0.\n[2]: The hctxs allocated by [1] are moved to q->unused_hctx_list and\nwill be cleaned up in blk_mq_release.\n[3]: q->nr_hw_queues is 0.\n[4]: Set q->mq_ops to NULL.\n[5]: queue_is_mq returns false due to [4]. And blk_mq_release\nwill not be called. The hctxs in q->unused_hctx_list are leaked.\n\nTo fix it, call blk_release_queue in exception path."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2f8f1336a48bd5186de3476da0a3e2ec06d0533a",
"version_value": "2dc97e15a54b7bdf457848aa8c663c98a24e58a6"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.2",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.2",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/2dc97e15a54b7bdf457848aa8c663c98a24e58a6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2dc97e15a54b7bdf457848aa8c663c98a24e58a6"
},
{
"url": "https://git.kernel.org/stable/c/943f45b9399ed8b2b5190cbc797995edaa97f58f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/943f45b9399ed8b2b5190cbc797995edaa97f58f"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

103
2022/49xxx/CVE-2022-49902.json
View File

@ -1,113 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49902",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix possible memory leak for rq_wb on add_disk failure\n\nkmemleak reported memory leaks in device_add_disk():\n\nkmemleak: 3 new suspected memory leaks\n\nunreferenced object 0xffff88800f420800 (size 512):\n comm \"modprobe\", pid 4275, jiffies 4295639067 (age 223.512s)\n hex dump (first 32 bytes):\n 04 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00 ................\n 00 e1 f5 05 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<00000000d3662699>] kmalloc_trace+0x26/0x60\n [<00000000edc7aadc>] wbt_init+0x50/0x6f0\n [<0000000069601d16>] wbt_enable_default+0x157/0x1c0\n [<0000000028fc393f>] blk_register_queue+0x2a4/0x420\n [<000000007345a042>] device_add_disk+0x6fd/0xe40\n [<0000000060e6aab0>] nbd_dev_add+0x828/0xbf0 [nbd]\n ...\n\nIt is because the memory allocated in wbt_enable_default() is not\nreleased in device_add_disk() error path.\nNormally, these memory are freed in:\n\ndel_gendisk()\n rq_qos_exit()\n rqos->ops->exit(rqos);\n wbt_exit()\n\nSo rq_qos_exit() is called to free the rq_wb memory for wbt_init().\nHowever in the error path of device_add_disk(), only\nblk_unregister_queue() is called and make rq_wb memory leaked.\n\nAdd rq_qos_exit() to the error path to fix it."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "83cbce9574462c6b4eed6797bdaf18fae6859ab3",
"version_value": "4e68c5da60cd79950bd56287ae80b39d6261f995"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.15",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/4e68c5da60cd79950bd56287ae80b39d6261f995",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4e68c5da60cd79950bd56287ae80b39d6261f995"
},
{
"url": "https://git.kernel.org/stable/c/528677d3b4af985445bd4ac667485ded1ed11220",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/528677d3b4af985445bd4ac667485ded1ed11220"
},
{
"url": "https://git.kernel.org/stable/c/fa81cbafbf5764ad5053512152345fab37a1fe18",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fa81cbafbf5764ad5053512152345fab37a1fe18"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

136
2022/49xxx/CVE-2022-49903.json
View File

@ -1,146 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49903",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix WARNING in ip6_route_net_exit_late()\n\nDuring the initialization of ip6_route_net_init_late(), if file\nipv6_route or rt6_stats fails to be created, the initialization is\nsuccessful by default. Therefore, the ipv6_route or rt6_stats file\ndoesn't be found during the remove in ip6_route_net_exit_late(). It\nwill cause WRNING.\n\nThe following is the stack information:\nname 'rt6_stats'\nWARNING: CPU: 0 PID: 9 at fs/proc/generic.c:712 remove_proc_entry+0x389/0x460\nModules linked in:\nWorkqueue: netns cleanup_net\nRIP: 0010:remove_proc_entry+0x389/0x460\nPKRU: 55555554\nCall Trace:\n<TASK>\nops_exit_list+0xb0/0x170\ncleanup_net+0x4ea/0xb00\nprocess_one_work+0x9bf/0x1710\nworker_thread+0x665/0x1080\nkthread+0x2e4/0x3a0\nret_from_fork+0x1f/0x30\n</TASK>"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "cdb1876192dbe680b3ac955717fdf7f863c1762d",
"version_value": "83fbf246ced54dadd7b9adc2a16efeff30ba944d"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.26",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.26",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.265",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/83fbf246ced54dadd7b9adc2a16efeff30ba944d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/83fbf246ced54dadd7b9adc2a16efeff30ba944d"
},
{
"url": "https://git.kernel.org/stable/c/381453770f731f0f43616a1cd4c759b7807a1517",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/381453770f731f0f43616a1cd4c759b7807a1517"
},
{
"url": "https://git.kernel.org/stable/c/5dbb47ee89762da433cd8458788d7640c85f1a07",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5dbb47ee89762da433cd8458788d7640c85f1a07"
},
{
"url": "https://git.kernel.org/stable/c/0ed71af4d017d2bd2cbb8f7254f613a4914def26",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0ed71af4d017d2bd2cbb8f7254f613a4914def26"
},
{
"url": "https://git.kernel.org/stable/c/080589287127838046077904f34d5054ea0f895c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/080589287127838046077904f34d5054ea0f895c"
},
{
"url": "https://git.kernel.org/stable/c/768b3c745fe5789f2430bdab02f35a9ad1148d97",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/768b3c745fe5789f2430bdab02f35a9ad1148d97"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

172
2022/49xxx/CVE-2022-49904.json
View File

@ -1,182 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49904",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet, neigh: Fix null-ptr-deref in neigh_table_clear()\n\nWhen IPv6 module gets initialized but hits an error in the middle,\nkenel panic with:\n\nKASAN: null-ptr-deref in range [0x0000000000000598-0x000000000000059f]\nCPU: 1 PID: 361 Comm: insmod\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nRIP: 0010:__neigh_ifdown.isra.0+0x24b/0x370\nRSP: 0018:ffff888012677908 EFLAGS: 00000202\n...\nCall Trace:\n <TASK>\n neigh_table_clear+0x94/0x2d0\n ndisc_cleanup+0x27/0x40 [ipv6]\n inet6_init+0x21c/0x2cb [ipv6]\n do_one_initcall+0xd3/0x4d0\n do_init_module+0x1ae/0x670\n...\nKernel panic - not syncing: Fatal exception\n\nWhen ipv6 initialization fails, it will try to cleanup and calls:\n\nneigh_table_clear()\n neigh_ifdown(tbl, NULL)\n pneigh_queue_purge(&tbl->proxy_queue, dev_net(dev == NULL))\n # dev_net(NULL) triggers null-ptr-deref.\n\nFix it by passing NULL to pneigh_queue_purge() in neigh_ifdown() if dev\nis NULL, to make kernel not panic immediately."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9bbaed571c4bf1b62ac8703cb359dc090efc3455",
"version_value": "0d38b4ca6679e72860ff8730e79bb99d0e9fa3b0"
},
{
"version_affected": "<",
"version_name": "05fdce1ae744dee43c9181fd063c9c0db4f777f2",
"version_value": "b736592de2aa53aee2d48d6b129bc0c892007bbe"
},
{
"version_affected": "<",
"version_name": "51be9dd391fd25872b95708a0250f2f7722d2d8e",
"version_value": "b49f6b2f21f543d4dc88fb7b1ec2adccb822f27c"
},
{
"version_affected": "<",
"version_name": "c35adafe42bd6c3bf2aca0a3f523dabc38fc23c8",
"version_value": "1c89642e7f2b7ecc9635610653f5c2f0276c0051"
},
{
"version_affected": "<",
"version_name": "db6fa03d80ab076238fc806c9925d1f8b9639d1b",
"version_value": "2b45d6d0c41cb9593868e476681efb1aae5078a1"
},
{
"version_affected": "<",
"version_name": "66ba215cb51323e4e55e38fd5f250e0fae0cbc94",
"version_value": "a99a8ec4c62180c889482a2ff6465033e0743458"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.0",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.0",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.299",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.265",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0d38b4ca6679e72860ff8730e79bb99d0e9fa3b0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0d38b4ca6679e72860ff8730e79bb99d0e9fa3b0"
},
{
"url": "https://git.kernel.org/stable/c/b736592de2aa53aee2d48d6b129bc0c892007bbe",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b736592de2aa53aee2d48d6b129bc0c892007bbe"
},
{
"url": "https://git.kernel.org/stable/c/b49f6b2f21f543d4dc88fb7b1ec2adccb822f27c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b49f6b2f21f543d4dc88fb7b1ec2adccb822f27c"
},
{
"url": "https://git.kernel.org/stable/c/1c89642e7f2b7ecc9635610653f5c2f0276c0051",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1c89642e7f2b7ecc9635610653f5c2f0276c0051"
},
{
"url": "https://git.kernel.org/stable/c/2b45d6d0c41cb9593868e476681efb1aae5078a1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2b45d6d0c41cb9593868e476681efb1aae5078a1"
},
{
"url": "https://git.kernel.org/stable/c/a99a8ec4c62180c889482a2ff6465033e0743458",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a99a8ec4c62180c889482a2ff6465033e0743458"
},
{
"url": "https://git.kernel.org/stable/c/f8017317cb0b279b8ab98b0f3901a2e0ac880dad",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f8017317cb0b279b8ab98b0f3901a2e0ac880dad"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

103
2022/49xxx/CVE-2022-49905.json
View File

@ -1,113 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49905",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Fix possible leaked pernet namespace in smc_init()\n\nIn smc_init(), register_pernet_subsys(&smc_net_stat_ops) is called\nwithout any error handling.\nIf it fails, registering of &smc_net_ops won't be reverted.\nAnd if smc_nl_init() fails, &smc_net_stat_ops itself won't be reverted.\n\nThis leaves wild ops in subsystem linkedlist and when another module\ntries to call register_pernet_operations() it triggers page fault:\n\nBUG: unable to handle page fault for address: fffffbfff81b964c\nRIP: 0010:register_pernet_operations+0x1b9/0x5f0\nCall Trace:\n <TASK>\n register_pernet_subsys+0x29/0x40\n ebtables_init+0x58/0x1000 [ebtables]\n ..."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "194730a9beb52d2b030ea45e12d94868d4a0e6fd",
"version_value": "61defd6450a9ef4a1487090449999b0fd83518ef"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/61defd6450a9ef4a1487090449999b0fd83518ef",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/61defd6450a9ef4a1487090449999b0fd83518ef"
},
{
"url": "https://git.kernel.org/stable/c/c97daf836f7caf81d3144b8cd2b2a51f9bc3bd09",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c97daf836f7caf81d3144b8cd2b2a51f9bc3bd09"
},
{
"url": "https://git.kernel.org/stable/c/62ff373da2534534c55debe6c724c7fe14adb97f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/62ff373da2534534c55debe6c724c7fe14adb97f"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

103
2022/49xxx/CVE-2022-49906.json
View File

@ -1,113 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49906",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Free rwi on reset success\n\nFree the rwi structure in the event that the last rwi in the list\nprocessed successfully. The logic in commit 4f408e1fa6e1 (\"ibmvnic:\nretry reset if there are no other resets\") introduces an issue that\nresults in a 32 byte memory leak whenever the last rwi in the list\ngets processed."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4f408e1fa6e10b6da72691233369172bac7d9e9b",
"version_value": "535b78739ae75f257c894a05b1afa86ad9a3669e"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/535b78739ae75f257c894a05b1afa86ad9a3669e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/535b78739ae75f257c894a05b1afa86ad9a3669e"
},
{
"url": "https://git.kernel.org/stable/c/c3543a287cfba9105dcc4bb41eb817f51266caaf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c3543a287cfba9105dcc4bb41eb817f51266caaf"
},
{
"url": "https://git.kernel.org/stable/c/d6dd2fe71153f0ff748bf188bd4af076fe09a0a6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d6dd2fe71153f0ff748bf188bd4af076fe09a0a6"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

158
2022/49xxx/CVE-2022-49907.json
View File

@ -1,168 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49907",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mdio: fix undefined behavior in bit shift for __mdiobus_register\n\nShifting signed 32-bit value by 31 bits is undefined, so changing\nsignificant bit to unsigned. The UBSAN warning calltrace like below:\n\nUBSAN: shift-out-of-bounds in drivers/net/phy/mdio_bus.c:586:27\nleft shift of 1 by 31 places cannot be represented in type 'int'\nCall Trace:\n <TASK>\n dump_stack_lvl+0x7d/0xa5\n dump_stack+0x15/0x1b\n ubsan_epilogue+0xe/0x4e\n __ubsan_handle_shift_out_of_bounds+0x1e7/0x20c\n __mdiobus_register+0x49d/0x4e0\n fixed_mdio_bus_init+0xd8/0x12d\n do_one_initcall+0x76/0x430\n kernel_init_freeable+0x3b3/0x422\n kernel_init+0x24/0x1e0\n ret_from_fork+0x1f/0x30\n </TASK>"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4fd5f812c23c7deee6425f4a318e85c317cd1d6c",
"version_value": "20ed01a7b9af6e6a3c33761eebbb710ea6dd49b7"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.28",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.28",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.9.333",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.299",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.265",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/20ed01a7b9af6e6a3c33761eebbb710ea6dd49b7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/20ed01a7b9af6e6a3c33761eebbb710ea6dd49b7"
},
{
"url": "https://git.kernel.org/stable/c/7006176a3c863e3e353ce1b8a349ef5bb1b9320e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7006176a3c863e3e353ce1b8a349ef5bb1b9320e"
},
{
"url": "https://git.kernel.org/stable/c/a3fafc974be37319679f36dc4e7cca7db1e02973",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a3fafc974be37319679f36dc4e7cca7db1e02973"
},
{
"url": "https://git.kernel.org/stable/c/4954b5359eb141499492fadfab891e28905509e2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4954b5359eb141499492fadfab891e28905509e2"
},
{
"url": "https://git.kernel.org/stable/c/634f066d02bdb22a26da7deb0c7617ab1a65fc9d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/634f066d02bdb22a26da7deb0c7617ab1a65fc9d"
},
{
"url": "https://git.kernel.org/stable/c/985a88bf0b27193522bba7856b1763f428cef19d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/985a88bf0b27193522bba7856b1763f428cef19d"
},
{
"url": "https://git.kernel.org/stable/c/6ce6f8f8f6316da6f92afe7490bc2f0b654d68e0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6ce6f8f8f6316da6f92afe7490bc2f0b654d68e0"
},
{
"url": "https://git.kernel.org/stable/c/40e4eb324c59e11fcb927aa46742d28aba6ecb8a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/40e4eb324c59e11fcb927aa46742d28aba6ecb8a"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

103
2022/49xxx/CVE-2022-49908.json
View File

@ -1,113 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49908",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix memory leak in vhci_write\n\nSyzkaller reports a memory leak as follows:\n====================================\nBUG: memory leak\nunreferenced object 0xffff88810d81ac00 (size 240):\n [...]\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<ffffffff838733d9>] __alloc_skb+0x1f9/0x270 net/core/skbuff.c:418\n [<ffffffff833f742f>] alloc_skb include/linux/skbuff.h:1257 [inline]\n [<ffffffff833f742f>] bt_skb_alloc include/net/bluetooth/bluetooth.h:469 [inline]\n [<ffffffff833f742f>] vhci_get_user drivers/bluetooth/hci_vhci.c:391 [inline]\n [<ffffffff833f742f>] vhci_write+0x5f/0x230 drivers/bluetooth/hci_vhci.c:511\n [<ffffffff815e398d>] call_write_iter include/linux/fs.h:2192 [inline]\n [<ffffffff815e398d>] new_sync_write fs/read_write.c:491 [inline]\n [<ffffffff815e398d>] vfs_write+0x42d/0x540 fs/read_write.c:578\n [<ffffffff815e3cdd>] ksys_write+0x9d/0x160 fs/read_write.c:631\n [<ffffffff845e0645>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n [<ffffffff845e0645>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n [<ffffffff84600087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n====================================\n\nHCI core will uses hci_rx_work() to process frame, which is queued to\nthe hdev->rx_q tail in hci_recv_frame() by HCI driver.\n\nYet the problem is that, HCI core may not free the skb after handling\nACL data packets. To be more specific, when start fragment does not\ncontain the L2CAP length, HCI core just copies skb into conn->rx_skb and\nfinishes frame process in l2cap_recv_acldata(), without freeing the skb,\nwhich triggers the above memory leak.\n\nThis patch solves it by releasing the relative skb, after processing\nthe above case in l2cap_recv_acldata()."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4d7ea8ee90e42fc75995f6fb24032d3233314528",
"version_value": "aa16cac06b752e5f609c106735bd7838f444784c"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.12",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/aa16cac06b752e5f609c106735bd7838f444784c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/aa16cac06b752e5f609c106735bd7838f444784c"
},
{
"url": "https://git.kernel.org/stable/c/5b4f039a2f487c5edae681d763fe1af505f84c13",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5b4f039a2f487c5edae681d763fe1af505f84c13"
},
{
"url": "https://git.kernel.org/stable/c/7c9524d929648935bac2bbb4c20437df8f9c3f42",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7c9524d929648935bac2bbb4c20437df8f9c3f42"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

188
2022/49xxx/CVE-2022-49909.json
View File

@ -1,198 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49909",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: fix use-after-free in l2cap_conn_del()\n\nWhen l2cap_recv_frame() is invoked to receive data, and the cid is\nL2CAP_CID_A2MP, if the channel does not exist, it will create a channel.\nHowever, after a channel is created, the hold operation of the channel\nis not performed. In this case, the value of channel reference counting\nis 1. As a result, after hci_error_reset() is triggered, l2cap_conn_del()\ninvokes the close hook function of A2MP to release the channel. Then\n l2cap_chan_unlock(chan) will trigger UAF issue.\n\nThe process is as follows:\nReceive data:\nl2cap_data_channel()\n a2mp_channel_create() --->channel ref is 2\n l2cap_chan_put() --->channel ref is 1\n\nTriger event:\n hci_error_reset()\n hci_dev_do_close()\n ...\n l2cap_disconn_cfm()\n l2cap_conn_del()\n l2cap_chan_hold() --->channel ref is 2\n l2cap_chan_del() --->channel ref is 1\n a2mp_chan_close_cb() --->channel ref is 0, release channel\n l2cap_chan_unlock() --->UAF of channel\n\nThe detailed Call Trace is as follows:\nBUG: KASAN: use-after-free in __mutex_unlock_slowpath+0xa6/0x5e0\nRead of size 8 at addr ffff8880160664b8 by task kworker/u11:1/7593\nWorkqueue: hci0 hci_error_reset\nCall Trace:\n <TASK>\n dump_stack_lvl+0xcd/0x134\n print_report.cold+0x2ba/0x719\n kasan_report+0xb1/0x1e0\n kasan_check_range+0x140/0x190\n __mutex_unlock_slowpath+0xa6/0x5e0\n l2cap_conn_del+0x404/0x7b0\n l2cap_disconn_cfm+0x8c/0xc0\n hci_conn_hash_flush+0x11f/0x260\n hci_dev_close_sync+0x5f5/0x11f0\n hci_dev_do_close+0x2d/0x70\n hci_error_reset+0x9e/0x140\n process_one_work+0x98a/0x1620\n worker_thread+0x665/0x1080\n kthread+0x2e4/0x3a0\n ret_from_fork+0x1f/0x30\n </TASK>\n\nAllocated by task 7593:\n kasan_save_stack+0x1e/0x40\n __kasan_kmalloc+0xa9/0xd0\n l2cap_chan_create+0x40/0x930\n amp_mgr_create+0x96/0x990\n a2mp_channel_create+0x7d/0x150\n l2cap_recv_frame+0x51b8/0x9a70\n l2cap_recv_acldata+0xaa3/0xc00\n hci_rx_work+0x702/0x1220\n process_one_work+0x98a/0x1620\n worker_thread+0x665/0x1080\n kthread+0x2e4/0x3a0\n ret_from_fork+0x1f/0x30\n\nFreed by task 7593:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_set_free_info+0x20/0x30\n ____kasan_slab_free+0x167/0x1c0\n slab_free_freelist_hook+0x89/0x1c0\n kfree+0xe2/0x580\n l2cap_chan_put+0x22a/0x2d0\n l2cap_conn_del+0x3fc/0x7b0\n l2cap_disconn_cfm+0x8c/0xc0\n hci_conn_hash_flush+0x11f/0x260\n hci_dev_close_sync+0x5f5/0x11f0\n hci_dev_do_close+0x2d/0x70\n hci_error_reset+0x9e/0x140\n process_one_work+0x98a/0x1620\n worker_thread+0x665/0x1080\n kthread+0x2e4/0x3a0\n ret_from_fork+0x1f/0x30\n\nLast potentially related work creation:\n kasan_save_stack+0x1e/0x40\n __kasan_record_aux_stack+0xbe/0xd0\n call_rcu+0x99/0x740\n netlink_release+0xe6a/0x1cf0\n __sock_release+0xcd/0x280\n sock_close+0x18/0x20\n __fput+0x27c/0xa90\n task_work_run+0xdd/0x1a0\n exit_to_user_mode_prepare+0x23c/0x250\n syscall_exit_to_user_mode+0x19/0x50\n do_syscall_64+0x42/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nSecond to last potentially related work creation:\n kasan_save_stack+0x1e/0x40\n __kasan_record_aux_stack+0xbe/0xd0\n call_rcu+0x99/0x740\n netlink_release+0xe6a/0x1cf0\n __sock_release+0xcd/0x280\n sock_close+0x18/0x20\n __fput+0x27c/0xa90\n task_work_run+0xdd/0x1a0\n exit_to_user_mode_prepare+0x23c/0x250\n syscall_exit_to_user_mode+0x19/0x50\n do_syscall_64+0x42/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "d255c861e268ba342e855244639a15f12d7a0bf2",
"version_value": "db4a0783ed78beb2ebaa32f5f785bfd79c580689"
},
{
"version_affected": "<",
"version_name": "5bb395334392891dffae5a0e8f37dbe1d70496c9",
"version_value": "17c6164854f8bb80bf76f32b2c2f199c16b53703"
},
{
"version_affected": "<",
"version_name": "bbd1fdb0e1adf827997a93bf108f20ede038e56e",
"version_value": "7f7bfdd9a9af3b12c33d9da9a012e7f4d5c91f4b"
},
{
"version_affected": "<",
"version_name": "098e07ef0059296e710a801cdbd74b59016e6624",
"version_value": "c1f594dddd9ffd747c39f49cc5b67a9b7677d2ab"
},
{
"version_affected": "<",
"version_name": "de5d4654ac6c22b1be756fdf7db18471e7df01ea",
"version_value": "d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd"
},
{
"version_affected": "<",
"version_name": "f32d5615a78a1256c4f557ccc6543866e75d03f4",
"version_value": "a3a7b2ac64de232edb67279e804932cb42f0b52a"
},
{
"version_affected": "<",
"version_name": "d0be8347c623e0ac4202a1d4e0373882821f56b0",
"version_value": "8f7e4cf0694149a5d999d676ebd9ecf1b4cb2cc9"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.19",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.19",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.9.333",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.299",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.265",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/db4a0783ed78beb2ebaa32f5f785bfd79c580689",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/db4a0783ed78beb2ebaa32f5f785bfd79c580689"
},
{
"url": "https://git.kernel.org/stable/c/17c6164854f8bb80bf76f32b2c2f199c16b53703",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/17c6164854f8bb80bf76f32b2c2f199c16b53703"
},
{
"url": "https://git.kernel.org/stable/c/7f7bfdd9a9af3b12c33d9da9a012e7f4d5c91f4b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7f7bfdd9a9af3b12c33d9da9a012e7f4d5c91f4b"
},
{
"url": "https://git.kernel.org/stable/c/c1f594dddd9ffd747c39f49cc5b67a9b7677d2ab",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c1f594dddd9ffd747c39f49cc5b67a9b7677d2ab"
},
{
"url": "https://git.kernel.org/stable/c/d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd"
},
{
"url": "https://git.kernel.org/stable/c/a3a7b2ac64de232edb67279e804932cb42f0b52a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a3a7b2ac64de232edb67279e804932cb42f0b52a"
},
{
"url": "https://git.kernel.org/stable/c/8f7e4cf0694149a5d999d676ebd9ecf1b4cb2cc9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8f7e4cf0694149a5d999d676ebd9ecf1b4cb2cc9"
},
{
"url": "https://git.kernel.org/stable/c/0d0e2d032811280b927650ff3c15fe5020e82533",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0d0e2d032811280b927650ff3c15fe5020e82533"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

158
2022/49xxx/CVE-2022-49910.json
View File

@ -1,168 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49910",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu\n\nFix the race condition between the following two flows that run in\nparallel:\n\n1. l2cap_reassemble_sdu -> chan->ops->recv (l2cap_sock_recv_cb) ->\n __sock_queue_rcv_skb.\n\n2. bt_sock_recvmsg -> skb_recv_datagram, skb_free_datagram.\n\nAn SKB can be queued by the first flow and immediately dequeued and\nfreed by the second flow, therefore the callers of l2cap_reassemble_sdu\ncan't use the SKB after that function returns. However, some places\ncontinue accessing struct l2cap_ctrl that resides in the SKB's CB for a\nshort time after l2cap_reassemble_sdu returns, leading to a\nuse-after-free condition (the stack trace is below, line numbers for\nkernel 5.19.8).\n\nFix it by keeping a local copy of struct l2cap_ctrl.\n\nBUG: KASAN: use-after-free in l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth\nRead of size 1 at addr ffff88812025f2f0 by task kworker/u17:3/43169\n\nWorkqueue: hci0 hci_rx_work [bluetooth]\nCall Trace:\n <TASK>\n dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4))\n print_report.cold (mm/kasan/report.c:314 mm/kasan/report.c:429)\n ? l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth\n kasan_report (mm/kasan/report.c:162 mm/kasan/report.c:493)\n ? l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth\n l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth\n l2cap_rx (net/bluetooth/l2cap_core.c:7236 net/bluetooth/l2cap_core.c:7271) bluetooth\n ret_from_fork (arch/x86/entry/entry_64.S:306)\n </TASK>\n\nAllocated by task 43169:\n kasan_save_stack (mm/kasan/common.c:39)\n __kasan_slab_alloc (mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469)\n kmem_cache_alloc_node (mm/slab.h:750 mm/slub.c:3243 mm/slub.c:3293)\n __alloc_skb (net/core/skbuff.c:414)\n l2cap_recv_frag (./include/net/bluetooth/bluetooth.h:425 net/bluetooth/l2cap_core.c:8329) bluetooth\n l2cap_recv_acldata (net/bluetooth/l2cap_core.c:8442) bluetooth\n hci_rx_work (net/bluetooth/hci_core.c:3642 net/bluetooth/hci_core.c:3832) bluetooth\n process_one_work (kernel/workqueue.c:2289)\n worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2437)\n kthread (kernel/kthread.c:376)\n ret_from_fork (arch/x86/entry/entry_64.S:306)\n\nFreed by task 27920:\n kasan_save_stack (mm/kasan/common.c:39)\n kasan_set_track (mm/kasan/common.c:45)\n kasan_set_free_info (mm/kasan/generic.c:372)\n ____kasan_slab_free (mm/kasan/common.c:368 mm/kasan/common.c:328)\n slab_free_freelist_hook (mm/slub.c:1780)\n kmem_cache_free (mm/slub.c:3536 mm/slub.c:3553)\n skb_free_datagram (./include/net/sock.h:1578 ./include/net/sock.h:1639 net/core/datagram.c:323)\n bt_sock_recvmsg (net/bluetooth/af_bluetooth.c:295) bluetooth\n l2cap_sock_recvmsg (net/bluetooth/l2cap_sock.c:1212) bluetooth\n sock_read_iter (net/socket.c:1087)\n new_sync_read (./include/linux/fs.h:2052 fs/read_write.c:401)\n vfs_read (fs/read_write.c:482)\n ksys_read (fs/read_write.c:620)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4b51dae96731c9d82f5634e75ac7ffd3b9c1b060",
"version_value": "dc30e05bb18852303084430c03ca76e69257d9ea"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.6",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.9.333",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.299",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.265",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/dc30e05bb18852303084430c03ca76e69257d9ea",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dc30e05bb18852303084430c03ca76e69257d9ea"
},
{
"url": "https://git.kernel.org/stable/c/03af22e23b96fb7ef75fb7885407ef457e8b403d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/03af22e23b96fb7ef75fb7885407ef457e8b403d"
},
{
"url": "https://git.kernel.org/stable/c/6c7407bfbeafc80a04e6eaedcf34d378532a04f2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6c7407bfbeafc80a04e6eaedcf34d378532a04f2"
},
{
"url": "https://git.kernel.org/stable/c/4cd094fd5d872862ca278e15b9b51b07e915ef3f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4cd094fd5d872862ca278e15b9b51b07e915ef3f"
},
{
"url": "https://git.kernel.org/stable/c/cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569"
},
{
"url": "https://git.kernel.org/stable/c/8278a87bb1eeea94350d675ef961ee5a03341fde",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8278a87bb1eeea94350d675ef961ee5a03341fde"
},
{
"url": "https://git.kernel.org/stable/c/9a04161244603f502c6e453913e51edd59cb70c1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9a04161244603f502c6e453913e51edd59cb70c1"
},
{
"url": "https://git.kernel.org/stable/c/3aff8aaca4e36dc8b17eaa011684881a80238966",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3aff8aaca4e36dc8b17eaa011684881a80238966"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

103
2022/49xxx/CVE-2022-49911.json
View File

@ -1,113 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49911",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: enforce documented limit to prevent allocating huge memory\n\nDaniel Xu reported that the hash:net,iface type of the ipset subsystem does\nnot limit adding the same network with different interfaces to a set, which\ncan lead to huge memory usage or allocation failure.\n\nThe quick reproducer is\n\n$ ipset create ACL.IN.ALL_PERMIT hash:net,iface hashsize 1048576 timeout 0\n$ for i in $(seq 0 100); do /sbin/ipset add ACL.IN.ALL_PERMIT 0.0.0.0/0,kaf_$i timeout 0 -exist; done\n\nThe backtrace when vmalloc fails:\n\n [Tue Oct 25 00:13:08 2022] ipset: vmalloc error: size 1073741848, exceeds total pages\n <...>\n [Tue Oct 25 00:13:08 2022] Call Trace:\n [Tue Oct 25 00:13:08 2022] <TASK>\n [Tue Oct 25 00:13:08 2022] dump_stack_lvl+0x48/0x60\n [Tue Oct 25 00:13:08 2022] warn_alloc+0x155/0x180\n [Tue Oct 25 00:13:08 2022] __vmalloc_node_range+0x72a/0x760\n [Tue Oct 25 00:13:08 2022] ? hash_netiface4_add+0x7c0/0xb20\n [Tue Oct 25 00:13:08 2022] ? __kmalloc_large_node+0x4a/0x90\n [Tue Oct 25 00:13:08 2022] kvmalloc_node+0xa6/0xd0\n [Tue Oct 25 00:13:08 2022] ? hash_netiface4_resize+0x99/0x710\n <...>\n\nThe fix is to enforce the limit documented in the ipset(8) manpage:\n\n> The internal restriction of the hash:net,iface set type is that the same\n> network prefix cannot be stored with more than 64 different interfaces\n> in a single set."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "ccf0a4b7fc688561428290265e4effde41446668",
"version_value": "42d20d5e24575c9afa2d66d9a51e7386db9514f5"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.11",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.11",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/42d20d5e24575c9afa2d66d9a51e7386db9514f5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/42d20d5e24575c9afa2d66d9a51e7386db9514f5"
},
{
"url": "https://git.kernel.org/stable/c/a37ef32fe5956fe9248df68f6a61997845ba047e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a37ef32fe5956fe9248df68f6a61997845ba047e"
},
{
"url": "https://git.kernel.org/stable/c/510841da1fcc16f702440ab58ef0b4d82a9056b7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/510841da1fcc16f702440ab58ef0b4d82a9056b7"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

158
2022/49xxx/CVE-2022-49912.json
View File

@ -1,168 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49912",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix ulist leaks in error paths of qgroup self tests\n\nIn the test_no_shared_qgroup() and test_multiple_refs() qgroup self tests,\nif we fail to add the tree ref, remove the extent item or remove the\nextent ref, we are returning from the test function without freeing the\n\"old_roots\" ulist that was allocated by the previous calls to\nbtrfs_find_all_roots(). Fix that by calling ulist_free() before returning."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "442244c9633292a147ab2b29e7007a7c8a3909b2",
"version_value": "d81370396025cf63a7a1b5f8bb25a3479203b2ca"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.2",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.2",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.9.333",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.299",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.265",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d81370396025cf63a7a1b5f8bb25a3479203b2ca",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d81370396025cf63a7a1b5f8bb25a3479203b2ca"
},
{
"url": "https://git.kernel.org/stable/c/3f58283d83a588ff5da62fc150de19e798ed2ec2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3f58283d83a588ff5da62fc150de19e798ed2ec2"
},
{
"url": "https://git.kernel.org/stable/c/203204798831c35d855ecc6417d98267d2d2184b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/203204798831c35d855ecc6417d98267d2d2184b"
},
{
"url": "https://git.kernel.org/stable/c/5d1a47ebf84540e40b5b43fc21aef0d6c0f627d9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5d1a47ebf84540e40b5b43fc21aef0d6c0f627d9"
},
{
"url": "https://git.kernel.org/stable/c/0a0dead4ad1a2e2a9bdf133ef45111d7c8daef84",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0a0dead4ad1a2e2a9bdf133ef45111d7c8daef84"
},
{
"url": "https://git.kernel.org/stable/c/f46ea5fa3320dca4fe0c0926b49a5f14cb85de62",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f46ea5fa3320dca4fe0c0926b49a5f14cb85de62"
},
{
"url": "https://git.kernel.org/stable/c/da7003434bcab0ae9aba3f2c003e734cae093326",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/da7003434bcab0ae9aba3f2c003e734cae093326"
},
{
"url": "https://git.kernel.org/stable/c/d37de92b38932d40e4a251e876cc388f9aee5f42",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d37de92b38932d40e4a251e876cc388f9aee5f42"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2022/49xxx/CVE-2022-49913.json
View File

@ -1,135 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49913",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix inode list leak during backref walking at find_parent_nodes()\n\nDuring backref walking, at find_parent_nodes(), if we are dealing with a\ndata extent and we get an error while resolving the indirect backrefs, at\nresolve_indirect_refs(), or in the while loop that iterates over the refs\nin the direct refs rbtree, we end up leaking the inode lists attached to\nthe direct refs we have in the direct refs rbtree that were not yet added\nto the refs ulist passed as argument to find_parent_nodes(). Since they\nwere not yet added to the refs ulist and prelim_release() does not free\nthe lists, on error the caller can only free the lists attached to the\nrefs that were added to the refs ulist, all the remaining refs get their\ninode lists never freed, therefore leaking their memory.\n\nFix this by having prelim_release() always free any attached inode list\nto each ref found in the rbtree, and have find_parent_nodes() set the\nref's inode list to NULL once it transfers ownership of the inode list\nto a ref added to the refs ulist passed to find_parent_nodes()."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "86d5f994425252d8a40e2184c94a2682ae8ecfbf",
"version_value": "6a6731a0df8c47ecc703bd7bb73459df767051e0"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/6a6731a0df8c47ecc703bd7bb73459df767051e0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6a6731a0df8c47ecc703bd7bb73459df767051e0"
},
{
"url": "https://git.kernel.org/stable/c/61e06128113711df0534c404fb6bb528eb7d2332",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/61e06128113711df0534c404fb6bb528eb7d2332"
},
{
"url": "https://git.kernel.org/stable/c/222a3d533027b9492d5b7f5ecdc01a90f57bb5a9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/222a3d533027b9492d5b7f5ecdc01a90f57bb5a9"
},
{
"url": "https://git.kernel.org/stable/c/83ea8c5b54d452a5769e605e3c5c687e8ca06d89",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/83ea8c5b54d452a5769e605e3c5c687e8ca06d89"
},
{
"url": "https://git.kernel.org/stable/c/92876eec382a0f19f33d09d2c939e9ca49038ae5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/92876eec382a0f19f33d09d2c939e9ca49038ae5"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

147
2022/49xxx/CVE-2022-49914.json
View File

@ -1,157 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49914",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix inode list leak during backref walking at resolve_indirect_refs()\n\nDuring backref walking, at resolve_indirect_refs(), if we get an error\nwe jump to the 'out' label and call ulist_free() on the 'parents' ulist,\nwhich frees all the elements in the ulist - however that does not free\nany inode lists that may be attached to elements, through the 'aux' field\nof a ulist node, so we end up leaking lists if we have any attached to\nthe unodes.\n\nFix this by calling free_leaf_list() instead of ulist_free() when we exit\nfrom resolve_indirect_refs(). The static function free_leaf_list() is\nmoved up for this to be possible and it's slightly simplified by removing\nunnecessary code."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3301958b7c1dae8f0f5ded63aa881e0b71e78464",
"version_value": "b1dc9019bb5f89abae85645de1a2dd4830c1f8e9"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.5",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.5",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.299",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.265",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b1dc9019bb5f89abae85645de1a2dd4830c1f8e9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b1dc9019bb5f89abae85645de1a2dd4830c1f8e9"
},
{
"url": "https://git.kernel.org/stable/c/cded2c89774b99b67c98147ae103ea878c92a206",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cded2c89774b99b67c98147ae103ea878c92a206"
},
{
"url": "https://git.kernel.org/stable/c/2c0329406bb28109c07c6e23e5e3e0fa618a95d7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2c0329406bb28109c07c6e23e5e3e0fa618a95d7"
},
{
"url": "https://git.kernel.org/stable/c/a52e24c7fcc3c5ce3588a14e3663c00868d36623",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a52e24c7fcc3c5ce3588a14e3663c00868d36623"
},
{
"url": "https://git.kernel.org/stable/c/6ba3479f9e96b9ad460c7e77abc26dd16e5dec4f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6ba3479f9e96b9ad460c7e77abc26dd16e5dec4f"
},
{
"url": "https://git.kernel.org/stable/c/396515db923ad5cbeb179d6b88927870b4cbebb7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/396515db923ad5cbeb179d6b88927870b4cbebb7"
},
{
"url": "https://git.kernel.org/stable/c/5614dc3a47e3310fbc77ea3b67eaadd1c6417bf1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5614dc3a47e3310fbc77ea3b67eaadd1c6417bf1"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

158
2022/49xxx/CVE-2022-49915.json
View File

@ -1,168 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49915",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: fix possible memory leak in mISDN_register_device()\n\nAfer commit 1fa5ae857bb1 (\"driver core: get rid of struct device's\nbus_id string array\"), the name of device is allocated dynamically,\nadd put_device() to give up the reference, so that the name can be\nfreed in kobject_cleanup() when the refcount is 0.\n\nSet device class before put_device() to avoid null release() function\nWARN message in device_release()."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1fa5ae857bb14f6046205171d98506d8112dd74e",
"version_value": "d1d1aede313eb2b9a84afd60ff6cfb7c33631e0e"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.30",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.30",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.9.333",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.299",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.265",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d1d1aede313eb2b9a84afd60ff6cfb7c33631e0e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d1d1aede313eb2b9a84afd60ff6cfb7c33631e0e"
},
{
"url": "https://git.kernel.org/stable/c/080aabfb29b2ee9cbb8894a1d039651943d3773e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/080aabfb29b2ee9cbb8894a1d039651943d3773e"
},
{
"url": "https://git.kernel.org/stable/c/a636fc5a7cabd05699b5692ad838c2c7a3abec7b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a636fc5a7cabd05699b5692ad838c2c7a3abec7b"
},
{
"url": "https://git.kernel.org/stable/c/2ff6b669523d3b3d253a044fa9636a67d0694995",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2ff6b669523d3b3d253a044fa9636a67d0694995"
},
{
"url": "https://git.kernel.org/stable/c/e77d213843e67b4373285712699b692f9c743f61",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e77d213843e67b4373285712699b692f9c743f61"
},
{
"url": "https://git.kernel.org/stable/c/029d5b7688a2f3a86f2a3be5a6ba9cc968c80e41",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/029d5b7688a2f3a86f2a3be5a6ba9cc968c80e41"
},
{
"url": "https://git.kernel.org/stable/c/0d4e91efcaee081e919b3c50e875ecbb84290e41",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0d4e91efcaee081e919b3c50e875ecbb84290e41"
},
{
"url": "https://git.kernel.org/stable/c/e7d1d4d9ac0dfa40be4c2c8abd0731659869b297",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e7d1d4d9ac0dfa40be4c2c8abd0731659869b297"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

188
2022/49xxx/CVE-2022-49916.json
View File

@ -1,198 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49916",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrose: Fix NULL pointer dereference in rose_send_frame()\n\nThe syzkaller reported an issue:\n\nKASAN: null-ptr-deref in range [0x0000000000000380-0x0000000000000387]\nCPU: 0 PID: 4069 Comm: kworker/0:15 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022\nWorkqueue: rcu_gp srcu_invoke_callbacks\nRIP: 0010:rose_send_frame+0x1dd/0x2f0 net/rose/rose_link.c:101\nCall Trace:\n <IRQ>\n rose_transmit_clear_request+0x1d5/0x290 net/rose/rose_link.c:255\n rose_rx_call_request+0x4c0/0x1bc0 net/rose/af_rose.c:1009\n rose_loopback_timer+0x19e/0x590 net/rose/rose_loopback.c:111\n call_timer_fn+0x1a0/0x6b0 kernel/time/timer.c:1474\n expire_timers kernel/time/timer.c:1519 [inline]\n __run_timers.part.0+0x674/0xa80 kernel/time/timer.c:1790\n __run_timers kernel/time/timer.c:1768 [inline]\n run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1803\n __do_softirq+0x1d0/0x9c8 kernel/softirq.c:571\n [...]\n </IRQ>\n\nIt triggers NULL pointer dereference when 'neigh->dev->dev_addr' is\ncalled in the rose_send_frame(). It's the first occurrence of the\n`neigh` is in rose_loopback_timer() as `rose_loopback_neigh', and\nthe 'dev' in 'rose_loopback_neigh' is initialized sa nullptr.\n\nIt had been fixed by commit 3b3fd068c56e3fbea30090859216a368398e39bf\n(\"rose: Fix Null pointer dereference in rose_send_frame()\") ever.\nBut it's introduced by commit 3c53cd65dece47dd1f9d3a809f32e59d1d87b2b8\n(\"rose: check NULL rose_loopback_neigh->loopback\") again.\n\nWe fix it by add NULL check in rose_transmit_clear_request(). When\nthe 'dev' in 'neigh' is NULL, we don't reply the request and just\nclear it.\n\nsyzkaller don't provide repro, and I provide a syz repro like:\nr0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)\nioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000180)={'rose0\\x00', 0x201})\nr1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)\nbind$rose(r1, &(0x7f00000000c0)=@full={0xb, @dev, @null, 0x0, [@null, @null, @netrom, @netrom, @default, @null]}, 0x40)\nconnect$rose(r1, &(0x7f0000000240)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, 0x1c)"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "76885373129b13df35ecc9b4ee86ea5840f12133",
"version_value": "01b9c68c121847d05a4ccef68244dadf82bfa331"
},
{
"version_affected": "<",
"version_name": "b8f9de195d6303f52bae16c7911f35ac14ba7e3d",
"version_value": "bbc03d74e641e824754443b908454ca9e203773e"
},
{
"version_affected": "<",
"version_name": "0aae33feb7a56b28318f92c960a3d08d9c305984",
"version_value": "5b46adfbee1e429f33b10a88d6c00fa88f3d6c77"
},
{
"version_affected": "<",
"version_name": "6e4b20d548fc97ecbdca15c8d96302ee5e3e6313",
"version_value": "b13be5e852b03f376058027e462fad4230240891"
},
{
"version_affected": "<",
"version_name": "de3deadd11987070788b48825bec4647458b988d",
"version_value": "f06186e5271b980bac03f5c97276ed0146ddc9b0"
},
{
"version_affected": "<",
"version_name": "9cf85759e104d7e9c3fd8920a554195b715d6797",
"version_value": "3e2129c67daca21043a26575108f6286c85e71f6"
},
{
"version_affected": "<",
"version_name": "3c53cd65dece47dd1f9d3a809f32e59d1d87b2b8",
"version_value": "a601e5eded33bb88b8a42743db8fef3ad41dd97e"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.0",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.0",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.9.333",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.299",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.265",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/01b9c68c121847d05a4ccef68244dadf82bfa331",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/01b9c68c121847d05a4ccef68244dadf82bfa331"
},
{
"url": "https://git.kernel.org/stable/c/bbc03d74e641e824754443b908454ca9e203773e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bbc03d74e641e824754443b908454ca9e203773e"
},
{
"url": "https://git.kernel.org/stable/c/5b46adfbee1e429f33b10a88d6c00fa88f3d6c77",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5b46adfbee1e429f33b10a88d6c00fa88f3d6c77"
},
{
"url": "https://git.kernel.org/stable/c/b13be5e852b03f376058027e462fad4230240891",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b13be5e852b03f376058027e462fad4230240891"
},
{
"url": "https://git.kernel.org/stable/c/f06186e5271b980bac03f5c97276ed0146ddc9b0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f06186e5271b980bac03f5c97276ed0146ddc9b0"
},
{
"url": "https://git.kernel.org/stable/c/3e2129c67daca21043a26575108f6286c85e71f6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3e2129c67daca21043a26575108f6286c85e71f6"
},
{
"url": "https://git.kernel.org/stable/c/a601e5eded33bb88b8a42743db8fef3ad41dd97e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a601e5eded33bb88b8a42743db8fef3ad41dd97e"
},
{
"url": "https://git.kernel.org/stable/c/e97c089d7a49f67027395ddf70bf327eeac2611e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e97c089d7a49f67027395ddf70bf327eeac2611e"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

136
2022/49xxx/CVE-2022-49917.json
View File

@ -1,146 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49917",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix WARNING in ip_vs_app_net_cleanup()\n\nDuring the initialization of ip_vs_app_net_init(), if file ip_vs_app\nfails to be created, the initialization is successful by default.\nTherefore, the ip_vs_app file doesn't be found during the remove in\nip_vs_app_net_cleanup(). It will cause WRNING.\n\nThe following is the stack information:\nname 'ip_vs_app'\nWARNING: CPU: 1 PID: 9 at fs/proc/generic.c:712 remove_proc_entry+0x389/0x460\nModules linked in:\nWorkqueue: netns cleanup_net\nRIP: 0010:remove_proc_entry+0x389/0x460\nCall Trace:\n<TASK>\nops_exit_list+0x125/0x170\ncleanup_net+0x4ea/0xb00\nprocess_one_work+0x9bf/0x1710\nworker_thread+0x665/0x1080\nkthread+0x2e4/0x3a0\nret_from_fork+0x1f/0x30\n</TASK>"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "457c4cbc5a3dde259d2a1f15d5f9785290397267",
"version_value": "adc76740ccd52e4a1d910767cd1223e134a7078b"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.24",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.24",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.265",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/adc76740ccd52e4a1d910767cd1223e134a7078b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/adc76740ccd52e4a1d910767cd1223e134a7078b"
},
{
"url": "https://git.kernel.org/stable/c/8457a00c981fe1a799ce34123908856b0f5973b8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8457a00c981fe1a799ce34123908856b0f5973b8"
},
{
"url": "https://git.kernel.org/stable/c/2c8d81bdb2684d53d6cedad7410ba4cf9090e343",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2c8d81bdb2684d53d6cedad7410ba4cf9090e343"
},
{
"url": "https://git.kernel.org/stable/c/06d7596d18725f1a93cf817662d36050e5afb989",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/06d7596d18725f1a93cf817662d36050e5afb989"
},
{
"url": "https://git.kernel.org/stable/c/97f872b00937f2689bff2dab4ad9ed259482840f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/97f872b00937f2689bff2dab4ad9ed259482840f"
},
{
"url": "https://git.kernel.org/stable/c/5663ed63adb9619c98ab7479aa4606fa9b7a548c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5663ed63adb9619c98ab7479aa4606fa9b7a548c"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

136
2022/49xxx/CVE-2022-49918.json
View File

@ -1,146 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49918",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix WARNING in __ip_vs_cleanup_batch()\n\nDuring the initialization of ip_vs_conn_net_init(), if file ip_vs_conn\nor ip_vs_conn_sync fails to be created, the initialization is successful\nby default. Therefore, the ip_vs_conn or ip_vs_conn_sync file doesn't\nbe found during the remove.\n\nThe following is the stack information:\nname 'ip_vs_conn_sync'\nWARNING: CPU: 3 PID: 9 at fs/proc/generic.c:712\nremove_proc_entry+0x389/0x460\nModules linked in:\nWorkqueue: netns cleanup_net\nRIP: 0010:remove_proc_entry+0x389/0x460\nCall Trace:\n<TASK>\n__ip_vs_cleanup_batch+0x7d/0x120\nops_exit_list+0x125/0x170\ncleanup_net+0x4ea/0xb00\nprocess_one_work+0x9bf/0x1710\nworker_thread+0x665/0x1080\nkthread+0x2e4/0x3a0\nret_from_fork+0x1f/0x30\n</TASK>"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "61b1ab4583e275af216c8454b9256de680499b19",
"version_value": "f08ee2aa24c076f81d84e26e213d8c6f4efd9f50"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.39",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.39",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.265",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f08ee2aa24c076f81d84e26e213d8c6f4efd9f50",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f08ee2aa24c076f81d84e26e213d8c6f4efd9f50"
},
{
"url": "https://git.kernel.org/stable/c/7effc4ce3d1434ce6ff286866585a6e905fdbfc1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7effc4ce3d1434ce6ff286866585a6e905fdbfc1"
},
{
"url": "https://git.kernel.org/stable/c/931f56d59c854263b32075bfac56fdb3b1598d1b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/931f56d59c854263b32075bfac56fdb3b1598d1b"
},
{
"url": "https://git.kernel.org/stable/c/5ee2d6b726b0ce339e36569e5849692f4cf4595e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5ee2d6b726b0ce339e36569e5849692f4cf4595e"
},
{
"url": "https://git.kernel.org/stable/c/e724220b826e008764309d2a1f55a9434a4e1530",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e724220b826e008764309d2a1f55a9434a4e1530"
},
{
"url": "https://git.kernel.org/stable/c/3d00c6a0da8ddcf75213e004765e4a42acc71d5d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3d00c6a0da8ddcf75213e004765e4a42acc71d5d"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

140
2022/49xxx/CVE-2022-49919.json
View File

@ -1,150 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49919",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: release flow rule object from commit path\n\nNo need to postpone this to the commit release path, since no packets\nare walking over this object, this is accessed from control plane only.\nThis helped uncovered UAF triggered by races with the netlink notifier."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5b8d63489c3b701eb2a76f848ec94d8cbc9373b9",
"version_value": "74fd5839467054cd9c4d050614d3ee8788386171"
},
{
"version_affected": "<",
"version_name": "330c0c6cd2150a2d7f47af16aa590078b0d2f736",
"version_value": "b2d7a92aff0fbd93c29d2aa6451fb99f050e2c4e"
},
{
"version_affected": "<",
"version_name": "e33d9bd563e71f6c6528b96008d65524a459c4dc",
"version_value": "6044791b7be707fd0e709f26e961a446424e5051"
},
{
"version_affected": "<",
"version_name": "9dd732e0bdf538b1b76dc7c157e2b5e560ff30d3",
"version_value": "4ab6f96444e936f5e4a936d5c0bc948144bcded3"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.19",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.19",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/74fd5839467054cd9c4d050614d3ee8788386171",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/74fd5839467054cd9c4d050614d3ee8788386171"
},
{
"url": "https://git.kernel.org/stable/c/b2d7a92aff0fbd93c29d2aa6451fb99f050e2c4e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b2d7a92aff0fbd93c29d2aa6451fb99f050e2c4e"
},
{
"url": "https://git.kernel.org/stable/c/6044791b7be707fd0e709f26e961a446424e5051",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6044791b7be707fd0e709f26e961a446424e5051"
},
{
"url": "https://git.kernel.org/stable/c/4ab6f96444e936f5e4a936d5c0bc948144bcded3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4ab6f96444e936f5e4a936d5c0bc948144bcded3"
},
{
"url": "https://git.kernel.org/stable/c/26b5934ff4194e13196bedcba373cd4915071d0e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/26b5934ff4194e13196bedcba373cd4915071d0e"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

103
2022/49xxx/CVE-2022-49920.json
View File

@ -1,113 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49920",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: netlink notifier might race to release objects\n\ncommit release path is invoked via call_rcu and it runs lockless to\nrelease the objects after rcu grace period. The netlink notifier handler\nmight win race to remove objects that the transaction context is still\nreferencing from the commit release path.\n\nCall rcu_barrier() to ensure pending rcu callbacks run to completion\nif the list of transactions to be destroyed is not empty."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6001a930ce0378b62210d4f83583fc88a903d89d",
"version_value": "1ffe7100411a8b9015115ce124cd6c9c9da6f8e3"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.12",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/1ffe7100411a8b9015115ce124cd6c9c9da6f8e3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1ffe7100411a8b9015115ce124cd6c9c9da6f8e3"
},
{
"url": "https://git.kernel.org/stable/c/e40b7c44d19e327ad8b49a491ef1fa8dcc4566e0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e40b7c44d19e327ad8b49a491ef1fa8dcc4566e0"
},
{
"url": "https://git.kernel.org/stable/c/d4bc8271db21ea9f1c86a1ca4d64999f184d4aae",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d4bc8271db21ea9f1c86a1ca4d64999f184d4aae"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

158
2022/49xxx/CVE-2022-49921.json
View File

@ -1,168 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49921",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: Fix use after free in red_enqueue()\n\nWe can't use \"skb\" again after passing it to qdisc_enqueue(). This is\nbasically identical to commit 2f09707d0c97 (\"sch_sfb: Also store skb\nlen before calling child enqueue\")."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "d7f4f332f082c4d4ba53582f902ed6b44fd6f45e",
"version_value": "795afe0b9bb6c915f0299a8e309936519be01619"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.7",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.9.333",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.299",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.265",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/795afe0b9bb6c915f0299a8e309936519be01619",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/795afe0b9bb6c915f0299a8e309936519be01619"
},
{
"url": "https://git.kernel.org/stable/c/a238cdcf2bdc72207c74375fc8be13ee549ca9db",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a238cdcf2bdc72207c74375fc8be13ee549ca9db"
},
{
"url": "https://git.kernel.org/stable/c/e877f8fa49fbccc63cb2df2e9179bddc695b825a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e877f8fa49fbccc63cb2df2e9179bddc695b825a"
},
{
"url": "https://git.kernel.org/stable/c/52e0429471976785c155bfbf51d80990c6cd46e2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/52e0429471976785c155bfbf51d80990c6cd46e2"
},
{
"url": "https://git.kernel.org/stable/c/5960b9081baca85cc7dcb14aec1de85999ea9d36",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5960b9081baca85cc7dcb14aec1de85999ea9d36"
},
{
"url": "https://git.kernel.org/stable/c/fc4b50adb400ee5ec527a04073174e8e73a139fa",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fc4b50adb400ee5ec527a04073174e8e73a139fa"
},
{
"url": "https://git.kernel.org/stable/c/170e5317042c302777ed6d59fdb84af9b0219d4e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/170e5317042c302777ed6d59fdb84af9b0219d4e"
},
{
"url": "https://git.kernel.org/stable/c/8bdc2acd420c6f3dd1f1c78750ec989f02a1e2b9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8bdc2acd420c6f3dd1f1c78750ec989f02a1e2b9"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

158
2022/49xxx/CVE-2022-49922.json
View File

@ -1,168 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49922",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()\n\nnfcmrvl_i2c_nci_send() will be called by nfcmrvl_nci_send(), and skb\nshould be freed in nfcmrvl_i2c_nci_send(). However, nfcmrvl_nci_send()\nwill only free skb when i2c_master_send() return >=0, which means skb\nwill memleak when i2c_master_send() failed. Free skb no matter whether\ni2c_master_send() succeeds."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "b5b3e23e4cace008e1a30e8614a484d14dfd07a1",
"version_value": "dd0ee55ead91fbb16889dbe7ff0b0f7c9e4e849d"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.4",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.4",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.9.333",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.299",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.265",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/dd0ee55ead91fbb16889dbe7ff0b0f7c9e4e849d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dd0ee55ead91fbb16889dbe7ff0b0f7c9e4e849d"
},
{
"url": "https://git.kernel.org/stable/c/825656ae61e73ddc05f585e6258d284c87064b10",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/825656ae61e73ddc05f585e6258d284c87064b10"
},
{
"url": "https://git.kernel.org/stable/c/c8e7d4a1166f063703955f1b2e765a6db5bf1771",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c8e7d4a1166f063703955f1b2e765a6db5bf1771"
},
{
"url": "https://git.kernel.org/stable/c/f30060efcf18883748a0541aa41acef183cd9c0e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f30060efcf18883748a0541aa41acef183cd9c0e"
},
{
"url": "https://git.kernel.org/stable/c/52438e734c1566f5e2bcd9a065d2d65e306c0555",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/52438e734c1566f5e2bcd9a065d2d65e306c0555"
},
{
"url": "https://git.kernel.org/stable/c/5dfdac5e3f8db5f4445228c44f64091045644a3b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5dfdac5e3f8db5f4445228c44f64091045644a3b"
},
{
"url": "https://git.kernel.org/stable/c/92a1df9c6da20c02cf9872f8b025a66ddb307aeb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/92a1df9c6da20c02cf9872f8b025a66ddb307aeb"
},
{
"url": "https://git.kernel.org/stable/c/93d904a734a74c54d945a9884b4962977f1176cd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/93d904a734a74c54d945a9884b4962977f1176cd"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

114
2022/49xxx/CVE-2022-49923.json
View File

@ -1,124 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49923",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nxp-nci: Fix potential memory leak in nxp_nci_send()\n\nnxp_nci_send() will call nxp_nci_i2c_write(), and only free skb when\nnxp_nci_i2c_write() failed. However, even if the nxp_nci_i2c_write()\nrun succeeds, the skb will not be freed in nxp_nci_i2c_write(). As the\nresult, the skb will memleak. nxp_nci_send() should also free the skb\nwhen nxp_nci_i2c_write() succeeds."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "dece45855a8b0d1dcf48eb01d0822070ded6a4c8",
"version_value": "9ae2c9a91ff068f4c3e392f47e8e26a1c9f85ebb"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.1",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/9ae2c9a91ff068f4c3e392f47e8e26a1c9f85ebb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9ae2c9a91ff068f4c3e392f47e8e26a1c9f85ebb"
},
{
"url": "https://git.kernel.org/stable/c/3cba1f061bfe23fece2841129ca2862cdec29d5c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3cba1f061bfe23fece2841129ca2862cdec29d5c"
},
{
"url": "https://git.kernel.org/stable/c/3ecf0f4227029b2c42e036b10ff6e5d09e20821e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3ecf0f4227029b2c42e036b10ff6e5d09e20821e"
},
{
"url": "https://git.kernel.org/stable/c/7bf1ed6aff0f70434bd0cdd45495e83f1dffb551",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7bf1ed6aff0f70434bd0cdd45495e83f1dffb551"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

114
2022/49xxx/CVE-2022-49924.json
View File

@ -1,124 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49924",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: fdp: Fix potential memory leak in fdp_nci_send()\n\nfdp_nci_send() will call fdp_nci_i2c_write that will not free skb in\nthe function. As a result, when fdp_nci_i2c_write() finished, the skb\nwill memleak. fdp_nci_send() should free skb after fdp_nci_i2c_write()\nfinished."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "a06347c04c13e380afce0c9816df51f00b83faf1",
"version_value": "e8c11ee2d07f7c4dfa2ac0ea8efc4f627e58ea57"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.4",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.4",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e8c11ee2d07f7c4dfa2ac0ea8efc4f627e58ea57",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e8c11ee2d07f7c4dfa2ac0ea8efc4f627e58ea57"
},
{
"url": "https://git.kernel.org/stable/c/44bc1868a4f542502ea2221fe5ad88ca66d1c6b6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/44bc1868a4f542502ea2221fe5ad88ca66d1c6b6"
},
{
"url": "https://git.kernel.org/stable/c/1a7a898f8f7b56c0eaa2baf67a0c96235a30bc29",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1a7a898f8f7b56c0eaa2baf67a0c96235a30bc29"
},
{
"url": "https://git.kernel.org/stable/c/8e4aae6b8ca76afb1fb64dcb24be44ba814e7f8a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8e4aae6b8ca76afb1fb64dcb24be44ba814e7f8a"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

125
2022/49xxx/CVE-2022-49925.json
View File

@ -1,135 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49925",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Fix null-ptr-deref in ib_core_cleanup()\n\nKASAN reported a null-ptr-deref error:\n\n KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\n CPU: 1 PID: 379\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n RIP: 0010:destroy_workqueue+0x2f/0x740\n RSP: 0018:ffff888016137df8 EFLAGS: 00000202\n ...\n Call Trace:\n ib_core_cleanup+0xa/0xa1 [ib_core]\n __do_sys_delete_module.constprop.0+0x34f/0x5b0\n do_syscall_64+0x3a/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x7fa1a0d221b7\n ...\n\nIt is because the fail of roce_gid_mgmt_init() is ignored:\n\n ib_core_init()\n roce_gid_mgmt_init()\n gid_cache_wq = alloc_ordered_workqueue # fail\n ...\n ib_core_cleanup()\n roce_gid_mgmt_cleanup()\n destroy_workqueue(gid_cache_wq)\n # destroy an unallocated wq\n\nFix this by catching the fail of roce_gid_mgmt_init() in ib_core_init()."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "03db3a2d81e6e84f3ed3cb9e087cae17d762642b",
"version_value": "af8fb5a0600e9ae29950e9422a032c3c22649ee5"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.3",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.3",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/af8fb5a0600e9ae29950e9422a032c3c22649ee5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/af8fb5a0600e9ae29950e9422a032c3c22649ee5"
},
{
"url": "https://git.kernel.org/stable/c/d360e875c011a005628525bf290322058927e7dc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d360e875c011a005628525bf290322058927e7dc"
},
{
"url": "https://git.kernel.org/stable/c/6b3d5dcb12347f3518308c2c9d2cf72453a3e1e5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6b3d5dcb12347f3518308c2c9d2cf72453a3e1e5"
},
{
"url": "https://git.kernel.org/stable/c/ab817f75e5e0fa58d9be0825da6a7b7d8a1fa1d9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ab817f75e5e0fa58d9be0825da6a7b7d8a1fa1d9"
},
{
"url": "https://git.kernel.org/stable/c/07c0d131cc0fe1f3981a42958fc52d573d303d89",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/07c0d131cc0fe1f3981a42958fc52d573d303d89"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

147
2022/49xxx/CVE-2022-49926.json
View File

@ -1,157 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49926",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: Fix possible memory leaks in dsa_loop_init()\n\nkmemleak reported memory leaks in dsa_loop_init():\n\nkmemleak: 12 new suspected memory leaks\n\nunreferenced object 0xffff8880138ce000 (size 2048):\n comm \"modprobe\", pid 390, jiffies 4295040478 (age 238.976s)\n backtrace:\n [<000000006a94f1d5>] kmalloc_trace+0x26/0x60\n [<00000000a9c44622>] phy_device_create+0x5d/0x970\n [<00000000d0ee2afc>] get_phy_device+0xf3/0x2b0\n [<00000000dca0c71f>] __fixed_phy_register.part.0+0x92/0x4e0\n [<000000008a834798>] fixed_phy_register+0x84/0xb0\n [<0000000055223fcb>] dsa_loop_init+0xa9/0x116 [dsa_loop]\n ...\n\nThere are two reasons for memleak in dsa_loop_init().\n\nFirst, fixed_phy_register() create and register phy_device:\n\nfixed_phy_register()\n get_phy_device()\n phy_device_create() # freed by phy_device_free()\n phy_device_register() # freed by phy_device_remove()\n\nBut fixed_phy_unregister() only calls phy_device_remove().\nSo the memory allocated in phy_device_create() is leaked.\n\nSecond, when mdio_driver_register() fail in dsa_loop_init(),\nit just returns and there is no cleanup for phydevs.\n\nFix the problems by catching the error of mdio_driver_register()\nin dsa_loop_init(), then calling both fixed_phy_unregister() and\nphy_device_free() to release phydevs.\nAlso add a function for phydevs cleanup to avoid duplacate."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "98cd1552ea27e512c7e99e2aa76042a26e4fb25c",
"version_value": "935b4beb724946a37cebf97191592d4879d3a3a3"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.12",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.299",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.265",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/935b4beb724946a37cebf97191592d4879d3a3a3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/935b4beb724946a37cebf97191592d4879d3a3a3"
},
{
"url": "https://git.kernel.org/stable/c/d593e1ede655b74c42e4e4fe285ea64aee96fb5c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d593e1ede655b74c42e4e4fe285ea64aee96fb5c"
},
{
"url": "https://git.kernel.org/stable/c/bbc5d7b46a729bfcbb5544f6612b7a67dd4f4d6f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bbc5d7b46a729bfcbb5544f6612b7a67dd4f4d6f"
},
{
"url": "https://git.kernel.org/stable/c/37a098fc9b42bd7fce66764866aa514639667b6e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/37a098fc9b42bd7fce66764866aa514639667b6e"
},
{
"url": "https://git.kernel.org/stable/c/9f555b1584fc2d5d16ee3c4d9438e93ac7c502c7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9f555b1584fc2d5d16ee3c4d9438e93ac7c502c7"
},
{
"url": "https://git.kernel.org/stable/c/4d2024b138d9f7b02ae13ee997fd3a71e9e46254",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4d2024b138d9f7b02ae13ee997fd3a71e9e46254"
},
{
"url": "https://git.kernel.org/stable/c/633efc8b3dc96f56f5a57f2a49764853a2fa3f50",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/633efc8b3dc96f56f5a57f2a49764853a2fa3f50"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

158
2022/49xxx/CVE-2022-49927.json
View File

@ -1,168 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49927",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs4: Fix kmemleak when allocate slot failed\n\nIf one of the slot allocate failed, should cleanup all the other\nallocated slots, otherwise, the allocated slots will leak:\n\n unreferenced object 0xffff8881115aa100 (size 64):\n comm \"\"mount.nfs\"\", pid 679, jiffies 4294744957 (age 115.037s)\n hex dump (first 32 bytes):\n 00 cc 19 73 81 88 ff ff 00 a0 5a 11 81 88 ff ff ...s......Z.....\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<000000007a4c434a>] nfs4_find_or_create_slot+0x8e/0x130\n [<000000005472a39c>] nfs4_realloc_slot_table+0x23f/0x270\n [<00000000cd8ca0eb>] nfs40_init_client+0x4a/0x90\n [<00000000128486db>] nfs4_init_client+0xce/0x270\n [<000000008d2cacad>] nfs4_set_client+0x1a2/0x2b0\n [<000000000e593b52>] nfs4_create_server+0x300/0x5f0\n [<00000000e4425dd2>] nfs4_try_get_tree+0x65/0x110\n [<00000000d3a6176f>] vfs_get_tree+0x41/0xf0\n [<0000000016b5ad4c>] path_mount+0x9b3/0xdd0\n [<00000000494cae71>] __x64_sys_mount+0x190/0x1d0\n [<000000005d56bdec>] do_syscall_64+0x35/0x80\n [<00000000687c9ae4>] entry_SYSCALL_64_after_hwframe+0x46/0xb0"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "abf79bb341bf52f75f295b850abdf5f78f584311",
"version_value": "84b5cb476903003ae9ca88f32b57ff0eaefa6d4c"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.12",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.9.333",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.299",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.265",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/84b5cb476903003ae9ca88f32b57ff0eaefa6d4c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/84b5cb476903003ae9ca88f32b57ff0eaefa6d4c"
},
{
"url": "https://git.kernel.org/stable/c/aae35a0c8a775fa4afa6a4e7dab3f936f1f89bbb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/aae35a0c8a775fa4afa6a4e7dab3f936f1f89bbb"
},
{
"url": "https://git.kernel.org/stable/c/86ce0e93cf6fb4d0c447323ac66577c642628b9d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/86ce0e93cf6fb4d0c447323ac66577c642628b9d"
},
{
"url": "https://git.kernel.org/stable/c/925cb538bd5851154602818dc80bf4b4d924c127",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/925cb538bd5851154602818dc80bf4b4d924c127"
},
{
"url": "https://git.kernel.org/stable/c/45aea4fbf61e205649c29200726b9f45c1718a67",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/45aea4fbf61e205649c29200726b9f45c1718a67"
},
{
"url": "https://git.kernel.org/stable/c/24641993a7dce6b1628645f4e1d97ca06c9f765d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/24641993a7dce6b1628645f4e1d97ca06c9f765d"
},
{
"url": "https://git.kernel.org/stable/c/db333ae981fb8843c383aa7dbf62cc682597d401",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/db333ae981fb8843c383aa7dbf62cc682597d401"
},
{
"url": "https://git.kernel.org/stable/c/7e8436728e22181c3f12a5dbabd35ed3a8b8c593",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7e8436728e22181c3f12a5dbabd35ed3a8b8c593"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

103
2022/49xxx/CVE-2022-49928.json
View File

@ -1,113 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49928",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix null-ptr-deref when xps sysfs alloc failed\n\nThere is a null-ptr-deref when xps sysfs alloc failed:\n BUG: KASAN: null-ptr-deref in sysfs_do_create_link_sd+0x40/0xd0\n Read of size 8 at addr 0000000000000030 by task gssproxy/457\n\n CPU: 5 PID: 457 Comm: gssproxy Not tainted 6.0.0-09040-g02357b27ee03 #9\n Call Trace:\n <TASK>\n dump_stack_lvl+0x34/0x44\n kasan_report+0xa3/0x120\n sysfs_do_create_link_sd+0x40/0xd0\n rpc_sysfs_client_setup+0x161/0x1b0\n rpc_new_client+0x3fc/0x6e0\n rpc_create_xprt+0x71/0x220\n rpc_create+0x1d4/0x350\n gssp_rpc_create+0xc3/0x160\n set_gssp_clnt+0xbc/0x140\n write_gssp+0x116/0x1a0\n proc_reg_write+0xd6/0x130\n vfs_write+0x177/0x690\n ksys_write+0xb9/0x150\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nWhen the xprt_switch sysfs alloc failed, should not add xprt and\nswitch sysfs to it, otherwise, maybe null-ptr-deref; also initialize\nthe 'xps_sysfs' to NULL to avoid oops when destroy it."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "baea99445dd4675a834e8a5987d2f368adb62e6c",
"version_value": "d59722d088a9d86ce6d9d39979e5d1d669d249f7"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/d59722d088a9d86ce6d9d39979e5d1d669d249f7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d59722d088a9d86ce6d9d39979e5d1d669d249f7"
},
{
"url": "https://git.kernel.org/stable/c/7b189b0aa8dab14b49c31c65af8a982e96e25b62",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7b189b0aa8dab14b49c31c65af8a982e96e25b62"
},
{
"url": "https://git.kernel.org/stable/c/cbdeaee94a415800c65a8c3fa04d9664a8b8fb3a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cbdeaee94a415800c65a8c3fa04d9664a8b8fb3a"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

92
2022/49xxx/CVE-2022-49929.json
View File

@ -1,102 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49929",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix mr leak in RESPST_ERR_RNR\n\nrxe_recheck_mr() will increase mr's ref_cnt, so we should call rxe_put(mr)\nto drop mr's ref_cnt in RESPST_ERR_RNR to avoid below warning:\n\n WARNING: CPU: 0 PID: 4156 at drivers/infiniband/sw/rxe/rxe_pool.c:259 __rxe_cleanup+0x1df/0x240 [rdma_rxe]\n...\n Call Trace:\n rxe_dereg_mr+0x4c/0x60 [rdma_rxe]\n ib_dereg_mr_user+0xa8/0x200 [ib_core]\n ib_mr_pool_destroy+0x77/0xb0 [ib_core]\n nvme_rdma_destroy_queue_ib+0x89/0x240 [nvme_rdma]\n nvme_rdma_free_queue+0x40/0x50 [nvme_rdma]\n nvme_rdma_teardown_io_queues.part.0+0xc3/0x120 [nvme_rdma]\n nvme_rdma_error_recovery_work+0x4d/0xf0 [nvme_rdma]\n process_one_work+0x582/0xa40\n ? pwq_dec_nr_in_flight+0x100/0x100\n ? rwlock_bug.part.0+0x60/0x60\n worker_thread+0x2a9/0x700\n ? process_one_work+0xa40/0xa40\n kthread+0x168/0x1a0\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8a1a0be894da0d06bfbb496cc2dc3057fa83e103",
"version_value": "50b35ad2864a9d66f802f9ce193d99bbef64e219"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.18",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.18",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/50b35ad2864a9d66f802f9ce193d99bbef64e219",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/50b35ad2864a9d66f802f9ce193d99bbef64e219"
},
{
"url": "https://git.kernel.org/stable/c/b5f9a01fae42684648c2ee3cd9985f80c67ab9f7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b5f9a01fae42684648c2ee3cd9985f80c67ab9f7"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

92
2022/49xxx/CVE-2022-49930.json
View File

@ -1,102 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49930",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix NULL pointer problem in free_mr_init()\n\nLock grab occurs in a concurrent scenario, resulting in stepping on a NULL\npointer. It should be init mutex_init() first before use the lock.\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n Call trace:\n __mutex_lock.constprop.0+0xd0/0x5c0\n __mutex_lock_slowpath+0x1c/0x2c\n mutex_lock+0x44/0x50\n free_mr_send_cmd_to_hw+0x7c/0x1c0 [hns_roce_hw_v2]\n hns_roce_v2_dereg_mr+0x30/0x40 [hns_roce_hw_v2]\n hns_roce_dereg_mr+0x4c/0x130 [hns_roce_hw_v2]\n ib_dereg_mr_user+0x54/0x124\n uverbs_free_mr+0x24/0x30\n destroy_hw_idr_uobject+0x38/0x74\n uverbs_destroy_uobject+0x48/0x1c4\n uobj_destroy+0x74/0xcc\n ib_uverbs_cmd_verbs+0x368/0xbb0\n ib_uverbs_ioctl+0xec/0x1a4\n __arm64_sys_ioctl+0xb4/0x100\n invoke_syscall+0x50/0x120\n el0_svc_common.constprop.0+0x58/0x190\n do_el0_svc+0x30/0x90\n el0_svc+0x2c/0xb4\n el0t_64_sync_handler+0x1a4/0x1b0\n el0t_64_sync+0x19c/0x1a0"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "70f92521584f1d1e8268311ee84413307b0fdea8",
"version_value": "0e23e85d86b78e734dd6654f1b69fbaeb5534c81"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.18",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.18",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0e23e85d86b78e734dd6654f1b69fbaeb5534c81",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0e23e85d86b78e734dd6654f1b69fbaeb5534c81"
},
{
"url": "https://git.kernel.org/stable/c/12bcaf87d8b66d8cd812479c8a6349dcb245375c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/12bcaf87d8b66d8cd812479c8a6349dcb245375c"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

135
2022/49xxx/CVE-2022-49931.json
View File

@ -1,145 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49931",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Correctly move list in sc_disable()\n\nCommit 13bac861952a (\"IB/hfi1: Fix abba locking issue with sc_disable()\")\nincorrectly tries to move a list from one list head to another. The\nresult is a kernel crash.\n\nThe crash is triggered when a link goes down and there are waiters for a\nsend to complete. The following signature is seen:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000030\n [...]\n Call Trace:\n sc_disable+0x1ba/0x240 [hfi1]\n pio_freeze+0x3d/0x60 [hfi1]\n handle_freeze+0x27/0x1b0 [hfi1]\n process_one_work+0x1b0/0x380\n ? process_one_work+0x380/0x380\n worker_thread+0x30/0x360\n ? process_one_work+0x380/0x380\n kthread+0xd7/0x100\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30\n\nThe fix is to use the correct call to move the list."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "d997d4e4365f7e59cf6b59c70f966c56d704b64f",
"version_value": "25760a41e3802f54aadcc31385543665ab349b8e"
},
{
"version_affected": "<",
"version_name": "d98883f6c33e0d960afedcecaa92fc2b61fec383",
"version_value": "7c4260f8f188df32414a5ecad63e8b934c2aa3f0"
},
{
"version_affected": "<",
"version_name": "13bac861952a78664907a0f927d3e874e9a59034",
"version_value": "ba95409d6b580501ff6d78efd00064f7df669926"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.15",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.224",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.154",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.78",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.8",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/25760a41e3802f54aadcc31385543665ab349b8e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/25760a41e3802f54aadcc31385543665ab349b8e"
},
{
"url": "https://git.kernel.org/stable/c/7c4260f8f188df32414a5ecad63e8b934c2aa3f0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7c4260f8f188df32414a5ecad63e8b934c2aa3f0"
},
{
"url": "https://git.kernel.org/stable/c/ba95409d6b580501ff6d78efd00064f7df669926",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ba95409d6b580501ff6d78efd00064f7df669926"
},
{
"url": "https://git.kernel.org/stable/c/b8bcff99b07cc175a6ee12a52db51cdd2229586c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b8bcff99b07cc175a6ee12a52db51cdd2229586c"
},
{
"url": "https://git.kernel.org/stable/c/1afac08b39d85437187bb2a92d89a741b1078f55",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1afac08b39d85437187bb2a92d89a741b1078f55"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}

18
2022/49xxx/CVE-2022-49932.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49932",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/49xxx/CVE-2022-49933.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49933",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/49xxx/CVE-2022-49934.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49934",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/49xxx/CVE-2022-49935.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49935",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/49xxx/CVE-2022-49936.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49936",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/49xxx/CVE-2022-49937.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49937",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/49xxx/CVE-2022-49938.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49938",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/49xxx/CVE-2022-49939.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49939",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/49xxx/CVE-2022-49940.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49940",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/49xxx/CVE-2022-49941.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49941",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

2
2025/4xxx/CVE-2025-4086.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog.\n*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 138 and Thunderbird < 138."
"value": "A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog.\n*This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138 and Thunderbird < 138."
}
]
},

14
2025/4xxx/CVE-2025-4087.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird ESR < 128.10."
"value": "A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10."
}
]
},
@ -69,18 +69,6 @@
}
]
}
},
{
"product_name": "Thunderbird ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "128.10"
}
]
}
}
]
}

2
2025/4xxx/CVE-2025-4088.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability in Firefox allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox < 138 and Thunderbird < 138."
"value": "A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox < 138 and Thunderbird < 138."
}
]
},

4
2025/4xxx/CVE-2025-4090.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability existed in Firefox for Android where potentially sensitive library locations were logged via Logcat. This vulnerability affects Firefox < 138 and Thunderbird < 138."
"value": "A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability affects Firefox < 138 and Thunderbird < 138."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Leaked library paths in Firefox for Android"
"value": "Leaked library paths in Thunderbird for Android"
}
]
}

14
2025/4xxx/CVE-2025-4091.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird ESR < 128.10."
"value": "Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10."
}
]
},
@ -69,18 +69,6 @@
}
]
}
},
{
"product_name": "Thunderbird ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "128.10"
}
]
}
}
]
}

4
2025/4xxx/CVE-2025-4093.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.10 and Thunderbird ESR < 128.10."
"value": "Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.10 and Thunderbird < 128.10."
}
]
},
@ -47,7 +47,7 @@
}
},
{
"product_name": "Thunderbird ESR",
"product_name": "Thunderbird",
"version": {
"version_data": [
{