admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-08-19T14:00:19.612838+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-08-19 14:03:15 +00:00
parent c6c96c2355
commit 025f382030
324 changed files with 2667 additions and 990 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2022/CVE-2022-17xx/CVE-2022-1751.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-1751",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-17T08:15:04.550",
"lastModified": "2024-08-17T08:15:04.550",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the /image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
},
{
"lang": "es",
"value": "El complemento Skitter Slideshow para WordPress es vulnerable a Server-Side Request Forgery en todas las versiones hasta la 2.5.2 incluida a trav\u00e9s del archivo /image.php. Esto hace posible que atacantes no autenticados realicen solicitudes web a ubicaciones arbitrarias que se originan en la aplicaci\u00f3n web y pueden usarse para consultar y modificar informaci\u00f3n de servicios internos."
}
],
"metrics": {

8
CVE-2022/CVE-2022-331xx/CVE-2022-33162.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-33162",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-08-16T19:15:06.213",
"lastModified": "2024-08-16T19:15:06.213",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM X-Force ID: 228570."
},
{
"lang": "es",
"value": "IBM Security Directory Integrator 7.2.0 y Security Verify Directory Integrator 10.0.0 no realizan ninguna autenticaci\u00f3n para la funcionalidad que requiere una identidad de usuario demostrable o consume una cantidad significativa de recursos. ID de IBM X-Force: 228570."
}
],
"metrics": {

4
CVE-2022/CVE-2022-33xx/CVE-2022-3399.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-3399",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-16T03:15:09.627",
"lastModified": "2024-08-16T03:15:09.627",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2022/CVE-2022-45xx/CVE-2022-4532.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-4532",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-17T08:15:04.887",
"lastModified": "2024-08-17T08:15:04.887",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in."
},
{
"lang": "es",
"value": "El complemento LOGIN AND REGISTRATION ATTEMPTS LIMIT para WordPress es vulnerable a la suplantaci\u00f3n de direcciones IP en versiones hasta la 2.1 incluida. Esto se debe a restricciones insuficientes sobre d\u00f3nde se recupera la informaci\u00f3n de la direcci\u00f3n IP para el registro de solicitudes y las restricciones de inicio de sesi\u00f3n. Los atacantes pueden proporcionar al encabezado X-Forwarded-For una direcci\u00f3n IP diferente que se registrar\u00e1 y se puede usar para evitar configuraciones que pueden haber bloqueado el inicio de sesi\u00f3n de una direcci\u00f3n IP."
}
],
"metrics": {

8
CVE-2023/CVE-2023-07xx/CVE-2023-0714.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-0714",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-17T10:15:06.147",
"lastModified": "2024-08-17T10:15:06.147",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a \"double extension\" attack and upload files containing a malicious extension but ending with a benign extension, which may make remote code execution possible in some configurations."
},
{
"lang": "es",
"value": "Metform Elementor Contact Form Builder para WordPress es vulnerable a la carga arbitraria de archivos debido a una validaci\u00f3n insuficiente del tipo de archivo en versiones hasta la 3.2.4 incluida. Esto permite a los visitantes no autenticados realizar un ataque de \"doble extensi\u00f3n\" y cargar archivos que contienen una extensi\u00f3n maliciosa pero que terminan con una extensi\u00f3n benigna, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo en algunas configuraciones."
}
],
"metrics": {

8
CVE-2023/CVE-2023-16xx/CVE-2023-1604.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-1604",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-17T08:15:05.090",
"lastModified": "2024-08-17T08:15:05.090",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Short URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on the configuration_page function. This makes it possible for unauthenticated attackers to add and import redirects, including comments containing cross-site scripting as detailed in CVE-2023-1602, granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Short URL para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 1.6.8 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n configuration_page. Esto hace posible que atacantes no autenticados agreguen e importen redireccionamientos, incluidos comentarios que contengan Cross-Site Scripting como se detalla en CVE-2023-1602, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

8
CVE-2023/CVE-2023-34xx/CVE-2023-3408.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-3408",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-17T09:15:06.420",
"lastModified": "2024-08-17T09:15:06.420",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'save_settings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including enabling a setting which allows lower-privileged users such as contributors to perform code execution, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El tema Bricks para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 1.8.1 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n 'save_settings'. Esto hace posible que atacantes no autenticados modifiquen la configuraci\u00f3n del tema, incluida la habilitaci\u00f3n de una configuraci\u00f3n que permite a los usuarios con menos privilegios, como los contribuyentes, realizar la ejecuci\u00f3n de c\u00f3digo; a trav\u00e9s de una solicitud falsificada, pueden enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

8
CVE-2023/CVE-2023-34xx/CVE-2023-3409.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-3409",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-17T09:15:06.790",
"lastModified": "2024-08-17T09:15:06.790",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'reset_settings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El tema Bricks para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 1.8.1 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n 'reset_settings'. Esto hace posible que atacantes no autenticados restablezcan la configuraci\u00f3n del tema mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

8
CVE-2023/CVE-2023-34xx/CVE-2023-3416.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-3416",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-17T10:15:07.383",
"lastModified": "2024-08-17T10:15:07.383",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'subscriptionCouponId' parameter via the 'create_stripe_subscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
},
{
"lang": "es",
"value": "El complemento tagDiv Opt-In Builder es vulnerable a la inyecci\u00f3n ciega de SQL a trav\u00e9s del par\u00e1metro 'subscriptionCouponId' a trav\u00e9s del endpoint de la API REST 'create_stripe_subscription' en versiones hasta la 1.4.4 incluida debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de suficiente preparaci\u00f3n en la consulta SQL existente. Esto hace posible que atacantes autenticados con privilegios de nivel de administrador agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-34xx/CVE-2023-3419.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-3419",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-17T10:15:07.633",
"lastModified": "2024-08-17T10:15:07.633",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'couponId' parameter of the 'recreate_stripe_subscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
},
{
"lang": "es",
"value": "El complemento tagDiv Opt-In Builder es vulnerable a la inyecci\u00f3n ciega de SQL a trav\u00e9s del par\u00e1metro 'couponId' del endpoint de la API REST 'recreate_stripe_subscription' en versiones hasta la 1.4.4 incluida debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de suficiente preparaci\u00f3n en la consulta SQL existente. Esto hace posible que atacantes autenticados con privilegios de nivel de administrador agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-40xx/CVE-2023-4024.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-4024",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-17T08:15:05.300",
"lastModified": "2024-08-17T08:15:05.300",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to delete player instances."
},
{
"lang": "es",
"value": "El complemento Radio Player para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n delete_player en versiones hasta la 2.0.73 incluida. Esto hace posible que atacantes no autenticados eliminen instancias de jugadores."
}
],
"metrics": {

8
CVE-2023/CVE-2023-40xx/CVE-2023-4025.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-4025",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-17T08:15:05.500",
"lastModified": "2024-08-17T08:15:05.500",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update player instances."
},
{
"lang": "es",
"value": "El complemento Radio Player para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n update_player en versiones hasta la 2.0.73 incluida. Esto hace posible que atacantes no autenticados actualicen las instancias de los jugadores."
}
],
"metrics": {

8
CVE-2023/CVE-2023-40xx/CVE-2023-4027.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-4027",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-17T08:15:05.703",
"lastModified": "2024-08-17T08:15:05.703",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_settings function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update plugin settings."
},
{
"lang": "es",
"value": "El complemento Radio Player para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n update_settings en versiones hasta la 2.0.73 incluida. Esto hace posible que atacantes no autenticados actualicen la configuraci\u00f3n del complemento."
}
],
"metrics": {

8
CVE-2023/CVE-2023-45xx/CVE-2023-4507.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-4507",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-17T08:15:05.893",
"lastModified": "2024-08-17T08:15:05.893",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Admission AppManager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'q' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Admission AppManager para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s del par\u00e1metro 'q' en versiones hasta la 1.0.0 incluida debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

8
CVE-2023/CVE-2023-46xx/CVE-2023-4604.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-4604",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-17T08:15:06.097",
"lastModified": "2024-08-17T08:15:06.097",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Slideshow, Image Slider by 2J plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018post\u2019 parameter in versions up to, and including, 1.3.54 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Slideshow, Image Slider de 2J para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s del par\u00e1metro 'post' en versiones hasta la 1.3.54 incluida debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

8
CVE-2023/CVE-2023-477xx/CVE-2023-47728.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-47728",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-08-16T20:15:09.780",
"lastModified": "2024-08-16T20:15:09.780",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. This information could be used in further attacks against the system. IBM X-Force ID: 272201."
},
{
"lang": "es",
"value": "IBM QRadar Suite Software 1.10.12.0 a 1.10.22.0 e IBM Cloud Pak for Security 1.10.0.0 a 1.10.11.0 podr\u00edan permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en la solicitud. Esta informaci\u00f3n podr\u00eda usarse en futuros ataques contra el sistema. ID de IBM X-Force: 272201."
}
],
"metrics": {

8
CVE-2023/CVE-2023-47xx/CVE-2023-4730.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-4730",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-17T08:15:06.297",
"lastModified": "2024-08-17T08:15:06.297",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The LadiApp plugn for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to modify a variety of settings. An attacker can directly modify the 'ladipage_key' which enables them to create new posts on the website and inject malicious web scripts."
},
{
"lang": "es",
"value": "El complemento LadiApp para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n init_endpoint() conectada a trav\u00e9s de 'init' en versiones hasta la 4.3 incluida. Esto hace posible que atacantes no autenticados modifiquen una variedad de configuraciones. Un atacante puede modificar directamente 'ladipage_key', lo que le permite crear nuevas publicaciones en el sitio web e inyectar scripts web maliciosos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-528xx/CVE-2023-52889.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52889",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:07.073",
"lastModified": "2024-08-19T05:15:05.943",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix null pointer deref when receiving skb during sock creation\n\nThe panic below is observed when receiving ICMP packets with secmark set\nwhile an ICMP raw socket is being created. SK_CTX(sk)->label is updated\nin apparmor_socket_post_create(), but the packet is delivered to the\nsocket before that, causing the null pointer dereference.\nDrop the packet if label context is not set.\n\n BUG: kernel NULL pointer dereference, address: 000000000000004c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df\n Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020\n RIP: 0010:aa_label_next_confined+0xb/0x40\n Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 <8b> 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2\n RSP: 0018:ffffa92940003b08 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e\n RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002\n R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400\n R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000\n FS: 00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0\n PKRU: 55555554\n Call Trace:\n <IRQ>\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? exc_page_fault+0x7f/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? aa_label_next_confined+0xb/0x40\n apparmor_secmark_check+0xec/0x330\n security_sock_rcv_skb+0x35/0x50\n sk_filter_trim_cap+0x47/0x250\n sock_queue_rcv_skb_reason+0x20/0x60\n raw_rcv+0x13c/0x210\n raw_local_deliver+0x1f3/0x250\n ip_protocol_deliver_rcu+0x4f/0x2f0\n ip_local_deliver_finish+0x76/0xa0\n __netif_receive_skb_one_core+0x89/0xa0\n netif_receive_skb+0x119/0x170\n ? __netdev_alloc_skb+0x3d/0x140\n vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n __napi_poll+0x28/0x1b0\n net_rx_action+0x2a4/0x380\n __do_softirq+0xd1/0x2c8\n __irq_exit_rcu+0xbb/0xf0\n common_interrupt+0x86/0xa0\n </IRQ>\n <TASK>\n asm_common_interrupt+0x26/0x40\n RIP: 0010:apparmor_socket_post_create+0xb/0x200\n Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48\n RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286\n RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001\n RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740\n RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\n R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003\n R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748\n ? __pfx_apparmor_socket_post_create+0x10/0x10\n security_socket_post_create+0x4b/0x80\n __sock_create+0x176/0x1f0\n __sys_socket+0x89/0x100\n __x64_sys_socket+0x17/0x20\n do_syscall_64+0x5d/0x90\n ? do_syscall_64+0x6c/0x90\n ? do_syscall_64+0x6c/0x90\n ? do_syscall_64+0x6c/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: apparmor: corrige la deref del puntero nulo al recibir skb durante la creaci\u00f3n del calcet\u00edn. El siguiente p\u00e1nico se observa al recibir paquetes ICMP con la marca de seguridad configurada mientras se crea un socket ICMP sin formato. SK_CTX(sk)-&gt;label se actualiza en apparmor_socket_post_create(), pero el paquete se entrega al socket antes de eso, lo que provoca la desreferencia del puntero nulo. Descarte el paquete si el contexto de la etiqueta no est\u00e1 establecido. ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 000000000000004c #PF: acceso de lectura del supervisor en modo kernel #PF: c\u00f3digo_error(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Ups: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 407 Comm: a.out No contaminado 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df Nombre del hardware: VMware, Inc. Plataforma virtual VMware/Plataforma de referencia de escritorio 440BX, BIOS 6.00 28/05/2020 RIP 0010:aa_label_ siguiente_confinado+0xb/0x40 C\u00f3digo: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 &gt; 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2 RSP: 0018:ffffa92940003b08 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 000 RCX: 000000000000000e RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 00000000000000000 RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002 R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400 R13: 00000000000000001 R14: 0000000000000001 R15: 00000000000 FS: 00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0 PKRU: 55555554 Seguimiento de llamadas: ? __morir+0x23/0x70 ? page_fault_oops+0x171/0x4e0? exc_page_fault+0x7f/0x180? asm_exc_page_fault+0x26/0x30? aa_label_next_confined+0xb/0x40 apparmor_secmark_check+0xec/0x330 seguridad_sock_rcv_skb+0x35/0x50 sk_filter_trim_cap+0x47/0x250 sock_queue_rcv_skb_reason+0x20/0x60 raw_rcv+0x13c/0x210 local_deliver+0x1f3/0x250 ip_protocol_deliver_rcu+0x4f/0x2f0 ip_local_deliver_finish+0x76/0xa0 __netif_receive_skb_one_core+0x89/0xa0 netif_receive_skb+0x119/0x170? __netdev_alloc_skb+0x3d/0x140 vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a] vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56 a84f9c97178c57a43a24ec073b45a9d6f01f3a] __napi_poll+0x28/0x1b0 net_rx_action+0x2a4/0x380 __do_softirq+0xd1/0x2c8 __irq_exit_rcu+0xbb/0xf0 common_interrupt+0x86/0xa0 asm_common_interrupt+0x26/0x40 RIP: 0010:apparmor_socket_post_create+0xb/0x200 C\u00f3digo: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 &lt;55&gt; 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48 RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286 RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740 RBP: 0000000000000001 R08: 000000000000 R09: 0000000000000000 R10: ffff8b57444cec70 R11: 0000000000000000 R12: 00000000000000003 R13: 0000000000000002 R14: 74eaab740 R15: fffffffbd8e4748 ? __pfx_apparmor_socket_post_create+0x10/0x10 security_socket_post_create+0x4b/0x80 __sock_create+0x176/0x1f0 __sys_socket+0x89/0x100 __x64_sys_socket+0x17/0x20 do_syscall_64+0x5d/0x 90? do_syscall_64+0x6c/0x90? do_syscall_64+0x6c/0x90? do_syscall_64+0x6c/0x90 entrada_SYSCALL_64_after_hwframe+0x72/0xdc"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-55xx/CVE-2023-5505.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-5505",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-17T09:15:07.160",
"lastModified": "2024-08-17T09:15:07.160",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site."
},
{
"lang": "es",
"value": "El complemento BackWPup para WordPress es vulnerable a Directory Traversal en versiones hasta la 4.0.1 incluida a trav\u00e9s de la carpeta de copia de seguridad espec\u00edfica del trabajo. Esto permite a los atacantes autenticados almacenar copias de seguridad en carpetas arbitrarias en el servidor, siempre que el servidor pueda escribir en ellas. Adem\u00e1s, la configuraci\u00f3n predeterminada colocar\u00e1 un archivo index.php y .htaccess en el directorio elegido (a menos que ya est\u00e9 presente) cuando se ejecute el primer trabajo de copia de seguridad, cuyo objetivo es evitar la lista de directorios y el acceso a archivos. Esto significa que un atacante podr\u00eda establecer el directorio de respaldo en la ra\u00edz de otro sitio en un entorno compartido y as\u00ed desactivar ese sitio."
}
],
"metrics": {

4
CVE-2023/CVE-2023-70xx/CVE-2023-7049.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7049",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-16T03:15:09.887",
"lastModified": "2024-08-16T03:15:09.887",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-21xx/CVE-2024-2175.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-2175",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-08-16T15:15:27.940",
"lastModified": "2024-08-16T15:15:27.940",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An insecure permissions vulnerability was reported in\u00a0Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM)\n\n that could allow a local attacker to escalate privileges."
},
{
"lang": "es",
"value": "Se inform\u00f3 una vulnerabilidad de permisos inseguros en Lenovo Display Control Center (LDCC) y Lenovo Accessories and Display Manager (LADM) que podr\u00eda permitir a un atacante local escalar privilegios."
}
],
"metrics": {

4
CVE-2024/CVE-2024-222xx/CVE-2024-22217.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22217",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T18:15:19.090",
"lastModified": "2024-08-15T18:15:19.090",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-222xx/CVE-2024-22218.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22218",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T18:15:19.197",
"lastModified": "2024-08-15T19:35:05.533",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-222xx/CVE-2024-22219.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22219",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T18:15:19.290",
"lastModified": "2024-08-15T18:15:19.290",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-231xx/CVE-2024-23168.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23168",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T19:15:18.070",
"lastModified": "2024-08-15T21:35:03.230",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-250xx/CVE-2024-25008.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25008",
"sourceIdentifier": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
"published": "2024-08-16T10:15:04.823",
"lastModified": "2024-08-16T10:15:04.823",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-255xx/CVE-2024-25582.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25582",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-08-19T07:15:03.970",
"lastModified": "2024-08-19T08:15:06.977",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Module savepoints could be abused to inject references to malicious code delivered through the same domain. Attackers could perform malicious API requests or extract information from the users account. Exploiting this vulnerability requires temporary access to an account or successful social engineering to make a user follow a prepared link to a malicious account. Please deploy the provided updates and patch releases. The savepoint module path has been restricted to modules that provide the feature, excluding any arbitrary or non-existing modules. No publicly available exploits are known."
},
{
"lang": "es",
"value": "Se podr\u00eda abusar de los puntos de guardado del m\u00f3dulo para inyectar referencias a c\u00f3digo malicioso entregado a trav\u00e9s del mismo dominio. Los atacantes podr\u00edan realizar solicitudes API maliciosas o extraer informaci\u00f3n de la cuenta del usuario. Explotar esta vulnerabilidad requiere acceso temporal a una cuenta o ingenier\u00eda social exitosa para hacer que un usuario siga un enlace preparado a una cuenta maliciosa. Implemente las actualizaciones y lanzamientos de parches proporcionados. La ruta del m\u00f3dulo de punto de guardado se ha restringido a los m\u00f3dulos que proporcionan la funci\u00f3n, excluyendo cualquier m\u00f3dulo arbitrario o inexistente. No se conocen exploits disponibles p\u00fablicamente."
}
],
"metrics": {

4
CVE-2024/CVE-2024-256xx/CVE-2024-25633.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25633",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-15T19:15:18.213",
"lastModified": "2024-08-15T19:15:18.213",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-258xx/CVE-2024-25837.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25837",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-16T18:15:08.907",
"lastModified": "2024-08-16T18:15:08.907",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments section."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en el complemento CMS Bloghub v1.3.8 y anteriores de octubre permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado en la secci\u00f3n Comentarios."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-277xx/CVE-2024-27728.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27728",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T19:15:18.477",
"lastModified": "2024-08-15T19:15:18.477",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-277xx/CVE-2024-27729.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27729",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T19:15:18.573",
"lastModified": "2024-08-15T19:15:18.573",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-277xx/CVE-2024-27730.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27730",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T19:15:18.663",
"lastModified": "2024-08-16T16:35:06.563",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-277xx/CVE-2024-27731.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27731",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T19:15:18.770",
"lastModified": "2024-08-16T18:35:09.407",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-313xx/CVE-2024-31333.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31333",
"sourceIdentifier": "security@android.com",
"published": "2024-08-15T22:15:06.123",
"lastModified": "2024-08-16T15:35:05.893",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-322xx/CVE-2024-32231.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32231",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T18:15:19.507",
"lastModified": "2024-08-15T18:15:19.507",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-347xx/CVE-2024-34727.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34727",
"sourceIdentifier": "security@android.com",
"published": "2024-08-15T22:15:06.190",
"lastModified": "2024-08-15T22:15:06.190",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-347xx/CVE-2024-34731.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34731",
"sourceIdentifier": "security@android.com",
"published": "2024-08-15T22:15:06.263",
"lastModified": "2024-08-16T15:35:07.050",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-347xx/CVE-2024-34734.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34734",
"sourceIdentifier": "security@android.com",
"published": "2024-08-15T22:15:06.337",
"lastModified": "2024-08-16T15:35:08.043",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-347xx/CVE-2024-34736.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34736",
"sourceIdentifier": "security@android.com",
"published": "2024-08-15T22:15:06.400",
"lastModified": "2024-08-15T22:15:06.400",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-347xx/CVE-2024-34737.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34737",
"sourceIdentifier": "security@android.com",
"published": "2024-08-15T22:15:06.467",
"lastModified": "2024-08-16T15:35:09.367",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-347xx/CVE-2024-34738.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34738",
"sourceIdentifier": "security@android.com",
"published": "2024-08-15T22:15:06.623",
"lastModified": "2024-08-16T15:35:09.537",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-347xx/CVE-2024-34739.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34739",
"sourceIdentifier": "security@android.com",
"published": "2024-08-15T22:15:06.690",
"lastModified": "2024-08-16T15:35:09.703",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-347xx/CVE-2024-34740.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34740",
"sourceIdentifier": "security@android.com",
"published": "2024-08-15T22:15:06.753",
"lastModified": "2024-08-16T14:35:02.640",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-347xx/CVE-2024-34741.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34741",
"sourceIdentifier": "security@android.com",
"published": "2024-08-15T22:15:06.820",
"lastModified": "2024-08-16T16:35:12.133",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-347xx/CVE-2024-34742.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34742",
"sourceIdentifier": "security@android.com",
"published": "2024-08-15T22:15:06.890",
"lastModified": "2024-08-15T22:15:06.890",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-347xx/CVE-2024-34743.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34743",
"sourceIdentifier": "security@android.com",
"published": "2024-08-15T22:15:06.957",
"lastModified": "2024-08-15T22:15:06.957",
"vulnStatus": "Received",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-356xx/CVE-2024-35686.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-35686",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-18T22:15:07.647",
"lastModified": "2024-08-18T22:15:07.647",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro (WC Paid Courses).This issue affects Sensei LMS: from n/a through 4.23.1; Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1."
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Automattic Sensei LMS, Automattic Sensei Pro (cursos pagos de WC). Este problema afecta a Sensei LMS: desde n/a hasta 4.23.1; Sensei Pro (cursos pagos de WC): desde n/a hasta 4.23.1.1.23.1."
}
],
"metrics": {

71
CVE-2024/CVE-2024-35xx/CVE-2024-3587.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3587",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-07-16T09:15:02.693",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T13:34:17.217",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -39,18 +59,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:averta:auxinportfolio:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.3.3",
"matchCriteriaId": "B82E8C2F-AB65-425E-8EB3-F25D528D5ADF"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/auxin-portfolio/tags/2.3.2/public/templates/elements/recent-portfolio.php#L179",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3115537/auxin-portfolio/trunk/public/templates/elements/recent-portfolio.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0ea041b-f09d-4c62-aada-26afbc60b6f2?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

473
CVE-2024/CVE-2024-380xx/CVE-2024-38081.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38081",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:43.750",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T13:53:27.237",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -40,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -51,10 +61,467 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734112B3-1383-4BE3-8721-C0F84566B764"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36B0E40A-84EF-4099-A395-75D6B8CDA196"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D00F295B-6ECF-43C4-BD71-98F835CCDB0D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "1648C361-E25C-42FE-8543-03DE56100201"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2A7014-8078-4C40-91E3-ACA60A98AC68"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "979081E3-FB60-43E0-BF86-ED301E7EF25C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7487B8-BE4D-4707-9E20-39840A260831"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47D0AB10-CD2F-4500-A4D6-CC2BA724036C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*",
"matchCriteriaId": "B7674920-AE12-4A25-BE57-34AEDDA74D76"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "AA1CCA3D-299D-4BCD-8565-98083C40525C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:x64:*",
"matchCriteriaId": "8968BAC8-A1DB-4F88-89F8-4BE47919C247"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6437F9-6631-49D3-A6C2-62329E278E31"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4E76DC-838A-46D7-BC09-E2C149699050"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0241B0-855A-489C-9AAE-68BC2556F24D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDC4407-7E92-4E60-82F0-0C87D1860D3A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*",
"matchCriteriaId": "B7674920-AE12-4A25-BE57-34AEDDA74D76"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "AA1CCA3D-299D-4BCD-8565-98083C40525C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:x64:*",
"matchCriteriaId": "8968BAC8-A1DB-4F88-89F8-4BE47919C247"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D400E856-2B2E-4CEA-8CA5-309FDF371CEA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "934D4E46-12C1-41DC-A28C-A2C430E965E4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "979081E3-FB60-43E0-BF86-ED301E7EF25C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7487B8-BE4D-4707-9E20-39840A260831"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47D0AB10-CD2F-4500-A4D6-CC2BA724036C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB5C848-9883-4FE0-9A6B-B7B52E704AC1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50D643A0-5F16-4D63-BF83-19DF8F93AE25"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0241B0-855A-489C-9AAE-68BC2556F24D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B822942-B429-406C-A13A-A2379AA952CF"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.0.32",
"matchCriteriaId": "1233A609-9772-490F-80F5-8AA750BF25CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.4",
"versionEndExcluding": "17.4.21",
"matchCriteriaId": "1EF1832B-95B7-4253-92EC-0912987D8C42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.6",
"versionEndExcluding": "17.6.17",
"matchCriteriaId": "DB946EB4-95CC-42FC-9D47-445D7E1C3E38"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.8",
"versionEndExcluding": "17.8.12",
"matchCriteriaId": "65299FC5-169B-4642-B961-647EEE2DA0BD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D00F295B-6ECF-43C4-BD71-98F835CCDB0D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "0A1BC97A-263E-4291-8AEF-02EE4E6031E9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2A7014-8078-4C40-91E3-ACA60A98AC68"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6437F9-6631-49D3-A6C2-62329E278E31"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4E76DC-838A-46D7-BC09-E2C149699050"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-396xx/CVE-2024-39666.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39666",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-18T14:15:06.370",
"lastModified": "2024-08-18T14:15:06.370",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 9.1.2."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Automattic WooCommerce. Este problema afecta a WooCommerce: desde n/a hasta 9.1.2."
}
],
"metrics": {

8
CVE-2024/CVE-2024-422xx/CVE-2024-42260.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42260",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:07.530",
"lastModified": "2024-08-17T09:15:07.530",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the performance extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit a546b7e4d73c23838d7e4d2c92882b3ca902d213)"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/v3d: validar los identificadores pasados de drm syncobj en la extensi\u00f3n de rendimiento. Si el espacio de usuario proporciona un identificador desconocido o no v\u00e1lido en cualquier parte de la matriz de identificadores, el resto del controlador no lo manejar\u00e1 tan bien. Arr\u00e9glelo comprobando que el identificador se haya buscado correctamente o, de lo contrario, falle la extensi\u00f3n saltando al desenrollado existente. (cereza escogida del commit a546b7e4d73c23838d7e4d2c92882b3ca902d213)"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42261.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42261",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:07.600",
"lastModified": "2024-08-17T09:15:07.600",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the timestamp extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3)"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/v3d: validar los identificadores pasados de drm syncobj en la extensi\u00f3n de marca de tiempo. Si el espacio de usuario proporciona un identificador desconocido o no v\u00e1lido en cualquier parte de la matriz de identificadores, el resto del controlador no lo manejar\u00e1 tan bien. Arr\u00e9glelo comprobando que el identificador se haya buscado correctamente o, de lo contrario, falle la extensi\u00f3n saltando al desenrollado existente. (cereza escogida del commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3)"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42262.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42262",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:07.680",
"lastModified": "2024-08-17T09:15:07.680",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the performance extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 484de39fa5f5b7bd0c5f2e2c5265167250ef7501)"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/v3d: corrige una posible p\u00e9rdida de memoria en la extensi\u00f3n de rendimiento. Si falla la recuperaci\u00f3n de la memoria del espacio de usuario durante el bucle principal, todos los objetos de sincronizaci\u00f3n de drm buscados hasta ese punto se filtrar\u00e1n debido a la falta drm_syncobj_put. Solucionarlo exportando y utilizando un asistente de limpieza com\u00fan. (cereza escogida del commit 484de39fa5f5b7bd0c5f2e2c5265167250ef7501)"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42263.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42263",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:07.770",
"lastModified": "2024-08-17T09:15:07.770",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the timestamp extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 753ce4fea62182c77e1691ab4f9022008f25b62e)"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/v3d: corrige una posible p\u00e9rdida de memoria en la extensi\u00f3n de marca de tiempo. Si falla la recuperaci\u00f3n de la memoria del espacio de usuario durante el bucle principal, todos los objetos de sincronizaci\u00f3n de drm buscados hasta ese punto se filtrar\u00e1n debido a la falta drm_syncobj_put. Solucionarlo exportando y utilizando un asistente de limpieza com\u00fan. (cereza escogida del commit 753ce4fea62182c77e1691ab4f9022008f25b62e)"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42264.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42264",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:07.833",
"lastModified": "2024-08-17T09:15:07.833",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Prevent out of bounds access in performance query extensions\n\nCheck that the number of perfmons userspace is passing in the copy and\nreset extensions is not greater than the internal kernel storage where\nthe ids will be copied into.\n\n(cherry picked from commit f32b5128d2c440368b5bf3a7a356823e235caabb)"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/v3d: evita el acceso fuera de los l\u00edmites en las extensiones de consulta de rendimiento. Verifique que la cantidad de espacio de usuario de perfmons que se pasa en las extensiones de copia y restablecimiento no sea mayor que el almacenamiento interno del kernel donde se encuentra el Los identificadores se copiar\u00e1n. (cereza escogida del commit f32b5128d2c440368b5bf3a7a356823e235caabb)"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42265.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42265",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:07.893",
"lastModified": "2024-08-19T05:15:07.163",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nprotect the fetch of ->fd[fd] in do_dup2() from mispredictions\n\nboth callers have verified that fd is not greater than ->max_fds;\nhowever, misprediction might end up with\n tofree = fdt->fd[fd];\nbeing speculatively executed. That's wrong for the same reasons\nwhy it's wrong in close_fd()/file_close_fd_locked(); the same\nsolution applies - array_index_nospec(fd, fdt->max_fds) could differ\nfrom fd only in case of speculative execution on mispredicted path."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: proteger la recuperaci\u00f3n de -&gt;fd[fd] en do_dup2() de predicciones err\u00f3neas; ambos llamadores han verificado que fd no es mayor que -&gt;max_fds; sin embargo, una predicci\u00f3n err\u00f3nea podr\u00eda terminar con tofree = fdt-&gt;fd[fd]; siendo ejecutado especulativamente. Eso est\u00e1 mal por las mismas razones por las que est\u00e1 mal en close_fd()/file_close_fd_locked(); se aplica la misma soluci\u00f3n: array_index_nospec(fd, fdt-&gt;max_fds) podr\u00eda diferir de fd solo en caso de ejecuci\u00f3n especulativa en una ruta mal prevista."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42266.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42266",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:07.967",
"lastModified": "2024-08-17T09:15:07.967",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: make cow_file_range_inline() honor locked_page on error\n\nThe btrfs buffered write path runs through __extent_writepage() which\nhas some tricky return value handling for writepage_delalloc().\nSpecifically, when that returns 1, we exit, but for other return values\nwe continue and end up calling btrfs_folio_end_all_writers(). If the\nfolio has been unlocked (note that we check the PageLocked bit at the\nstart of __extent_writepage()), this results in an assert panic like\nthis one from syzbot:\n\n BTRFS: error (device loop0 state EAL) in free_log_tree:3267: errno=-5 IO failure\n BTRFS warning (device loop0 state EAL): Skipping commit of aborted transaction.\n BTRFS: error (device loop0 state EAL) in cleanup_transaction:2018: errno=-5 IO failure\n assertion failed: folio_test_locked(folio), in fs/btrfs/subpage.c:871\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/subpage.c:871!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\n CPU: 1 PID: 5090 Comm: syz-executor225 Not tainted\n 6.10.0-syzkaller-05505-gb1bc554e009e #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS\n Google 06/27/2024\n RIP: 0010:btrfs_folio_end_all_writers+0x55b/0x610 fs/btrfs/subpage.c:871\n Code: e9 d3 fb ff ff e8 25 22 c2 fd 48 c7 c7 c0 3c 0e 8c 48 c7 c6 80 3d\n 0e 8c 48 c7 c2 60 3c 0e 8c b9 67 03 00 00 e8 66 47 ad 07 90 <0f> 0b e8\n 6e 45 b0 07 4c 89 ff be 08 00 00 00 e8 21 12 25 fe 4c 89\n RSP: 0018:ffffc900033d72e0 EFLAGS: 00010246\n RAX: 0000000000000045 RBX: 00fff0000000402c RCX: 663b7a08c50a0a00\n RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\n RBP: ffffc900033d73b0 R08: ffffffff8176b98c R09: 1ffff9200067adfc\n R10: dffffc0000000000 R11: fffff5200067adfd R12: 0000000000000001\n R13: dffffc0000000000 R14: 0000000000000000 R15: ffffea0001cbee80\n FS: 0000000000000000(0000) GS:ffff8880b9500000(0000)\n knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f5f076012f8 CR3: 000000000e134000 CR4: 00000000003506f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n <TASK>\n __extent_writepage fs/btrfs/extent_io.c:1597 [inline]\n extent_write_cache_pages fs/btrfs/extent_io.c:2251 [inline]\n btrfs_writepages+0x14d7/0x2760 fs/btrfs/extent_io.c:2373\n do_writepages+0x359/0x870 mm/page-writeback.c:2656\n filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397\n __filemap_fdatawrite_range mm/filemap.c:430 [inline]\n __filemap_fdatawrite mm/filemap.c:436 [inline]\n filemap_flush+0xdf/0x130 mm/filemap.c:463\n btrfs_release_file+0x117/0x130 fs/btrfs/file.c:1547\n __fput+0x24a/0x8a0 fs/file_table.c:422\n task_work_run+0x24f/0x310 kernel/task_work.c:222\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0xa2f/0x27f0 kernel/exit.c:877\n do_group_exit+0x207/0x2c0 kernel/exit.c:1026\n __do_sys_exit_group kernel/exit.c:1037 [inline]\n __se_sys_exit_group kernel/exit.c:1035 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1035\n x64_sys_call+0x2634/0x2640\n arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f5f075b70c9\n Code: Unable to access opcode bytes at\n 0x7f5f075b709f.\n\nI was hitting the same issue by doing hundreds of accelerated runs of\ngeneric/475, which also hits IO errors by design.\n\nI instrumented that reproducer with bpftrace and found that the\nundesirable folio_unlock was coming from the following callstack:\n\n folio_unlock+5\n __process_pages_contig+475\n cow_file_range_inline.constprop.0+230\n cow_file_range+803\n btrfs_run_delalloc_range+566\n writepage_delalloc+332\n __extent_writepage # inlined in my stacktrace, but I added it here\n extent_write_cache_pages+622\n\nLooking at the bisected-to pa\n---truncated---"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: haga que cow_file_range_inline() respete la p\u00e1gina bloqueada en caso de error. La ruta de escritura almacenada en el b\u00fafer de btrfs pasa por __extent_writepage(), que tiene un manejo complicado del valor de retorno para writepage_delalloc(). Espec\u00edficamente, cuando eso devuelve 1, salimos, pero para otros valores de retorno continuamos y terminamos llamando a btrfs_folio_end_all_writers(). Si la publicaci\u00f3n se ha desbloqueado (tenga en cuenta que verificamos el bit PageLocked al inicio de __extent_writepage()), esto resulta en un p\u00e1nico de afirmaci\u00f3n como este de syzbot: BTRFS: error (device loop0 state EAL) in free_log_tree:3267: errno = -5 Fallo de E/S Advertencia BTRFS (estado EAL del bucle 0 del dispositivo): omitir El commit de la transacci\u00f3n abortada. BTRFS: error (EAL de estado de bucle 0 del dispositivo) en cleanup_transaction:2018: errno=-5 Error de aserci\u00f3n de E/S fallida: folio_test_locked(folio), en fs/btrfs/subpage.c:871 ------------ [cortar aqu\u00ed]------------ \u00a1ERROR del kernel en fs/btrfs/subpage.c:871! Vaya: c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 PID: 5090 Comm: syz-executor225 No est\u00e1 contaminado 6.10.0-syzkaller-05505-gb1bc554e009e #0 Nombre de hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 27/06/2024 RIP: 0010:btrfs_folio_end_all_writers+0x55b/0x610 fs/btrfs/subpage.c:871 C\u00f3digo: e9 d3 fb ff ff e8 25 22 c2 fd 48 c7 c7 c0 3c 0e 8c 48 c7 c6 80 3d 0e 8c 48 c7 c2 60 3c 0e 8c b9 67 03 00 00 e8 66 47 ad 07 90 &lt;0f&gt; 0b e8 6e 45 b0 07 4c 89 ff be 08 00 00 00 e8 21 12 25 fe 4c 89 RSP: 00033d72e0 EFLAGS: 00010246 RAX: 0000000000000045 RBX: 00fff0000000402c RCX: 663b7a08c50a0a00 RDX: 0000000000000000 RSI: 0000000080000000 RDI: 000000000 0000000 RBP: ffffc900033d73b0 R08: ffffffff8176b98c R09: 1ffff9200067adfc R10: dffffc0000000000 R11: fffff5200067adfd R12: 0000000000000001 R13: 0000000000 R14: 0000000000000000 R15: ffffea0001cbee80 FS: 0000000000000000( 0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f5f076012f8 CR3: e134000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: __extent_writepage fs/btrfs/extent_io.c:1597 [en l\u00ednea] extend_write_cache_pages fs/btrfs/extent_io.c:2251 [en l\u00ednea] btrfs_writepages+0x14d7/0x2760 fs/btrfs/extent_io.c:2373 do_writepages+0x359/ 0x870 mm/page-writeback.c:2656 filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397 __filemap_fdatawrite_range mm/filemap.c:430 [en l\u00ednea] __filemap_fdatawrite mm/filemap.c:436 [en l\u00ednea] filemap_flush+0xdf/0x130 mm /filemap.c:463 btrfs_release_file+0x117/0x130 fs/btrfs/file.c:1547 __fput+0x24a/0x8a0 fs/file_table.c:422 task_work_run+0x24f/0x310 kernel/task_work.c:222 exit_task_work include/linux/task_work .h:40 [en l\u00ednea] do_exit+0xa2f/0x27f0 kernel/exit.c:877 do_group_exit+0x207/0x2c0 kernel/exit.c:1026 __do_sys_exit_group kernel/exit.c:1037 [en l\u00ednea] __se_sys_exit_group kernel/exit.c:1035 [en l\u00ednea] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1035 x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5f075b70c9 C\u00f3digo: No se puede acceder a los bytes del c\u00f3digo de operaci\u00f3n en 0x7f5f075b709f. Me encontr\u00e9 con el mismo problema al realizar cientos de ejecuciones aceleradas de generic/475, que tambi\u00e9n genera errores de IO por dise\u00f1o. Instrument\u00e9 ese reproductor con bpftrace y descubr\u00ed que el folio_unlock no deseado proven\u00eda de la siguiente pila de llamadas: folio_unlock+5 __process_pages_contig+475 cow_file_range_inline.constprop.0+230 cow_file_range+803 btrfs_run_delalloc_range+566 writepage_delalloc+332 __extent_writepage # ---truncado---"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42267.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42267",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:08.047",
"lastModified": "2024-08-19T05:15:07.247",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()\n\nHandle VM_FAULT_SIGSEGV in the page fault path so that we correctly\nkill the process and we don't BUG() the kernel."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: riscv/mm: Agregar manejo para VM_FAULT_SIGSEGV en mm_fault_error() Manejar VM_FAULT_SIGSEGV en la ruta de falla de la p\u00e1gina para que finalicemos correctamente el proceso y no emitamos ERRORES() en el kernel."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42268.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42268",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:08.110",
"lastModified": "2024-08-17T09:15:08.110",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix missing lock on sync reset reload\n\nOn sync reset reload work, when remote host updates devlink on reload\nactions performed on that host, it misses taking devlink lock before\ncalling devlink_remote_reload_actions_performed() which results in\ntriggering lock assert like the following:\n\nWARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50\n\u2026\n CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S W 6.10.0-rc2+ #116\n Hardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015\n Workqueue: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core]\n RIP: 0010:devl_assert_locked+0x3e/0x50\n\u2026\n Call Trace:\n <TASK>\n ? __warn+0xa4/0x210\n ? devl_assert_locked+0x3e/0x50\n ? report_bug+0x160/0x280\n ? handle_bug+0x3f/0x80\n ? exc_invalid_op+0x17/0x40\n ? asm_exc_invalid_op+0x1a/0x20\n ? devl_assert_locked+0x3e/0x50\n devlink_notify+0x88/0x2b0\n ? mlx5_attach_device+0x20c/0x230 [mlx5_core]\n ? __pfx_devlink_notify+0x10/0x10\n ? process_one_work+0x4b6/0xbb0\n process_one_work+0x4b6/0xbb0\n[\u2026]"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net/mlx5: se corrigi\u00f3 el bloqueo faltante en la recarga de reinicio de sincronizaci\u00f3n. En el trabajo de recarga de reinicio de sincronizaci\u00f3n, cuando el host remoto actualiza devlink en las acciones de recarga realizadas en ese host, no toma el bloqueo de devlink antes de llamar a devlink_remote_reload_actions_performed. () lo que da como resultado la activaci\u00f3n de un bloqueo como el siguiente: ADVERTENCIA: CPU: 4 PID: 1164 en net/devlink/core.c:261 devl_assert_locked+0x3e/0x50 \u2026 CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted : GSW 6.10.0-rc2+ #116 Nombre del hardware: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 18/12/2015 Cola de trabajo: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core] RIP: devl_assert_locked+0x3e/0x50 \u2026 Seguimiento de llamadas: ? __advertir+0xa4/0x210 ? devl_assert_locked+0x3e/0x50? report_bug+0x160/0x280? handle_bug+0x3f/0x80? exc_invalid_op+0x17/0x40? asm_exc_invalid_op+0x1a/0x20? devl_assert_locked+0x3e/0x50 devlink_notify+0x88/0x2b0? mlx5_attach_device+0x20c/0x230 [mlx5_core] ? __pfx_devlink_notify+0x10/0x10? proceso_one_work+0x4b6/0xbb0 proceso_one_work+0x4b6/0xbb0 [\u2026]"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42269.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42269",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:08.177",
"lastModified": "2024-08-19T05:15:07.323",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().\n\nip6table_nat_table_init() accesses net->gen->ptr[ip6table_nat_net_ops.id],\nbut the function is exposed to user space before the entry is allocated\nvia register_pernet_subsys().\n\nLet's call register_pernet_subsys() before xt_register_template()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: iptables: corrige el potencial null-ptr-deref en ip6table_nat_table_init(). ip6table_nat_table_init() accede a net-&gt;gen-&gt;ptr[ip6table_nat_net_ops.id], pero la funci\u00f3n est\u00e1 expuesta al espacio del usuario antes de que la entrada se asigne a trav\u00e9s de Register_pernet_subsys(). Llamemos a Register_pernet_subsys() antes de xt_register_template()."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42270.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42270",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:08.240",
"lastModified": "2024-08-19T05:15:07.393",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().\n\nWe had a report that iptables-restore sometimes triggered null-ptr-deref\nat boot time. [0]\n\nThe problem is that iptable_nat_table_init() is exposed to user space\nbefore the kernel fully initialises netns.\n\nIn the small race window, a user could call iptable_nat_table_init()\nthat accesses net_generic(net, iptable_nat_net_id), which is available\nonly after registering iptable_nat_net_ops.\n\nLet's call register_pernet_subsys() before xt_register_template().\n\n[0]:\nbpfilter: Loaded bpfilter_umh pid 11702\nStarted bpfilter\nBUG: kernel NULL pointer dereference, address: 0000000000000013\n PF: supervisor write access in kernel mode\n PF: error_code(0x0002) - not-present page\nPGD 0 P4D 0\nPREEMPT SMP NOPTI\nCPU: 2 PID: 11879 Comm: iptables-restor Not tainted 6.1.92-99.174.amzn2023.x86_64 #1\nHardware name: Amazon EC2 c6i.4xlarge/, BIOS 1.0 10/16/2017\nRIP: 0010:iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\nCode: 10 4c 89 f6 48 89 ef e8 0b 19 bb ff 41 89 c4 85 c0 75 38 41 83 c7 01 49 83 c6 28 41 83 ff 04 75 dc 48 8b 44 24 08 48 8b 0c 24 <48> 89 08 4c 89 ef e8 a2 3b a2 cf 48 83 c4 10 44 89 e0 5b 5d 41 5c\nRSP: 0018:ffffbef902843cd0 EFLAGS: 00010246\nRAX: 0000000000000013 RBX: ffff9f4b052caa20 RCX: ffff9f4b20988d80\nRDX: 0000000000000000 RSI: 0000000000000064 RDI: ffffffffc04201c0\nRBP: ffff9f4b29394000 R08: ffff9f4b07f77258 R09: ffff9f4b07f77240\nR10: 0000000000000000 R11: ffff9f4b09635388 R12: 0000000000000000\nR13: ffff9f4b1a3c6c00 R14: ffff9f4b20988e20 R15: 0000000000000004\nFS: 00007f6284340000(0000) GS:ffff9f51fe280000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000013 CR3: 00000001d10a6005 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? xt_find_table_lock (net/netfilter/x_tables.c:1259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? page_fault_oops (arch/x86/mm/fault.c:727)\n ? exc_page_fault (./arch/x86/include/asm/irqflags.h:40 ./arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1470 arch/x86/mm/fault.c:1518)\n ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570)\n ? iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\n xt_find_table_lock (net/netfilter/x_tables.c:1259)\n xt_request_find_table_lock (net/netfilter/x_tables.c:1287)\n get_info (net/ipv4/netfilter/ip_tables.c:965)\n ? security_capable (security/security.c:809 (discriminator 13))\n ? ns_capable (kernel/capability.c:376 kernel/capability.c:397)\n ? do_ipt_get_ctl (net/ipv4/netfilter/ip_tables.c:1656)\n ? bpfilter_send_req (net/bpfilter/bpfilter_kern.c:52) bpfilter\n nf_getsockopt (net/netfilter/nf_sockopt.c:116)\n ip_getsockopt (net/ipv4/ip_sockglue.c:1827)\n __sys_getsockopt (net/socket.c:2327)\n __x64_sys_getsockopt (net/socket.c:2342 net/socket.c:2339 net/socket.c:2339)\n do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:81)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:121)\nRIP: 0033:0x7f62844685ee\nCode: 48 8b 0d 45 28 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 09\nRSP: 002b:00007ffd1f83d638 EFLAGS: 00000246 ORIG_RAX: 0000000000000037\nRAX: ffffffffffffffda RBX: 00007ffd1f83d680 RCX: 00007f62844685ee\nRDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004\nRBP: 0000000000000004 R08: 00007ffd1f83d670 R09: 0000558798ffa2a0\nR10: 00007ffd1f83d680 R11: 0000000000000246 R12: 00007ffd1f83e3b2\nR13: 00007f6284\n---truncated---"
},
{
"lang": "es",
"value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: netfilter: iptables: corrige null-ptr-deref en iptable_nat_table_init(). Recibimos un informe de que iptables-restore a veces activaba null-ptr-deref en el momento del arranque. [0] El problema es que iptable_nat_table_init() est\u00e1 expuesto al espacio del usuario antes de que el kernel inicialice completamente netns. En la ventana de ejecuci\u00f3n peque\u00f1a, un usuario podr\u00eda llamar a iptable_nat_table_init() que accede a net_generic(net, iptable_nat_net_id), que est\u00e1 disponible solo despu\u00e9s de registrar iptable_nat_net_ops. Llamemos a Register_pernet_subsys() antes de xt_register_template(). [0]: bpfilter: Bpfilter_umh pid 11702 iniciado bpfilter ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000013 PF: acceso de escritura del supervisor en modo kernel PF: error_code(0x0002) - p\u00e1gina no presente PGD 0 P4D 0 PREEMPT SMP NOPTI CPU: 2 PID: 11879 Comm: iptables-restor No contaminado 6.1.92-99.174.amzn2023.x86_64 #1 Nombre del hardware: Amazon EC2 c6i.4xlarge/, BIOS 1.0 16/10/2017 RIP: 0010:iptable_nat_table_init (net/ipv4/netfilter /iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat C\u00f3digo: 10 4c 89 f6 48 89 ef e8 0b 19 bb ff 41 89 c4 85 c0 75 38 41 83 c7 01 49 83 c6 28 41 83 ff 04 75 pa 48 8b 44 24 08 48 8b 0c 24 &lt;48&gt; 89 08 4c 89 ef e8 a2 3b a2 cf 48 83 c4 10 44 89 e0 5b 5d 41 5c RSP: 0018:ffffbef902843cd0 EFLAGS: 00010246 RAX: 0000000000000013RBX: ffff9f4b052caa20 RCX: ffff9f4b20988d80 RDX: 0000000000000000 RSI: 0000000000000064 RDI: ffffffffc04201c0 RBP: ffff9f4b29394000 R08: ffff9f4b07f77 258 R09: ffff9f4b07f77240 R10: 00000000000000000 R11: ffff9f4b09635388 R12: 0000000000000000 R13: ffff9f4b1a3c6c00 R14: ffff9f4b20988e20 : 0000000000000004 FS: 00007f6284340000(0000) GS:ffff9f51fe280000( 0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000013 CR3: 00000001d10a6005 CR4: 00000000007 706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 00000000000000000 DR6: 00000000ffe0ff0 DR7: 0000000000000400 PK RU: 55555554 Seguimiento de llamadas: ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)? xt_find_table_lock (net/netfilter/x_tables.c:1259)? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)? page_fault_oops (arch/x86/mm/fault.c:727)? exc_page_fault (./arch/x86/include/asm/irqflags.h:40 ./arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1470 arch/x86/mm/fault .c:1518)? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570)? iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat xt_find_table_lock (net/netfilter/x_tables.c:1259) xt_request_find_table_lock (net/netfilter/x_tables.c:1287) get_info (net/ipv4/netfilter/ip_tables.c:965)? security_capable (seguridad/seguridad.c:809 (discriminador 13))? ns_capable (kernel/capability.c:376 kernel/capability.c:397)? do_ipt_get_ctl (net/ipv4/netfilter/ip_tables.c:1656)? bpfilter_send_req (net/bpfilter/bpfilter_kern.c:52) bpfilter nf_getsockopt (net/netfilter/nf_sockopt.c:116) ip_getsockopt (net/ipv4/ip_sockglue.c:1827) __sys_getsockopt (net/socket.c:2327) _sys_getsockopt (neto /socket.c:2342 net/socket.c:2339 net/socket.c:2339) do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:81) Entry_SYSCALL_64_after_hwframe (arch/ x86/entry/entry_64.S:121) RIP: 0033:0x7f62844685ee C\u00f3digo: 48 8b 0d 45 28 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f 3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 &lt;48&gt; 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 09 RSP: 002b:00007ffd1f83d638 EFLAGS: 46 ORIG_RAX: 0000000000000037 RAX: ffffffffffffffda RBX: 00007ffd1f83d680 RCX: 00007f62844685ee RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 00000000000000004 R08: 00007ffd1f83d670 : 0000558798ffa2a0 R10: 00007ffd1f83d680 R11: 0000000000000246 R12: 00007ffd1f83e3b2 R13: 00007f6284 ---truncado---"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42271.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42271",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:08.307",
"lastModified": "2024-08-19T05:15:07.460",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/iucv: fix use after free in iucv_sock_close()\n\niucv_sever_path() is called from process context and from bh context.\niucv->path is used as indicator whether somebody else is taking care of\nsevering the path (or it is already removed / never existed).\nThis needs to be done with atomic compare and swap, otherwise there is a\nsmall window where iucv_sock_close() will try to work with a path that has\nalready been severed and freed by iucv_callback_connrej() called by\niucv_tasklet_fn().\n\nExample:\n[452744.123844] Call Trace:\n[452744.123845] ([<0000001e87f03880>] 0x1e87f03880)\n[452744.123966] [<00000000d593001e>] iucv_path_sever+0x96/0x138\n[452744.124330] [<000003ff801ddbca>] iucv_sever_path+0xc2/0xd0 [af_iucv]\n[452744.124336] [<000003ff801e01b6>] iucv_sock_close+0xa6/0x310 [af_iucv]\n[452744.124341] [<000003ff801e08cc>] iucv_sock_release+0x3c/0xd0 [af_iucv]\n[452744.124345] [<00000000d574794e>] __sock_release+0x5e/0xe8\n[452744.124815] [<00000000d5747a0c>] sock_close+0x34/0x48\n[452744.124820] [<00000000d5421642>] __fput+0xba/0x268\n[452744.124826] [<00000000d51b382c>] task_work_run+0xbc/0xf0\n[452744.124832] [<00000000d5145710>] do_notify_resume+0x88/0x90\n[452744.124841] [<00000000d5978096>] system_call+0xe2/0x2c8\n[452744.125319] Last Breaking-Event-Address:\n[452744.125321] [<00000000d5930018>] iucv_path_sever+0x90/0x138\n[452744.125324]\n[452744.125325] Kernel panic - not syncing: Fatal exception in interrupt\n\nNote that bh_lock_sock() is not serializing the tasklet context against\nprocess context, because the check for sock_owned_by_user() and\ncorresponding handling is missing.\n\nIdeas for a future clean-up patch:\nA) Correct usage of bh_lock_sock() in tasklet context, as described in\nRe-enqueue, if needed. This may require adding return values to the\ntasklet functions and thus changes to all users of iucv.\n\nB) Change iucv tasklet into worker and use only lock_sock() in af_iucv."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/iucv: corrige el use after free en iucv_sock_close() iucv_sever_path() se llama desde el contexto del proceso y desde el contexto bh. iucv-&gt;path se utiliza como indicador de si alguien m\u00e1s se est\u00e1 encargando de cortar la ruta (o si ya se elimin\u00f3 o nunca existi\u00f3). Esto debe hacerse con comparaci\u00f3n e intercambio at\u00f3mico; de lo contrario, hay una peque\u00f1a ventana donde iucv_sock_close() intentar\u00e1 trabajar con una ruta que ya ha sido cortada y liberada por iucv_callback_connrej() llamada por iucv_tasklet_fn(). Ejemplo: [452744.123844] Seguimiento de llamadas: [452744.123845] ([&lt;0000001e87f03880&gt;] 0x1e87f03880) [452744.123966] [&lt;00000000d593001e&gt;] iucv_path_sever+0x96/0x13 8 [452744.124330] [&lt;000003ff801ddbca&gt;] iucv_sever_path+0xc2/0xd0 [af_iucv] [452744.124336 ] [&lt;000003ff801e01b6&gt;] iucv_sock_close+0xa6/0x310 [af_iucv] [452744.124341] [&lt;000003ff801e08cc&gt;] iucv_sock_release+0x3c/0xd0 [af_iucv] [452744.124345] 000000d574794e&gt;] __sock_release+0x5e/0xe8 [452744.124815] [&lt;00000000d5747a0c&gt; ] sock_close+0x34/0x48 [452744.124820] [&lt;00000000d5421642&gt;] __fput+0xba/0x268 [452744.124826] [&lt;00000000d51b382c&gt;] task_work_run+0xbc/0xf0 [452744.1 24832] [&lt;00000000d5145710&gt;] do_notify_resume+0x88/0x90 [452744.124841] [&lt; 00000000d5978096&gt;] system_call+0xe2/0x2c8 [452744.125319] \u00daltima direcci\u00f3n del evento de \u00faltima hora: [452744.125321] [&lt;00000000d5930018&gt;] iucv_path_sever+0x90/0x138 [452744.125 324] [452744.125325] P\u00e1nico del kernel: no se sincroniza: excepci\u00f3n fatal en la interrupci\u00f3n. Tenga en cuenta que bh_lock_sock () no serializa el contexto del tasklet con respecto al contexto del proceso, porque falta la verificaci\u00f3n de sock_owned_by_user() y el manejo correspondiente. Ideas para un futuro parche de limpieza: A) Uso correcto de bh_lock_sock() en el contexto del tasklet, como se describe en Volver a poner en cola, si es necesario. Esto puede requerir agregar valores de retorno a las funciones del tasklet y, por lo tanto, cambios para todos los usuarios de iucv. B) Cambie el tasklet iucv a trabajador y use solo lock_sock() en af_iucv."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42272.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42272",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:08.370",
"lastModified": "2024-08-19T05:15:07.530",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: act_ct: take care of padding in struct zones_ht_key\n\nBlamed commit increased lookup key size from 2 bytes to 16 bytes,\nbecause zones_ht_key got a struct net pointer.\n\nMake sure rhashtable_lookup() is not using the padding bytes\nwhich are not initialized.\n\n BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n BUG: KMSAN: uninit-value in tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408\n tcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425\n tcf_action_init+0x458/0xf00 net/sched/act_api.c:1488\n tcf_action_add net/sched/act_api.c:2061 [inline]\n tc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118\n rtnetlink_rcv_msg+0x12fc/0x1410 net/core/rtnetlink.c:6647\n netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550\n rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:745\n ____sys_sendmsg+0x877/0xb60 net/socket.c:2597\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651\n __sys_sendmsg net/socket.c:2680 [inline]\n __do_sys_sendmsg net/socket.c:2689 [inline]\n __se_sys_sendmsg net/socket.c:2687 [inline]\n __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687\n x64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable key created at:\n tcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324\n tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: sched: act_ct: cuida el relleno en struct zonas_ht_key El commit culpada aument\u00f3 el tama\u00f1o de la clave de b\u00fasqueda de 2 bytes a 16 bytes, porque zonas_ht_key obtuvo un puntero de red de estructura. Aseg\u00farese de que rhashtable_lookup() no est\u00e9 utilizando los bytes de relleno que no est\u00e1n inicializados. ERROR: KMSAN: valor uninit en rht_ptr_rcu include/linux/rhashtable.h:376 [en l\u00ednea] ERROR: KMSAN: valor uninit en __rhashtable_lookup include/linux/rhashtable.h:607 [en l\u00ednea] ERROR: KMSAN: valor uninit en rhashtable_lookup include/linux/rhashtable.h:646 [en l\u00ednea] ERROR: KMSAN: valor uninit en rhashtable_lookup_fast include/linux/rhashtable.h:672 [en l\u00ednea] ERROR: KMSAN: valor uninit en tcf_ct_flow_table_get+0x611/0x2260 net/sched /act_ct.c:329 rht_ptr_rcu include/linux/rhashtable.h:376 [en l\u00ednea] __rhashtable_lookup include/linux/rhashtable.h:607 [en l\u00ednea] rhashtable_lookup include/linux/rhashtable.h:646 [en l\u00ednea] rhashtable_lookup_fast include/linux/ rhashtable.h:672 [en l\u00ednea] tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329 tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408 tcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425 tcf_action_init+0x458/0xf00 net/sched/act_api.c:1488 tcf_action_add net/sched/act_api.c:2061 [en l\u00ednea] tc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118 rtnetlink_rcv_msg+0x12fc/0x1410 net /n\u00facleo/ rtnetlink.c:6647 netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550 rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665 netlink_unicast_kernel net/netlink/af_netlink.c:1331 [en l\u00ednea] netlink_unicast+0xf52/ 0x1260 net/netlink/af_netlink.c:1357 netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:730 [en l\u00ednea] __sock_sendmsg+0x30f/0x380 net/socket.c:745 ____sys_s mensaje final+0x877 /0xb60 net/socket.c:2597 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651 __sys_sendmsg net/socket.c:2680 [en l\u00ednea] __do_sys_sendmsg net/socket.c:2689 [en l\u00ednea] __se_sys_sendmsg net/socket. c: 2687 [en l\u00ednea] __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687 x64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea ] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x77/0x7f Clave de variable local creada en: tcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324 tcf_ct_init+0xa67/0x2890 net /programado /act_ct.c:1408"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42273.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42273",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:08.450",
"lastModified": "2024-08-17T09:15:08.450",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid\n\nmkdir /mnt/test/comp\nf2fs_io setflags compression /mnt/test/comp\ndd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1\ntruncate --size 13 /mnt/test/comp/testfile\n\nIn the above scenario, we can get a BUG_ON.\n kernel BUG at fs/f2fs/segment.c:3589!\n Call Trace:\n do_write_page+0x78/0x390 [f2fs]\n f2fs_outplace_write_data+0x62/0xb0 [f2fs]\n f2fs_do_write_data_page+0x275/0x740 [f2fs]\n f2fs_write_single_data_page+0x1dc/0x8f0 [f2fs]\n f2fs_write_multi_pages+0x1e5/0xae0 [f2fs]\n f2fs_write_cache_pages+0xab1/0xc60 [f2fs]\n f2fs_write_data_pages+0x2d8/0x330 [f2fs]\n do_writepages+0xcf/0x270\n __writeback_single_inode+0x44/0x350\n writeback_sb_inodes+0x242/0x530\n __writeback_inodes_wb+0x54/0xf0\n wb_writeback+0x192/0x310\n wb_workfn+0x30d/0x400\n\nThe reason is we gave CURSEG_ALL_DATA_ATGC to COMPR_ADDR where the\npage was set the gcing flag by set_cluster_dirty()."
},
{
"lang": "es",
"value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: f2fs: asigna CURSEG_ALL_DATA_ATGC si blkaddr es v\u00e1lido mkdir /mnt/test/comp f2fs_io setflags compresi\u00f3n /mnt/test/comp dd if=/dev/zero of=/mnt/test/ comp/testfile bs=16k count=1 truncate --size 13 /mnt/test/comp/testfile En el escenario anterior, podemos obtener un BUG_ON. \u00a1ERROR del kernel en fs/f2fs/segment.c:3589! Seguimiento de llamadas: do_write_page+0x78/0x390 [f2fs] f2fs_outplace_write_data+0x62/0xb0 [f2fs] f2fs_do_write_data_page+0x275/0x740 [f2fs] f2fs_write_single_data_page+0x1dc/0x8f0 [f2fs_write_multi_ p\u00e1ginas+0x1e5/0xae0 [f2fs] f2fs_write_cache_p\u00e1ginas+0xab1/0xc60 [f2fs ] f2fs_write_data_pages+0x2d8/0x330 [f2fs] do_writepages+0xcf/0x270 __writeback_single_inode+0x44/0x350 writeback_sb_inodes+0x242/0x530 __writeback_inodes_wb+0x54/0xf0 wb_writeback+0x192/0x3 10 wb_workfn+0x30d/0x400 La raz\u00f3n es que le dimos CURSEG_ALL_DATA_ATGC a COMPR_ADDR donde est\u00e1 la p\u00e1gina set_cluster_dirty() estableci\u00f3 la bandera gcing."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42274.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42274",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:08.530",
"lastModified": "2024-08-19T05:15:07.610",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"ALSA: firewire-lib: operate for period elapse event in process context\"\n\nCommit 7ba5ca32fe6e (\"ALSA: firewire-lib: operate for period elapse event\nin process context\") removed the process context workqueue from\namdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove\nits overhead.\n\nWith RME Fireface 800, this lead to a regression since\nKernels 5.14.0, causing an AB/BA deadlock competition for the\nsubstream lock with eventual system freeze under ALSA operation:\n\nthread 0:\n * (lock A) acquire substream lock by\n\tsnd_pcm_stream_lock_irq() in\n\tsnd_pcm_status64()\n * (lock B) wait for tasklet to finish by calling\n \ttasklet_unlock_spin_wait() in\n\ttasklet_disable_in_atomic() in\n\tohci_flush_iso_completions() of ohci.c\n\nthread 1:\n * (lock B) enter tasklet\n * (lock A) attempt to acquire substream lock,\n \twaiting for it to be released:\n\tsnd_pcm_stream_lock_irqsave() in\n \tsnd_pcm_period_elapsed() in\n\tupdate_pcm_pointers() in\n\tprocess_ctx_payloads() in\n\tprocess_rx_packets() of amdtp-stream.c\n\n? tasklet_unlock_spin_wait\n </NMI>\n <TASK>\nohci_flush_iso_completions firewire_ohci\namdtp_domain_stream_pcm_pointer snd_firewire_lib\nsnd_pcm_update_hw_ptr0 snd_pcm\nsnd_pcm_status64 snd_pcm\n\n? native_queued_spin_lock_slowpath\n </NMI>\n <IRQ>\n_raw_spin_lock_irqsave\nsnd_pcm_period_elapsed snd_pcm\nprocess_rx_packets snd_firewire_lib\nirq_target_callback snd_firewire_lib\nhandle_it_packet firewire_ohci\ncontext_tasklet firewire_ohci\n\nRestore the process context work queue to prevent deadlock\nAB/BA deadlock competition for ALSA substream lock of\nsnd_pcm_stream_lock_irq() in snd_pcm_status64()\nand snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed().\n\nrevert commit 7ba5ca32fe6e (\"ALSA: firewire-lib: operate for period\nelapse event in process context\")\n\nReplace inline description to prevent future deadlock."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Revertir \"ALSA: firewire-lib: operar durante el evento transcurrido en el contexto del proceso\" commit 7ba5ca32fe6e (\"ALSA: firewire-lib: operar durante el evento transcurrido en el contexto del proceso\") eliminada la cola de trabajo del contexto del proceso de amdtp_domain_stream_pcm_pointer() y update_pcm_pointers() para eliminar su sobrecarga. Con RME Fireface 800, esto condujo a una regresi\u00f3n desde Kernels 5.14.0, lo que provoc\u00f3 una competencia de punto muerto AB/BA para el bloqueo de substream con una eventual congelaci\u00f3n del sistema bajo la operaci\u00f3n ALSA: subproceso 0: * (bloqueo A) adquiere el bloqueo de substream mediante snd_pcm_stream_lock_irq() en snd_pcm_status64() * (bloqueo B) espere a que finalice el tasklet llamando a tasklet_unlock_spin_wait() en tasklet_disable_in_atomic() en ohci_flush_iso_completions() del subproceso 1 de ohci.c: * (bloqueo B) ingrese al tasklet * (bloqueo A) intente adquirir el subflujo bloquear, esperando a que se libere: snd_pcm_stream_lock_irqsave() en snd_pcm_period_elapsed() en update_pcm_pointers() en Process_ctx_payloads() en Process_rx_packets() de amdtp-stream.c? tasklet_unlock_spin_wait ohci_flush_iso_completions firewire_ohci amdtp_domain_stream_pcm_pointer snd_firewire_lib snd_pcm_update_hw_ptr0 snd_pcm snd_pcm_status64 snd_pcm ? nativo_queued_spin_lock_slowpath _raw_spin_lock_irqsave snd_pcm_period_elapsed snd_pcm Process_rx_packets snd_firewire_lib irq_target_callback snd_firewire_lib handle_it_packet firewire_ohci context_tasklet firewire_ohci Restaurar la cola de trabajo del contexto del proceso para evitar un punto muerto Competencia de punto muerto AB/BA para el bloqueo de subtransmisi\u00f3n ALSA de snd_pcm_stream_lock_irq() en snd_pcm_status64() y snd_pcm_stream_lock_irqsave() en snd_pcm_period_elapsed(). revertir el commit 7ba5ca32fe6e (\"ALSA: firewire-lib: operar durante el evento de per\u00edodo transcurrido en el contexto del proceso\") Reemplace la descripci\u00f3n en l\u00ednea para evitar futuros interbloqueos."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42275.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42275",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:08.613",
"lastModified": "2024-08-17T09:15:08.613",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: Fix error code in drm_client_buffer_vmap_local()\n\nThis function accidentally returns zero/success on the failure path.\nIt leads to locking issues and an uninitialized *map_copy in the\ncaller."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/client: corrige el c\u00f3digo de error en drm_client_buffer_vmap_local() Esta funci\u00f3n devuelve accidentalmente cero/\u00e9xito en la ruta de error. Conduce a problemas de bloqueo y a un *map_copy no inicializado en la persona que llama."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42276.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42276",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:08.673",
"lastModified": "2024-08-19T05:15:07.693",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: add missing condition check for existence of mapped data\n\nnvme_map_data() is called when request has physical segments, hence\nthe nvme_unmap_data() should have same condition to avoid dereference."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: nvme-pci: agrega condici\u00f3n faltante para verificar la existencia de datos mapeados. Se llama a nvme_map_data() cuando la solicitud tiene segmentos f\u00edsicos, por lo tanto, nvme_unmap_data() debe tener la misma condici\u00f3n para evitar la desreferencia."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42277.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42277",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:08.750",
"lastModified": "2024-08-19T05:15:07.803",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: sprd: Avoid NULL deref in sprd_iommu_hw_en\n\nIn sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()\ndom->sdev is equal to NULL, which leads to null dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu: sprd: Evite la deref NULL en sprd_iommu_hw_en En sprd_iommu_cleanup() antes de llamar a la funci\u00f3n sprd_iommu_hw_en() dom-&gt;sdev es igual a NULL, lo que conduce a una desreferencia nula. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42278.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42278",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:08.813",
"lastModified": "2024-08-17T09:15:08.813",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: TAS2781: Fix tasdev_load_calibrated_data()\n\nThis function has a reversed if statement so it's either a no-op or it\nleads to a NULL dereference."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ASoC: TAS2781: Fix tasdev_load_calibrated_data() Esta funci\u00f3n tiene una declaraci\u00f3n if invertida, por lo que no funciona o conduce a una desreferencia NULL."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42279.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42279",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:08.880",
"lastModified": "2024-08-17T09:15:08.880",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer\n\nWhile transmitting with rx_len == 0, the RX FIFO is not going to be\nemptied in the interrupt handler. A subsequent transfer could then\nread crap from the previous transfer out of the RX FIFO into the\nstart RX buffer. The core provides a register that will empty the RX and\nTX FIFOs, so do that before each transfer."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: microchip-core: aseg\u00farese de que los FIFO de TX y RX est\u00e9n vac\u00edos al inicio de una transferencia. Mientras se transmite con rx_len == 0, el FIFO de RX no se vaciar\u00e1 en la interrupci\u00f3n entrenador de animales. Una transferencia posterior podr\u00eda leer basura de la transferencia anterior desde el RX FIFO al b\u00fafer de inicio de RX. El n\u00facleo proporciona un registro que vaciar\u00e1 los FIFO RX y TX, as\u00ed que h\u00e1galo antes de cada transferencia."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42280.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42280",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:08.943",
"lastModified": "2024-08-19T05:15:07.870",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: Fix a use after free in hfcmulti_tx()\n\nDon't dereference *sp after calling dev_kfree_skb(*sp)."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mISDN: corrige un use after free en hfcmulti_tx() No elimine la referencia a *sp despu\u00e9s de llamar a dev_kfree_skb(*sp)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42281.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42281",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:09.013",
"lastModified": "2024-08-19T05:15:07.940",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a segment issue when downgrading gso_size\n\nLinearize the skb when downgrading gso_size because it may trigger a\nBUG_ON() later when the skb is segmented as described in [1,2]."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: soluciona un problema de segmento al degradar gso_size Lineariza el skb al degradar gso_size porque puede desencadenar un BUG_ON() m\u00e1s adelante cuando el skb se segmenta como se describe en [1,2]."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42282.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42282",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:09.090",
"lastModified": "2024-08-17T09:15:09.090",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mediatek: Fix potential NULL pointer dereference in dummy net_device handling\n\nMove the freeing of the dummy net_device from mtk_free_dev() to\nmtk_remove().\n\nPreviously, if alloc_netdev_dummy() failed in mtk_probe(),\neth->dummy_dev would be NULL. The error path would then call\nmtk_free_dev(), which in turn called free_netdev() assuming dummy_dev\nwas allocated (but it was not), potentially causing a NULL pointer\ndereference.\n\nBy moving free_netdev() to mtk_remove(), we ensure it's only called when\nmtk_probe() has succeeded and dummy_dev is fully allocated. This\naddresses a potential NULL pointer dereference detected by Smatch[1]."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: mediatek: corrige la posible desreferencia del puntero NULL en el manejo del net_device ficticio. Mueva la liberaci\u00f3n del net_device ficticio de mtk_free_dev() a mtk_remove(). Anteriormente, si alloc_netdev_dummy() fallaba en mtk_probe(), eth-&gt;dummy_dev ser\u00eda NULL. La ruta de error luego llamar\u00eda a mtk_free_dev(), que a su vez llamar\u00eda a free_netdev() suponiendo que dummy_dev estuviera asignado (pero no lo estaba), causando potencialmente una desreferencia del puntero NULL. Al mover free_netdev() a mtk_remove(), nos aseguramos de que solo se llame cuando mtk_probe() haya tenido \u00e9xito y dummy_dev est\u00e9 completamente asignado. Esto soluciona una posible desreferencia de puntero NULL detectada por Smatch[1]."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42283.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42283",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:09.163",
"lastModified": "2024-08-19T05:15:08.010",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: Initialize all fields in dumped nexthops\n\nstruct nexthop_grp contains two reserved fields that are not initialized by\nnla_put_nh_group(), and carry garbage. This can be observed e.g. with\nstrace (edited for clarity):\n\n # ip nexthop add id 1 dev lo\n # ip nexthop add id 101 group 1\n # strace -e recvmsg ip nexthop get id 101\n ...\n recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},\n [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52\n\nThe fields are reserved and therefore not currently used. But as they are, they\nleak kernel memory, and the fact they are not just zero complicates repurposing\nof the fields for new ends. Initialize the full structure."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: nexthop: inicializa todos los campos en la estructura nexthops volcada. nexthop_grp contiene dos campos reservados que no son inicializados por nla_put_nh_group() y transporta basura. Esto se puede observar, por ejemplo, con strace (editado para mayor claridad): # ip nexthop add id 1 dev lo # ip nexthop add id 101 group 1 # strace -e recvmsg ip nexthop get id 101 ... recvmsg(... [{nla_len =12, nla_type=NHA_GROUP}, [{id=1, peso=0, resvd1=0x69, resvd2=0x67}]] ...) = 52 Los campos est\u00e1n reservados y, por lo tanto, no se utilizan actualmente. Pero tal como est\u00e1n, pierden memoria del n\u00facleo, y el hecho de que no sean simplemente cero complica la reutilizaci\u00f3n de los campos para nuevos fines. Inicialice la estructura completa."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42284.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42284",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:09.233",
"lastModified": "2024-08-19T05:15:08.070",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Return non-zero value from tipc_udp_addr2str() on error\n\ntipc_udp_addr2str() should return non-zero value if the UDP media\naddress is invalid. Otherwise, a buffer overflow access can occur in\ntipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP\nmedia address."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tipc: Devuelve un valor distinto de cero desde tipc_udp_addr2str() en caso de error tipc_udp_addr2str() deber\u00eda devolver un valor distinto de cero si la direcci\u00f3n de medios UDP no es v\u00e1lida. De lo contrario, puede ocurrir un acceso de desbordamiento del b\u00fafer en tipc_media_addr_printf(). Solucione este problema devolviendo 1 en una direcci\u00f3n de medios UDP no v\u00e1lida."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42285.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42285",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:09.300",
"lastModified": "2024-08-19T05:15:08.133",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix a use-after-free related to destroying CM IDs\n\niw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with\nan existing struct iw_cm_id (cm_id) as follows:\n\n conn_id->cm_id.iw = cm_id;\n cm_id->context = conn_id;\n cm_id->cm_handler = cma_iw_handler;\n\nrdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make\nsure that cm_work_handler() does not trigger a use-after-free by only\nfreeing of the struct rdma_id_private after all pending work has finished."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: RDMA/iwcm: corrige un use-after-free relacionado con la destrucci\u00f3n de ID de CM iw_conn_req_handler() asocia una nueva estructura rdma_id_private (conn_id) con una estructura iw_cm_id (cm_id) existente de la siguiente manera: conn_id-&gt;cm_id.iw = cm_id; cm_id-&gt;context = conn_id; cm_id-&gt;cm_handler = cma_iw_handler; rdma_destroy_id() libera tanto cm_id como struct rdma_id_private. Aseg\u00farese de que cm_work_handler() no active un use-after-free liberando solo la estructura rdma_id_private despu\u00e9s de que todo el trabajo pendiente haya finalizado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42286.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42286",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:09.380",
"lastModified": "2024-08-19T05:15:08.200",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: validate nvme_local_port correctly\n\nThe driver load failed with error message,\n\nqla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef\n\nand with a kernel crash,\n\n\tBUG: unable to handle kernel NULL pointer dereference at 0000000000000070\n\tWorkqueue: events_unbound qla_register_fcport_fn [qla2xxx]\n\tRIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc]\n\tRSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282\n\tRAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000\n\tRDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000\n\tRBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030\n\tR10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4\n\tR13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8\n\tFS: 0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000\n\tCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\tCR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0\n\tCall Trace:\n\tqla_nvme_register_remote+0xeb/0x1f0 [qla2xxx]\n\t? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx]\n\tqla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx]\n\tqla_register_fcport_fn+0x54/0xc0 [qla2xxx]\n\nExit the qla_nvme_register_remote() function when qla_nvme_register_hba()\nfails and correctly validate nvme_local_port."
},
{
"lang": "es",
"value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: scsi: qla2xxx: validar nvme_local_port correctamente La carga del controlador fall\u00f3 con mensaje de error, qla2xxx [0000:04:00.0]-ffff:0: Register_localport fall\u00f3: ret=ffffffef y con un kernel bloqueo, ERROR: no se puede manejar la desreferencia del puntero NULL del kernel en 0000000000000070 Cola de trabajo: events_unbound qla_register_fcport_fn [qla2xxx] RIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc] RSP: ffffaaa040eb3d98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 00000000000000000 RDX : ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000 RBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030 R10: 305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4 R13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8 FS: 0000000000000000(0000 ) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0 Seguimiento de llamadas: qla_nvme_register_remote+0xeb/0x1 f0 [qla2xxx] ? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx] qla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx] qla_register_fcport_fn+0x54/0xc0 [qla2xxx] Salga de la funci\u00f3n qla_nvme_register_remote() cuando qla_nvme_register_hba () falla y valida correctamente nvme_local_port."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42287.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42287",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:09.453",
"lastModified": "2024-08-19T05:15:08.277",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Complete command early within lock\n\nA crash was observed while performing NPIV and FW reset,\n\n BUG: kernel NULL pointer dereference, address: 000000000000001c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 1 PREEMPT_RT SMP NOPTI\n RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002\n RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0\n RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034\n R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000\n R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000\n FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n <TASK>\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x16f/0x4a0\n ? do_user_addr_fault+0x174/0x7f0\n ? exc_page_fault+0x69/0x1a0\n ? asm_exc_page_fault+0x22/0x30\n ? dma_direct_unmap_sg+0x51/0x1e0\n ? preempt_count_sub+0x96/0xe0\n qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx]\n qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx]\n __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx]\n\nThe command completion was done early while aborting the commands in driver\nunload path but outside lock to avoid the WARN_ON condition of performing\ndma_free_attr within the lock. However this caused race condition while\ncommand completion via multiple paths causing system crash.\n\nHence complete the command early in unload path but within the lock to\navoid race condition."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: scsi: qla2xxx: comando completo temprano dentro del bloqueo Se observ\u00f3 un bloqueo al realizar el restablecimiento de NPIV y FW, ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 000000000000001c #PF: acceso de lectura del supervisor en el kernel modo #PF: error_code(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Ups: 0000 1 PREEMPT_RT SMP NOPTI RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0 RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246 RAX: 000000000000000 RBX: 0000000000000021 RCX: 0000000000000002 RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0 RBP: ffff8881041130d0 R08: 00000000000000000 R09: 0000000000000034 R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000 FS: 007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS: 0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0 DR0: 000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffe0ff0 DR7: 0000000000000400 PKRU: 5555555 4 Seguimiento de llamadas: ? __die_body+0x1a/0x60 ? page_fault_oops+0x16f/0x4a0? do_user_addr_fault+0x174/0x7f0? exc_page_fault+0x69/0x1a0? asm_exc_page_fault+0x22/0x30? dma_direct_unmap_sg+0x51/0x1e0? preempt_count_sub+0x96/0xe0 qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx] qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx] __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx] La finalizaci\u00f3n del comando se realiz\u00f3 antes de tiempo al cancelar los comandos en la ruta de descarga del controlador pero fuera del bloqueo para evitar el WARN_ON condici\u00f3n de realizar dma_free_attr dentro de la cerradura. Sin embargo, esto provoc\u00f3 una condici\u00f3n de ejecuci\u00f3n mientras el comando se completaba a trav\u00e9s de m\u00faltiples rutas, lo que provoc\u00f3 un bloqueo del sistema. Por lo tanto, complete el comando temprano en la ruta de descarga pero dentro del bloqueo para evitar la condici\u00f3n de ejecuci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42288.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42288",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:09.523",
"lastModified": "2024-08-19T05:15:08.343",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix for possible memory corruption\n\nInit Control Block is dereferenced incorrectly. Correctly dereference ICB"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: qla2xxx: Correcci\u00f3n de posible corrupci\u00f3n de la memoria Init Control Block est\u00e1 desreferenciada incorrectamente. Desreferenciar correctamente ICB"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42289.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42289",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:09.590",
"lastModified": "2024-08-19T05:15:08.403",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: During vport delete send async logout explicitly\n\nDuring vport delete, it is observed that during unload we hit a crash\nbecause of stale entries in outstanding command array. For all these stale\nI/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but\nI/Os could not complete while vport delete is in process of deleting.\n\n BUG: kernel NULL pointer dereference, address: 000000000000001c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n Workqueue: qla2xxx_wq qla_do_work [qla2xxx]\n RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001\n RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0\n RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8\n R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000\n R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0\n Call Trace:\n <TASK>\n qla2xxx_qpair_sp_free_dma+0x417/0x4e0\n ? qla2xxx_qpair_sp_compl+0x10d/0x1a0\n ? qla2x00_status_entry+0x768/0x2830\n ? newidle_balance+0x2f0/0x430\n ? dequeue_entity+0x100/0x3c0\n ? qla24xx_process_response_queue+0x6a1/0x19e0\n ? __schedule+0x2d5/0x1140\n ? qla_do_work+0x47/0x60\n ? process_one_work+0x267/0x440\n ? process_one_work+0x440/0x440\n ? worker_thread+0x2d/0x3d0\n ? process_one_work+0x440/0x440\n ? kthread+0x156/0x180\n ? set_kthread_struct+0x50/0x50\n ? ret_from_fork+0x22/0x30\n </TASK>\n\nSend out async logout explicitly for all the ports during vport delete."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: scsi: qla2xxx: durante la eliminaci\u00f3n de vport, env\u00ede el cierre de sesi\u00f3n as\u00edncrono expl\u00edcitamente. Durante la eliminaci\u00f3n de vport, se observa que durante la descarga sufrimos un bloqueo debido a entradas obsoletas en la matriz de comandos pendientes. Para todas estas entradas de E/S obsoletas, se emiti\u00f3 y cancel\u00f3 eh_abort (fast_fail_io = 2009h), pero las E/S no se pudieron completar mientras la eliminaci\u00f3n de vport estaba en proceso de eliminaci\u00f3n. ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 000000000000001c #PF: acceso de lectura del supervisor en modo kernel #PF: c\u00f3digo_error(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Vaya: 0000 [#1] Cola de trabajo PREEMPT SMP NOPTI: qla2xxx_wq qla_do_work [ qla2xxx] RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0 RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046 RAX: 00000000000000000 RBX: 0000000000000021 RCX: 0000000001 RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0 RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: 10: ffff8ce378aac8a0 R11 : ffffa1e1e150f9d8 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 00000000000000000 FS: 0000000000000000(0000) ffff8d217f000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 0000002089acc000 0000000000350ee0 Seguimiento de llamadas: qla2xxx_qpair_sp_free_dma+0x417/0x4e0 ? qla2xxx_qpair_sp_compl+0x10d/0x1a0 ? qla2x00_status_entry+0x768/0x2830? newidle_balance+0x2f0/0x430? dequeue_entity+0x100/0x3c0? qla24xx_process_response_queue+0x6a1/0x19e0? __programaci\u00f3n+0x2d5/0x1140 ? qla_do_work+0x47/0x60 ? proceso_one_work+0x267/0x440? proceso_one_work+0x440/0x440? hilo_trabajador+0x2d/0x3d0? proceso_one_work+0x440/0x440? khilo+0x156/0x180? set_kthread_struct+0x50/0x50? ret_from_fork+0x22/0x30 Env\u00eda el cierre de sesi\u00f3n as\u00edncrono expl\u00edcitamente para todos los puertos durante la eliminaci\u00f3n de vport."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42290.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42290",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:09.663",
"lastModified": "2024-08-19T05:15:08.467",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/imx-irqsteer: Handle runtime power management correctly\n\nThe power domain is automatically activated from clk_prepare(). However, on\ncertain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes\nsleeping functions, which triggers the 'scheduling while atomic' bug in the\ncontext switch path during device probing:\n\n BUG: scheduling while atomic: kworker/u13:1/48/0x00000002\n Call trace:\n __schedule_bug+0x54/0x6c\n __schedule+0x7f0/0xa94\n schedule+0x5c/0xc4\n schedule_preempt_disabled+0x24/0x40\n __mutex_lock.constprop.0+0x2c0/0x540\n __mutex_lock_slowpath+0x14/0x20\n mutex_lock+0x48/0x54\n clk_prepare_lock+0x44/0xa0\n clk_prepare+0x20/0x44\n imx_irqsteer_resume+0x28/0xe0\n pm_generic_runtime_resume+0x2c/0x44\n __genpd_runtime_resume+0x30/0x80\n genpd_runtime_resume+0xc8/0x2c0\n __rpm_callback+0x48/0x1d8\n rpm_callback+0x6c/0x78\n rpm_resume+0x490/0x6b4\n __pm_runtime_resume+0x50/0x94\n irq_chip_pm_get+0x2c/0xa0\n __irq_do_set_handler+0x178/0x24c\n irq_set_chained_handler_and_data+0x60/0xa4\n mxc_gpio_probe+0x160/0x4b0\n\nCure this by implementing the irq_bus_lock/sync_unlock() interrupt chip\ncallbacks and handle power management in them as they are invoked from\nnon-atomic context.\n\n[ tglx: Rewrote change log, added Fixes tag ]"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: irqchip/imx-irqsteer: manejar correctamente la administraci\u00f3n de energ\u00eda en tiempo de ejecuci\u00f3n. El dominio de energ\u00eda se activa autom\u00e1ticamente desde clk_prepare(). Sin embargo, en ciertas plataformas como i.MX8QM e i.MX8QXP, el manejo de encendido invoca funciones de suspensi\u00f3n, lo que desencadena el error de 'programaci\u00f3n mientras es at\u00f3mico' en la ruta de cambio de contexto durante la prueba del dispositivo: ERROR: programaci\u00f3n mientras es at\u00f3mico: kworker/u13 :1/48/0x00000002 Seguimiento de llamadas: __schedule_bug+0x54/0x6c __schedule+0x7f0/0xa94 Schedule+0x5c/0xc4 Schedule_preempt_disabled+0x24/0x40 __mutex_lock.constprop.0+0x2c0/0x540 __mutex_lock_slowpath+0x14/0 x20 mutex_lock+0x48/0x54 clk_prepare_lock+ 0x44/0xa0 clk_prepare+0x20/0x44 imx_irqsteer_resume+0x28/0xe0 pm_generic_runtime_resume+0x2c/0x44 __genpd_runtime_resume+0x30/0x80 genpd_runtime_resume+0xc8/0x2c0 __rpm_callback+0x48/0x1d8 rpm_callback+0x6c/0x78 rpm_resume+0x490/0x6b4 __pm_runtime_resume+0x50/0x94 irq_chip_pm_get+ 0x2c/0xa0 __irq_do_set_handler+0x178/0x24c irq_set_chained_handler_and_data+0x60/0xa4 mxc_gpio_probe+0x160/0x4b0 Solucione esto implementando las devoluciones de llamada del chip de interrupci\u00f3n irq_bus_lock/sync_unlock() y maneje la administraci\u00f3n de energ\u00eda en ellos a medida que se invocan desde un contexto no at\u00f3mico. [tglx: registro de cambios reescrito, etiqueta de correcciones agregada]"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42291.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42291",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:09.730",
"lastModified": "2024-08-17T09:15:09.730",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add a per-VF limit on number of FDIR filters\n\nWhile the iavf driver adds a s/w limit (128) on the number of FDIR\nfilters that the VF can request, a malicious VF driver can request more\nthan that and exhaust the resources for other VFs.\n\nAdd a similar limit in ice."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ice: agregue un l\u00edmite por VF en la cantidad de filtros FDIR. Mientras que el controlador iavf agrega un l\u00edmite as/w (128) en la cantidad de filtros FDIR que el VF puede solicitar, se el controlador VF malicioso puede solicitar m\u00e1s que eso y agotar los recursos para otros VF. Agregue un l\u00edmite similar en hielo."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42292.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42292",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:09.797",
"lastModified": "2024-08-19T05:15:08.530",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkobject_uevent: Fix OOB access within zap_modalias_env()\n\nzap_modalias_env() wrongly calculates size of memory block to move, so\nwill cause OOB memory access issue if variable MODALIAS is not the last\none within its @env parameter, fixed by correcting size to memmove."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: kobject_uevent: corrige el acceso OOB dentro de zap_modalias_env() zap_modalias_env() calcula incorrectamente el tama\u00f1o del bloque de memoria a mover, por lo que causar\u00e1 un problema de acceso a la memoria OOB si la variable MODALIAS no es la \u00faltima dentro de su Par\u00e1metro @env, corregido corrigiendo el tama\u00f1o a memmove."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42293.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42293",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:09.867",
"lastModified": "2024-08-17T09:15:09.867",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: mm: Fix lockless walks with static and dynamic page-table folding\n\nLina reports random oopsen originating from the fast GUP code when\n16K pages are used with 4-level page-tables, the fourth level being\nfolded at runtime due to lack of LPA2.\n\nIn this configuration, the generic implementation of\np4d_offset_lockless() will return a 'p4d_t *' corresponding to the\n'pgd_t' allocated on the stack of the caller, gup_fast_pgd_range().\nThis is normally fine, but when the fourth level of page-table is folded\nat runtime, pud_offset_lockless() will offset from the address of the\n'p4d_t' to calculate the address of the PUD in the same page-table page.\nThis results in a stray stack read when the 'p4d_t' has been allocated\non the stack and can send the walker into the weeds.\n\nFix the problem by providing our own definition of p4d_offset_lockless()\nwhen CONFIG_PGTABLE_LEVELS <= 4 which returns the real page-table\npointer rather than the address of the local stack variable."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: mm: corrige recorridos sin bloqueo con plegado de tablas de p\u00e1ginas est\u00e1ticas y din\u00e1micas. Lina informa oopsen aleatorios que se originan en el c\u00f3digo GUP r\u00e1pido cuando se utilizan p\u00e1ginas de 16 KB con tablas de p\u00e1ginas de 4 niveles. el cuarto nivel se pliega en tiempo de ejecuci\u00f3n debido a la falta de LPA2. En esta configuraci\u00f3n, la implementaci\u00f3n gen\u00e9rica de p4d_offset_lockless() devolver\u00e1 un 'p4d_t *' correspondiente al 'pgd_t' asignado en la pila de la persona que llama, gup_fast_pgd_range(). Esto normalmente est\u00e1 bien, pero cuando el cuarto nivel de la tabla de p\u00e1ginas se pliega en tiempo de ejecuci\u00f3n, pud_offset_lockless() se desplazar\u00e1 de la direcci\u00f3n de 'p4d_t' para calcular la direcci\u00f3n del PUD en la misma p\u00e1gina de la tabla de p\u00e1ginas. Esto da como resultado una lectura de pila perdida cuando el 'p4d_t' se ha asignado en la pila y puede enviar al caminante hacia la maleza. Solucione el problema proporcionando nuestra propia definici\u00f3n de p4d_offset_lockless() cuando CONFIG_PGTABLE_LEVELS &lt;= 4, que devuelve el puntero de la tabla de p\u00e1ginas real en lugar de la direcci\u00f3n de la variable de pila local."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42294.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42294",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:09.947",
"lastModified": "2024-08-17T09:15:09.947",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix deadlock between sd_remove & sd_release\n\nOur test report the following hung task:\n\n[ 2538.459400] INFO: task \"kworker/0:0\":7 blocked for more than 188 seconds.\n[ 2538.459427] Call trace:\n[ 2538.459430] __switch_to+0x174/0x338\n[ 2538.459436] __schedule+0x628/0x9c4\n[ 2538.459442] schedule+0x7c/0xe8\n[ 2538.459447] schedule_preempt_disabled+0x24/0x40\n[ 2538.459453] __mutex_lock+0x3ec/0xf04\n[ 2538.459456] __mutex_lock_slowpath+0x14/0x24\n[ 2538.459459] mutex_lock+0x30/0xd8\n[ 2538.459462] del_gendisk+0xdc/0x350\n[ 2538.459466] sd_remove+0x30/0x60\n[ 2538.459470] device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459474] device_release_driver+0x18/0x28\n[ 2538.459478] bus_remove_device+0x15c/0x174\n[ 2538.459483] device_del+0x1d0/0x358\n[ 2538.459488] __scsi_remove_device+0xa8/0x198\n[ 2538.459493] scsi_forget_host+0x50/0x70\n[ 2538.459497] scsi_remove_host+0x80/0x180\n[ 2538.459502] usb_stor_disconnect+0x68/0xf4\n[ 2538.459506] usb_unbind_interface+0xd4/0x280\n[ 2538.459510] device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459514] device_release_driver+0x18/0x28\n[ 2538.459518] bus_remove_device+0x15c/0x174\n[ 2538.459523] device_del+0x1d0/0x358\n[ 2538.459528] usb_disable_device+0x84/0x194\n[ 2538.459532] usb_disconnect+0xec/0x300\n[ 2538.459537] hub_event+0xb80/0x1870\n[ 2538.459541] process_scheduled_works+0x248/0x4dc\n[ 2538.459545] worker_thread+0x244/0x334\n[ 2538.459549] kthread+0x114/0x1bc\n\n[ 2538.461001] INFO: task \"fsck.\":15415 blocked for more than 188 seconds.\n[ 2538.461014] Call trace:\n[ 2538.461016] __switch_to+0x174/0x338\n[ 2538.461021] __schedule+0x628/0x9c4\n[ 2538.461025] schedule+0x7c/0xe8\n[ 2538.461030] blk_queue_enter+0xc4/0x160\n[ 2538.461034] blk_mq_alloc_request+0x120/0x1d4\n[ 2538.461037] scsi_execute_cmd+0x7c/0x23c\n[ 2538.461040] ioctl_internal_command+0x5c/0x164\n[ 2538.461046] scsi_set_medium_removal+0x5c/0xb0\n[ 2538.461051] sd_release+0x50/0x94\n[ 2538.461054] blkdev_put+0x190/0x28c\n[ 2538.461058] blkdev_release+0x28/0x40\n[ 2538.461063] __fput+0xf8/0x2a8\n[ 2538.461066] __fput_sync+0x28/0x5c\n[ 2538.461070] __arm64_sys_close+0x84/0xe8\n[ 2538.461073] invoke_syscall+0x58/0x114\n[ 2538.461078] el0_svc_common+0xac/0xe0\n[ 2538.461082] do_el0_svc+0x1c/0x28\n[ 2538.461087] el0_svc+0x38/0x68\n[ 2538.461090] el0t_64_sync_handler+0x68/0xbc\n[ 2538.461093] el0t_64_sync+0x1a8/0x1ac\n\n T1:\t\t\t\tT2:\n sd_remove\n del_gendisk\n __blk_mark_disk_dead\n blk_freeze_queue_start\n ++q->mq_freeze_depth\n \t\t\t\tbdev_release\n \t\t\t\tmutex_lock(&disk->open_mutex)\n \t\t\t\tsd_release\n \t\t\t\tscsi_execute_cmd\n \t\t\t\tblk_queue_enter\n \t\t\t\twait_event(!q->mq_freeze_depth)\n mutex_lock(&disk->open_mutex)\n\nSCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in\nthis scenario. This is a classic ABBA deadlock. To fix the deadlock,\nmake sure we don't try to acquire disk->open_mutex after freezing\nthe queue."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bloquear: soluciona el punto muerto entre sd_remove y sd_release Nuestra prueba informa la siguiente tarea colgada: [ 2538.459400] INFO: task \"kworker/0:0\":7 blocked for more than 188 seconds. [ 2538.459427] Call trace: [ 2538.459430] __switch_to+0x174/0x338 [ 2538.459436] __schedule+0x628/0x9c4 [ 2538.459442] schedule+0x7c/0xe8 [ 2538.459447] schedule_preempt_disabled+0x24/0x40 [ 2538.459453] __mutex_lock+0x3ec/0xf04 [ 2538.459456] __mutex_lock_slowpath+0x14/0x24 [ 2538.459459] mutex_lock+0x30/0xd8 [ 2538.459462] del_gendisk+0xdc/0x350 [ 2538.459466] sd_remove+0x30/0x60 [ 2538.459470] device_release_driver_internal+0x1c4/0x2c4 [ 2538.459474] device_release_driver+0x18/0x28 [ 2538.459478] bus_remove_device+0x15c/0x174 [ 2538.459483] device_del+0x1d0/0x358 [ 2538.459488] __scsi_remove_device+0xa8/0x198 [ 2538.459493] scsi_forget_host+0x50/0x70 [ 2538.459497] scsi_remove_host+0x80/0x180 [ 2538.459502] usb_stor_disconnect+0x68/0xf4 [ 2538.459506] usb_unbind_interface+0xd4/0x280 [ 2538.459510] device_release_driver_internal+0x1c4/0x2c4 [ 2538.459514] device_release_driver+0x18/0x28 [ 2538.459518] bus_remove_device+0x15c/0x174 [ 2538.459523] device_del+0x1d0/0x358 [ 2538.459528] usb_disable_device+0x84/0x194 [ 2538.459532] usb_disconnect+0xec/0x300 [ 2538.459537] hub_event+0xb80/0x1870 [ 2538.459541] process_scheduled_works+0x248/0x4dc [ 2538.459545] worker_thread+0x244/0x334 [ 2538.459549] kthread+0x114/0x1bc [ 2538.461001] INFO: task \"fsck.\":15415 blocked for more than 188 seconds. [ 2538.461014] Call trace: [ 2538.461016] __switch_to+0x174/0x338 [ 2538.461021] __schedule+0x628/0x9c4 [ 2538.461025] schedule+0x7c/0xe8 [ 2538.461030] blk_queue_enter+0xc4/0x160 [ 2538.461034] blk_mq_alloc_request+0x120/0x1d4 [ 2538.461037] scsi_execute_cmd+0x7c/0x23c [ 2538.461040] ioctl_internal_command+0x5c/0x164 [ 2538.461046] scsi_set_medium_removal+0x5c/0xb0 [ 2538.461051] sd_release+0x50/0x94 [ 2538.461054] blkdev_put+0x190/0x28c [ 2538.461058] blkdev_release+0x28/0x40 [ 2538.461063] __fput+0xf8/0x2a8 [ 2538.461066] __fput_sync+0x28/0x5c [ 2538.461070] __arm64_sys_close+0x84/0xe8 [ 2538.461073] invoke_syscall+0x58/0x114 [ 2538.461078] el0_svc_common+0xac/0xe0 [ 2538.461082] do_el0_svc+0x1c/0x28 [ 2538.461087] el0_svc+0x38/0x68 [ 2538.461090] el0t_64_sync_handler+0x68/0xbc [ 2538.461093] el0t_64_sync+0x1a8/0x1ac T1: T2: sd_remove del_gendisk __blk_mark_disk_dead blk_freeze_queue_start ++q-&gt;mq_freeze_depth bdev_release mutex_lock(&amp;disk-&gt;open_mutex) sd_release scsi_execute_cmd blk_queue_enter wait_event(!q-&gt;mq_freeze_depth) mutex_lock(&amp;disk-&gt;open_mutex) SCSI no configura GD_OWNS_QUEUE, por lo que QUEUE_FLAG_DYING no est\u00e1 configurado en este escenario. Este es un cl\u00e1sico punto muerto de ABBA. Para solucionar el punto muerto, aseg\u00farese de no intentar adquirir disco-&gt;open_mutex despu\u00e9s de congelar la cola."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42295.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42295",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:10.017",
"lastModified": "2024-08-19T05:15:08.597",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: handle inconsistent state in nilfs_btnode_create_block()\n\nSyzbot reported that a buffer state inconsistency was detected in\nnilfs_btnode_create_block(), triggering a kernel bug.\n\nIt is not appropriate to treat this inconsistency as a bug; it can occur\nif the argument block address (the buffer index of the newly created\nblock) is a virtual block number and has been reallocated due to\ncorruption of the bitmap used to manage its allocation state.\n\nSo, modify nilfs_btnode_create_block() and its callers to treat it as a\npossible filesystem error, rather than triggering a kernel bug."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: nilfs2: maneja el estado inconsistente en nilfs_btnode_create_block() Syzbot inform\u00f3 que se detect\u00f3 una inconsistencia en el estado del b\u00fafer en nilfs_btnode_create_block(), lo que provoc\u00f3 un error en el kernel. No es apropiado tratar esta inconsistencia como un error; puede ocurrir si la direcci\u00f3n del bloque de argumentos (el \u00edndice del b\u00fafer del bloque reci\u00e9n creado) es un n\u00famero de bloque virtual y se ha reasignado debido a la corrupci\u00f3n del mapa de bits utilizado para administrar su estado de asignaci\u00f3n. Por lo tanto, modifique nilfs_btnode_create_block() y sus llamadores para tratarlo como un posible error del sistema de archivos, en lugar de desencadenar un error del kernel."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42296.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42296",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:10.080",
"lastModified": "2024-08-19T05:15:08.667",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix return value of f2fs_convert_inline_inode()\n\nIf device is readonly, make f2fs_convert_inline_inode()\nreturn EROFS instead of zero, otherwise it may trigger\npanic during writeback of inline inode's dirty page as\nbelow:\n\n f2fs_write_single_data_page+0xbb6/0x1e90 fs/f2fs/data.c:2888\n f2fs_write_cache_pages fs/f2fs/data.c:3187 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3342 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3369\n do_writepages+0x359/0x870 mm/page-writeback.c:2634\n filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397\n __filemap_fdatawrite_range mm/filemap.c:430 [inline]\n file_write_and_wait_range+0x1aa/0x290 mm/filemap.c:788\n f2fs_do_sync_file+0x68a/0x1ae0 fs/f2fs/file.c:276\n generic_write_sync include/linux/fs.h:2806 [inline]\n f2fs_file_write_iter+0x7bd/0x24e0 fs/f2fs/file.c:4977\n call_write_iter include/linux/fs.h:2114 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xa72/0xc90 fs/read_write.c:590\n ksys_write+0x1a0/0x2c0 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: corrige el valor de retorno de f2fs_convert_inline_inode() Si el dispositivo es de solo lectura, haga que f2fs_convert_inline_inode() devuelva EROFS en lugar de cero; de lo contrario, puede provocar p\u00e1nico durante la reescritura de la p\u00e1gina sucia del inodo en l\u00ednea como se muestra a continuaci\u00f3n : f2fs_write_single_data_page+0xbb6/0x1e90 fs/f2fs/data.c:2888 f2fs_write_cache_pages fs/f2fs/data.c:3187 [en l\u00ednea] __f2fs_write_data_pages fs/f2fs/data.c:3342 [en l\u00ednea] efe/0x3a90 fs/f2fs/ data.c:3369 do_writepages+0x359/0x870 mm/page-writeback.c:2634 filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397 __filemap_fdatawrite_range mm/filemap.c:430 [en l\u00ednea] file_write_and_wait_range+0x1aa/0x290 mm/filemap .c:788 f2fs_do_sync_file+0x68a/0x1ae0 fs/f2fs/file.c:276 generic_write_sync include/linux/fs.h:2806 [en l\u00ednea] f2fs_file_write_iter+0x7bd/0x24e0 fs/f2fs/file.c:4977 call_write_iter include/linux/ fs.h:2114 [en l\u00ednea] new_sync_write fs/read_write.c:497 [en l\u00ednea] vfs_write+0xa72/0xc90 fs/read_write.c:590 ksys_write+0x1a0/0x2c0 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/ common.c:52 [en l\u00ednea] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x77/0x7f"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42297.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42297",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:10.147",
"lastModified": "2024-08-19T05:15:08.720",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to don't dirty inode for readonly filesystem\n\nsyzbot reports f2fs bug as below:\n\nkernel BUG at fs/f2fs/inode.c:933!\nRIP: 0010:f2fs_evict_inode+0x1576/0x1590 fs/f2fs/inode.c:933\nCall Trace:\n evict+0x2a4/0x620 fs/inode.c:664\n dispose_list fs/inode.c:697 [inline]\n evict_inodes+0x5f8/0x690 fs/inode.c:747\n generic_shutdown_super+0x9d/0x2c0 fs/super.c:675\n kill_block_super+0x44/0x90 fs/super.c:1667\n kill_f2fs_super+0x303/0x3b0 fs/f2fs/super.c:4894\n deactivate_locked_super+0xc1/0x130 fs/super.c:484\n cleanup_mnt+0x426/0x4c0 fs/namespace.c:1256\n task_work_run+0x24a/0x300 kernel/task_work.c:180\n ptrace_notify+0x2cd/0x380 kernel/signal.c:2399\n ptrace_report_syscall include/linux/ptrace.h:411 [inline]\n ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline]\n syscall_exit_work kernel/entry/common.c:251 [inline]\n syscall_exit_to_user_mode_prepare kernel/entry/common.c:278 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]\n syscall_exit_to_user_mode+0x15c/0x280 kernel/entry/common.c:296\n do_syscall_64+0x50/0x110 arch/x86/entry/common.c:88\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nThe root cause is:\n- do_sys_open\n - f2fs_lookup\n - __f2fs_find_entry\n - f2fs_i_depth_write\n - f2fs_mark_inode_dirty_sync\n - f2fs_dirty_inode\n - set_inode_flag(inode, FI_DIRTY_INODE)\n\n- umount\n - kill_f2fs_super\n - kill_block_super\n - generic_shutdown_super\n - sync_filesystem\n : sb is readonly, skip sync_filesystem()\n - evict_inodes\n - iput\n - f2fs_evict_inode\n - f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE))\n : trigger kernel panic\n\nWhen we try to repair i_current_depth in readonly filesystem, let's\nskip dirty inode to avoid panic in later f2fs_evict_inode()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: f2fs: soluci\u00f3n para no ensuciar el inodo para el sistema de archivos de solo lectura syzbot informa el error de f2fs como se muestra a continuaci\u00f3n: \u00a1ERROR del kernel en fs/f2fs/inode.c:933! RIP: 0010:f2fs_evict_inode+0x1576/0x1590 fs/f2fs/inode.c:933 Seguimiento de llamadas: desalojar+0x2a4/0x620 fs/inode.c:664 dispose_list fs/inode.c:697 [en l\u00ednea] evict_inodes+0x5f8/0x690 fs /inode.c:747 generic_shutdown_super+0x9d/0x2c0 fs/super.c:675 kill_block_super+0x44/0x90 fs/super.c:1667 kill_f2fs_super+0x303/0x3b0 fs/f2fs/super.c:4894 desactivar_locked_super+0xc1/0x130 fs /super.c:484 cleanup_mnt+0x426/0x4c0 fs/namespace.c:1256 task_work_run+0x24a/0x300 kernel/task_work.c:180 ptrace_notify+0x2cd/0x380 kernel/signal.c:2399 ptrace_report_syscall include/linux/ptrace.h :411 [en l\u00ednea] ptrace_report_syscall_exit include/linux/ptrace.h:473 [en l\u00ednea] syscall_exit_work kernel/entry/common.c:251 [en l\u00ednea] syscall_exit_to_user_mode_prepare kernel/entry/common.c:278 [en l\u00ednea] __syscall_exit_to_user_mode_work kernel/entry/common .c:283 [inline] syscall_exit_to_user_mode+0x15c/0x280 kernel/entry/common.c:296 do_syscall_64+0x50/0x110 arch/x86/entry/common.c:88 entry_SYSCALL_64_after_hwframe+0x63/0x6b The root cause is: - do_sys_open - f2fs_lookup - __f2fs_find_entry - f2fs_i_ Depth_write - f2fs_mark_inode_dirty_sync - f2fs_dirty_inode - set_inode_flag(inode, FI_DIRTY_INODE) - umount - kill_f2fs_super - kill_block_super - generic_shutdown_super - sync_filesystem: sb es de solo lectura, omitir sync_file sistema() - evict_inodes - iput - f2fs_evict_inode - f2fs_bug_on(sbi, is_inode_flag_set(inodo, FI_DIRTY_INODE)): desencadena el p\u00e1nico en el kernel Cuando intentamos reparar i_current_ Depth en un sistema de archivos de solo lectura, omitamos el inodo sucio para evitar el p\u00e1nico en f2fs_evict_inode()."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42298.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42298",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:10.230",
"lastModified": "2024-08-17T09:15:10.230",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked.\n\nFix this lack and check the returned value."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: fsl: fsl_qmc_audio: comprobar el valor devuelto de devm_kasprintf() devm_kasprintf() puede devolver un puntero NULL en caso de error, pero este valor devuelto no se comprueba. Solucione esta falta y verifique el valor devuelto."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-422xx/CVE-2024-42299.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42299",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:10.293",
"lastModified": "2024-08-19T05:15:08.787",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Update log->page_{mask,bits} if log->page_size changed\n\nIf an NTFS file system is mounted to another system with different\nPAGE_SIZE from the original system, log->page_size will change in\nlog_replay(), but log->page_{mask,bits} don't change correspondingly.\nThis will cause a panic because \"u32 bytes = log->page_size - page_off\"\nwill get a negative value in the later read_log_page()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/ntfs3: Actualizar registro-&gt;p\u00e1gina_{m\u00e1scara,bits} si se cambia registro-&gt;tama\u00f1o_p\u00e1gina. Si un sistema de archivos NTFS est\u00e1 montado en otro sistema con PAGE_SIZE diferente al sistema original, log-&gt;page_size cambiar\u00e1 en log_replay(), pero log-&gt;page_{mask,bits} no cambia en consecuencia. Esto provocar\u00e1 p\u00e1nico porque \"u32 bytes = log-&gt;page_size - page_off\" obtendr\u00e1 un valor negativo en read_log_page() posterior."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-423xx/CVE-2024-42300.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42300",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:10.360",
"lastModified": "2024-08-17T09:15:10.360",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix race in z_erofs_get_gbuf()\n\nIn z_erofs_get_gbuf(), the current task may be migrated to another\nCPU between `z_erofs_gbuf_id()` and `spin_lock(&gbuf->lock)`.\n\nTherefore, z_erofs_put_gbuf() will trigger the following issue\nwhich was found by stress test:\n\n<2>[772156.434168] kernel BUG at fs/erofs/zutil.c:58!\n..\n<4>[772156.435007]\n<4>[772156.439237] CPU: 0 PID: 3078 Comm: stress Kdump: loaded Tainted: G E 6.10.0-rc7+ #2\n<4>[772156.439239] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 1.0.0 01/01/2017\n<4>[772156.439241] pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n<4>[772156.439243] pc : z_erofs_put_gbuf+0x64/0x70 [erofs]\n<4>[772156.439252] lr : z_erofs_lz4_decompress+0x600/0x6a0 [erofs]\n..\n<6>[772156.445958] stress (3127): drop_caches: 1\n<4>[772156.446120] Call trace:\n<4>[772156.446121] z_erofs_put_gbuf+0x64/0x70 [erofs]\n<4>[772156.446761] z_erofs_lz4_decompress+0x600/0x6a0 [erofs]\n<4>[772156.446897] z_erofs_decompress_queue+0x740/0xa10 [erofs]\n<4>[772156.447036] z_erofs_runqueue+0x428/0x8c0 [erofs]\n<4>[772156.447160] z_erofs_readahead+0x224/0x390 [erofs]\n.."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: erofs: corrige la ejecuci\u00f3n en z_erofs_get_gbuf() En z_erofs_get_gbuf(), la tarea actual se puede migrar a otra CPU entre `z_erofs_gbuf_id()` y `spin_lock(&amp;gbuf-&gt;lock)` . Por lo tanto, z_erofs_put_gbuf() desencadenar\u00e1 el siguiente problema que se encontr\u00f3 en la prueba de estr\u00e9s: &lt;2&gt;[772156.434168] ERROR del kernel en fs/erofs/zutil.c:58. .. &lt;4&gt;[772156.435007] &lt;4&gt;[772156.439237] CPU: 0 PID: 3078 Comm: estr\u00e9s Kdump: cargado Contaminado: GE 6.10.0-rc7+ #2 &lt;4&gt;[772156.439239] Nombre de hardware: Alibaba Cloud Alibaba Cloud ECS , BIOS 1.0.0 01/01/2017 &lt;4&gt;[772156.439241] pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) &lt;4&gt;[772156.439243] pc: z_erofs_put_gbuf+0x64/0x70 [erofs] &lt;4&gt;[772156.439252] lr: z_erofs_lz4_decompress+0x600/0x6a0 [erofs] .. &lt;6&gt;[772156.445958] estr\u00e9s (3127): drop_caches: 1 &lt;4&gt;[772156.446120] Rastreo de llamadas: &lt;4&gt;[772156. 446121] z_erofs_put_gbuf+0x64/0x70 [erofs] &lt;4&gt;[772156.446761] z_erofs_lz4_decompress+0x600/0x6a0 [erofs] &lt;4&gt;[772156.446897] z_erofs_decompress_queue+0x740/0xa10 [erofs &lt;4&gt;[ 772156.447036] z_erofs_runqueue+0x428/0x8c0 [erofs] &lt;4&gt;[772156.447160] z_erofs_readahead+0x224/0x390 [erofs] .."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-423xx/CVE-2024-42301.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42301",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:10.423",
"lastModified": "2024-08-19T05:15:08.843",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndev/parport: fix the array out-of-bounds risk\n\nFixed array out-of-bounds issues caused by sprintf\nby replacing it with snprintf for safer data copying,\nensuring the destination buffer is not overflowed.\n\nBelow is the stack trace I encountered during the actual issue:\n\n[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:\nKernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport]\n[ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:\nQThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2\n[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp\n[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun\nPGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024\n[ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace:\n[ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0\n[ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20\n[ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c\n[ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc\n[ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38\n[ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: dev/parport: corrige el riesgo de que la matriz est\u00e9 fuera de los l\u00edmites. Se corrigieron los problemas de matriz fuera de los l\u00edmites causados por sprintf reemplaz\u00e1ndolo con snprintf para una copia de datos m\u00e1s segura, garantizando el b\u00fafer de destino no est\u00e1 desbordado. A continuaci\u00f3n se muestra el seguimiento de la pila que encontr\u00e9 durante el problema real: [66.575408s] [pid:5118,cpu4,QThread,4]P\u00e1nico en el kernel: no se sincroniza: stack-protector: la pila del kernel est\u00e1 da\u00f1ada en: do_hardware_base_addr+0xcc/0xd0 [parport ] [ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comunicaci\u00f3n: QThread contaminado: GSWO 5.10.97-arm64-desktop #7100.57021.2 [ 66.575439s] [pid:5118,cpu4, QThread,6]TGID: 5087 Comm: EFileApp [66.575439s] [pid:5118,cpu4,QThread,7]Nombre del hardware: HUAWEI HUAWEI QingYun PGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 29/04/2024 [66.575439 s] [pid:5118,cpu4,QThread,8]Rastreo de llamadas: [66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0 [66.575469s] [pid:5118,cpu4,QThread,0 ] show_stack+0x14/0x20 [ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c [ 66.575500s] [pid:5118,cpu4,QThread,2] p\u00e1nico+0x1d8/0x3bc [ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38 [66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-423xx/CVE-2024-42302.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42302",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:10.487",
"lastModified": "2024-08-19T05:15:08.900",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/DPC: Fix use-after-free on concurrent DPC and hot-removal\n\nKeith reports a use-after-free when a DPC event occurs concurrently to\nhot-removal of the same portion of the hierarchy:\n\nThe dpc_handler() awaits readiness of the secondary bus below the\nDownstream Port where the DPC event occurred. To do so, it polls the\nconfig space of the first child device on the secondary bus. If that\nchild device is concurrently removed, accesses to its struct pci_dev\ncause the kernel to oops.\n\nThat's because pci_bridge_wait_for_secondary_bus() neglects to hold a\nreference on the child device. Before v6.3, the function was only\ncalled on resume from system sleep or on runtime resume. Holding a\nreference wasn't necessary back then because the pciehp IRQ thread\ncould never run concurrently. (On resume from system sleep, IRQs are\nnot enabled until after the resume_noirq phase. And runtime resume is\nalways awaited before a PCI device is removed.)\n\nHowever starting with v6.3, pci_bridge_wait_for_secondary_bus() is also\ncalled on a DPC event. Commit 53b54ad074de (\"PCI/DPC: Await readiness\nof secondary bus after reset\"), which introduced that, failed to\nappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a\nreference on the child device because dpc_handler() and pciehp may\nindeed run concurrently. The commit was backported to v5.10+ stable\nkernels, so that's the oldest one affected.\n\nAdd the missing reference acquisition.\n\nAbridged stack trace:\n\n BUG: unable to handle page fault for address: 00000000091400c0\n CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0\n RIP: pci_bus_read_config_dword+0x17/0x50\n pci_dev_wait()\n pci_bridge_wait_for_secondary_bus()\n dpc_reset_link()\n pcie_do_recovery()\n dpc_handler()"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI/DPC: corrige el use-after-free en DPC simult\u00e1neos y la eliminaci\u00f3n en caliente. Keith informa un use-after-free cuando ocurre un evento de DPC simult\u00e1neamente con la eliminaci\u00f3n en caliente del mismo. parte de la jerarqu\u00eda: dpc_handler() espera que el bus secundario est\u00e9 listo debajo del puerto descendente donde ocurri\u00f3 el evento DPC. Para hacerlo, sondea el espacio de configuraci\u00f3n del primer dispositivo secundario en el bus secundario. Si ese dispositivo secundario se elimina simult\u00e1neamente, los accesos a su estructura pci_dev hacen que el kernel falle. Esto se debe a que pci_bridge_wait_for_secondary_bus() no mantiene una referencia en el dispositivo secundario. Antes de v6.3, la funci\u00f3n solo se llamaba al reanudar desde la suspensi\u00f3n del sistema o al reanudar el tiempo de ejecuci\u00f3n. Mantener una referencia no era necesario en aquel entonces porque el subproceso pciehp IRQ nunca pod\u00eda ejecutarse al mismo tiempo. (Al reanudar desde la suspensi\u00f3n del sistema, las IRQ no se habilitan hasta despu\u00e9s de la fase resume_noirq. Y la reanudaci\u00f3n del tiempo de ejecuci\u00f3n siempre se espera antes de que se elimine un dispositivo PCI). Sin embargo, a partir de v6.3, pci_bridge_wait_for_secondary_bus() tambi\u00e9n se llama en un evento DPC. El commit 53b54ad074de (\"PCI/DPC: Esperar la preparaci\u00f3n del bus secundario despu\u00e9s del reinicio\"), que introdujo eso, no pudo apreciar que pci_bridge_wait_for_secundary_bus() ahora necesita mantener una referencia en el dispositivo secundario porque dpc_handler() y pciehp pueden ejecutarse simult\u00e1neamente. El commit fue respaldada a n\u00facleos estables v5.10+, por lo que ese es el m\u00e1s antiguo afectado. Agregue la adquisici\u00f3n de referencia que falta. Seguimiento de pila abreviado: ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: 00000000091400c0 CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0 RIP: pci_bus_read_config_dword+0x17/0x50 pci_dev_wait() pci_bridge_wait_for_secondary_bus() dpc_reset_link() _hacer_recuperaci\u00f3n () dpc_handler()"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-423xx/CVE-2024-42303.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42303",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:10.560",
"lastModified": "2024-08-17T09:15:10.560",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-pxp: Fix ERR_PTR dereference in pxp_probe()\n\ndevm_regmap_init_mmio() can fail, add a check and bail out in case of\nerror."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: medios: imx-pxp: corrija la desreferencia de ERR_PTR en pxp_probe() devm_regmap_init_mmio() puede fallar, agregue una verificaci\u00f3n y rescate en caso de error."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-423xx/CVE-2024-42304.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42304",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:10.617",
"lastModified": "2024-08-19T05:15:08.973",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: make sure the first directory block is not a hole\n\nThe syzbot constructs a directory that has no dirblock but is non-inline,\ni.e. the first directory block is a hole. And no errors are reported when\ncreating files in this directory in the following flow.\n\n ext4_mknod\n ...\n ext4_add_entry\n // Read block 0\n ext4_read_dirblock(dir, block, DIRENT)\n bh = ext4_bread(NULL, inode, block, 0)\n if (!bh && (type == INDEX || type == DIRENT_HTREE))\n // The first directory block is a hole\n // But type == DIRENT, so no error is reported.\n\nAfter that, we get a directory block without '.' and '..' but with a valid\ndentry. This may cause some code that relies on dot or dotdot (such as\nmake_indexed_dir()) to crash.\n\nTherefore when ext4_read_dirblock() finds that the first directory block\nis a hole report that the filesystem is corrupted and return an error to\navoid loading corrupted data from disk causing something bad."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: aseg\u00farese de que el primer bloque de directorio no sea un agujero. El syzbot construye un directorio que no tiene bloque de directorios pero que no est\u00e1 en l\u00ednea, es decir, el primer bloque de directorio es un agujero. Y no se informan errores al crear archivos en este directorio en el siguiente flujo. ext4_mknod ... ext4_add_entry // Leer bloque 0 ext4_read_dirblock(dir, block, DIRENT) bh = ext4_bread(NULL, inode, block, 0) if (!bh &amp;&amp; (type == INDEX || type == DIRENT_HTREE)) // El primer bloque de directorio es un agujero // Pero escriba == DIRENT, por lo que no se informa ning\u00fan error. Despu\u00e9s de eso, obtenemos un bloque de directorio sin '.' y '..' pero con un dentry v\u00e1lido. Esto puede provocar que alg\u00fan c\u00f3digo que depende de punto o punto punto (como make_indexed_dir()) falle. Por lo tanto, cuando ext4_read_dirblock() encuentra que el primer bloque de directorio es un agujero, informa que el sistema de archivos est\u00e1 da\u00f1ado y devuelve un error para evitar cargar datos corruptos desde el disco y causar algo malo."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-423xx/CVE-2024-42305.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42305",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:10.690",
"lastModified": "2024-08-19T05:15:09.043",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: check dot and dotdot of dx_root before making dir indexed\n\nSyzbot reports a issue as follows:\n============================================\nBUG: unable to handle page fault for address: ffffed11022e24fe\nPGD 23ffee067 P4D 23ffee067 PUD 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 PID: 5079 Comm: syz-executor306 Not tainted 6.10.0-rc5-g55027e689933 #0\nCall Trace:\n <TASK>\n make_indexed_dir+0xdaf/0x13c0 fs/ext4/namei.c:2341\n ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2451\n ext4_rename fs/ext4/namei.c:3936 [inline]\n ext4_rename2+0x26e5/0x4370 fs/ext4/namei.c:4214\n[...]\n============================================\n\nThe immediate cause of this problem is that there is only one valid dentry\nfor the block to be split during do_split, so split==0 results in out of\nbounds accesses to the map triggering the issue.\n\n do_split\n unsigned split\n dx_make_map\n count = 1\n split = count/2 = 0;\n continued = hash2 == map[split - 1].hash;\n ---> map[4294967295]\n\nThe maximum length of a filename is 255 and the minimum block size is 1024,\nso it is always guaranteed that the number of entries is greater than or\nequal to 2 when do_split() is called.\n\nBut syzbot's crafted image has no dot and dotdot in dir, and the dentry\ndistribution in dirblock is as follows:\n\n bus dentry1 hole dentry2 free\n|xx--|xx-------------|...............|xx-------------|...............|\n0 12 (8+248)=256 268 256 524 (8+256)=264 788 236 1024\n\nSo when renaming dentry1 increases its name_len length by 1, neither hole\nnor free is sufficient to hold the new dentry, and make_indexed_dir() is\ncalled.\n\nIn make_indexed_dir() it is assumed that the first two entries of the\ndirblock must be dot and dotdot, so bus and dentry1 are left in dx_root\nbecause they are treated as dot and dotdot, and only dentry2 is moved\nto the new leaf block. That's why count is equal to 1.\n\nTherefore add the ext4_check_dx_root() helper function to add more sanity\nchecks to dot and dotdot before starting the conversion to avoid the above\nissue."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: verifique el punto y el punto de dx_root antes de indexar el directorio Syzbot informa un problema de la siguiente manera: =================== ========================= ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ffffed11022e24fe PGD 23ffee067 P4D 23ffee067 PUD 0 Ups: Ups: 0000 [#1 ] PREEMPT SMP KASAN PTI CPU: 0 PID: 5079 Comm: syz-executor306 No contaminado 6.10.0-rc5-g55027e689933 #0 Seguimiento de llamada: make_indexed_dir+0xdaf/0x13c0 fs/ext4/namei.c:2341 ext4_add_entry+0x222 un /0x25d0 fs/ext4/namei.c:2451 ext4_rename fs/ext4/namei.c:3936 [en l\u00ednea] text4_rename2+0x26e5/0x4370 fs/ext4/namei.c:4214 [...] ======= ====================================== La causa inmediata de este problema es que s\u00f3lo hay una v\u00e1lida dentry para que el bloque se divida durante do_split, por lo que split==0 da como resultado accesos fuera de los l\u00edmites al mapa que desencadenan el problema. do_split divisi\u00f3n sin signo dx_make_map recuento = 1 divisi\u00f3n = recuento/2 = 0; contin\u00faa = hash2 == mapa[dividido - 1].hash; ---&gt; map[4294967295] La longitud m\u00e1xima de un nombre de archivo es 255 y el tama\u00f1o m\u00ednimo de bloque es 1024, por lo que siempre se garantiza que el n\u00famero de entradas sea mayor o igual a 2 cuando se llama a do_split(). Pero la imagen manipulada por syzbot no tiene punto ni puntopunto en el directorio, y la distribuci\u00f3n de dentry en dirblock es la siguiente: bus dentry1 agujero dentry2 gratis |xx--|xx-------------|... ............|xx-------------|...............| 0 12 (8+248)=256 268 256 524 (8+256)=264 788 236 1024 Entonces, cuando se cambia el nombre de dentry1 se aumenta la longitud de name_len en 1, ni el agujero ni el espacio libre son suficientes para contener el nuevo dentry, y make_indexed_dir() es llamado. En make_indexed_dir() se supone que las dos primeras entradas del bloque de directorios deben ser punto y puntopunto, por lo que bus y dentry1 se dejan en dx_root porque se tratan como punto y puntodot, y solo dentry2 se mueve al nuevo bloque de hoja. Es por eso que el recuento es igual a 1. Por lo tanto, agregue la funci\u00f3n auxiliar ext4_check_dx_root() para agregar m\u00e1s controles de cordura a los puntos y puntos antes de comenzar la conversi\u00f3n para evitar el problema anterior."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-423xx/CVE-2024-42306.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42306",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:10.777",
"lastModified": "2024-08-19T05:15:09.113",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid using corrupted block bitmap buffer\n\nWhen the filesystem block bitmap is corrupted, we detect the corruption\nwhile loading the bitmap and fail the allocation with error. However the\nnext allocation from the same bitmap will notice the bitmap buffer is\nalready loaded and tries to allocate from the bitmap with mixed results\n(depending on the exact nature of the bitmap corruption). Fix the\nproblem by using BH_verified bit to indicate whether the bitmap is valid\nor not."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: udf: evite el uso del b\u00fafer de mapa de bits de bloque da\u00f1ado Cuando el mapa de bits de bloque del sistema de archivos est\u00e1 da\u00f1ado, detectamos la corrupci\u00f3n mientras cargamos el mapa de bits y fallamos la asignaci\u00f3n con error. Sin embargo, la siguiente asignaci\u00f3n del mismo mapa de bits notar\u00e1 que el b\u00fafer de mapa de bits ya est\u00e1 cargado e intentar\u00e1 realizar la asignaci\u00f3n desde el mapa de bits con resultados mixtos (dependiendo de la naturaleza exacta de la corrupci\u00f3n del mapa de bits). Solucione el problema utilizando el bit BH_verified para indicar si el mapa de bits es v\u00e1lido o no."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-423xx/CVE-2024-42307.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42307",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:10.843",
"lastModified": "2024-08-17T09:15:10.843",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n fs/smb/client/cifsfs.c:1981 init_cifs()\n error: we previously assumed 'serverclose_wq' could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: cifs: corrige el posible uso de puntero nulo en destroy_workqueue en la ruta de error init_cifs Dan Carpenter inform\u00f3 una advertencia del verificador est\u00e1tico de Smack: fs/smb/client/cifsfs.c:1981 error init_cifs(): Anteriormente asumimos que 'serverclose_wq' podr\u00eda ser nulo (ver l\u00ednea 1895). El parche que introdujo la cola de trabajo serverclose utiliz\u00f3 un orden incorrecto en las rutas de error en init_cifs() para liberarlo de errores."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-423xx/CVE-2024-42308.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42308",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:10.920",
"lastModified": "2024-08-19T05:15:09.180",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check for NULL pointer\n\n[why & how]\nNeed to make sure plane_state is initialized\nbefore accessing its members.\n\n(cherry picked from commit 295d91cbc700651782a60572f83c24861607b648)"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/amd/display: Verifique el puntero NULL [por qu\u00e9 y c\u00f3mo] Es necesario asegurarse de que plane_state est\u00e9 inicializado antes de acceder a sus miembros. (cereza escogida del commit 295d91cbc700651782a60572f83c24861607b648)"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-423xx/CVE-2024-42309.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42309",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:10.987",
"lastModified": "2024-08-19T05:15:09.243",
"vulnStatus": "Received",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes\n\nIn psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/gma500: corrige la desreferencia del puntero nulo en psb_intel_lvds_get_modes En psb_intel_lvds_get_modes(), el valor de retorno de drm_mode_duplicate() se asigna al modo, lo que conducir\u00e1 a una posible desreferencia del puntero NULL en caso de falla de drm_mode_duplicate(). Agregue una marca para evitar npd."
}
],
"metrics": {},

Some files were not shown because too many files have changed in this diff Show More