admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-08-21T14:00:19.156033+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-08-21 14:03:17 +00:00
parent 19ed851445
commit 0aaad724c7
190 changed files with 4289 additions and 678 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
CVE-2020/CVE-2020-118xx/CVE-2020-11850.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2020-11850",
"sourceIdentifier": "security@opentext.com",
"published": "2024-08-21T13:15:04.027",
"lastModified": "2024-08-21T13:15:04.027",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS).\u00a0This issue affects Self Service Password Reset before 4.5.0.2 and\u00a04.4.0.6"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@opentext.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "security@opentext.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://www.netiq.com/documentation/self-service-password-reset-45/sspr-4502-release-notes/data/sspr-4502-release-notes.html#b149gz5h",
"source": "security@opentext.com"
}
]
}

8
CVE-2022/CVE-2022-488xx/CVE-2022-48867.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48867",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:03.860",
"lastModified": "2024-08-21T07:15:03.860",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Prevent use after free on completion memory\n\nOn driver unload any pending descriptors are flushed at the\ntime the interrupt is freed:\nidxd_dmaengine_drv_remove() ->\n\tdrv_disable_wq() ->\n\t\tidxd_wq_free_irq() ->\n\t\t\tidxd_flush_pending_descs().\n\nIf there are any descriptors present that need to be flushed this\nflow triggers a \"not present\" page fault as below:\n\n BUG: unable to handle page fault for address: ff391c97c70c9040\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n\nThe address that triggers the fault is the address of the\ndescriptor that was freed moments earlier via:\ndrv_disable_wq()->idxd_wq_free_resources()\n\nFix the use after free by freeing the descriptors after any possible\nusage. This is done after idxd_wq_reset() to ensure that the memory\nremains accessible during possible completion writes by the device."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: idxd: evita el use after free la memoria al finalizar. Al descargar el controlador, los descriptores pendientes se eliminan en el momento en que se libera la interrupci\u00f3n: idxd_dmaengine_drv_remove() -> drv_disable_wq() -> idxd_wq_free_irq () -> idxd_flush_pending_descs(). Si hay alg\u00fan descriptor presente que deba eliminarse, este flujo desencadena un error de p\u00e1gina \"no presente\" como se muestra a continuaci\u00f3n: ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ff391c97c70c9040 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000 ) - p\u00e1gina no presente La direcci\u00f3n que desencadena la falla es la direcci\u00f3n del descriptor que se liber\u00f3 momentos antes a trav\u00e9s de: drv_disable_wq()->idxd_wq_free_resources() Corrige el use-after-free liberando los descriptores despu\u00e9s de cualquier posible uso. Esto se hace despu\u00e9s de idxd_wq_reset() para garantizar que la memoria permanezca accesible durante posibles escrituras completas por parte del dispositivo."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48868.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48868",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:04.020",
"lastModified": "2024-08-21T07:15:04.020",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Let probe fail when workqueue cannot be enabled\n\nThe workqueue is enabled when the appropriate driver is loaded and\ndisabled when the driver is removed. When the driver is removed it\nassumes that the workqueue was enabled successfully and proceeds to\nfree allocations made during workqueue enabling.\n\nFailure during workqueue enabling does not prevent the driver from\nbeing loaded. This is because the error path within drv_enable_wq()\nreturns success unless a second failure is encountered\nduring the error path. By returning success it is possible to load\nthe driver even if the workqueue cannot be enabled and\nallocations that do not exist are attempted to be freed during\ndriver remove.\n\nSome examples of problematic flows:\n(a)\n\n idxd_dmaengine_drv_probe() -> drv_enable_wq() -> idxd_wq_request_irq():\n In above flow, if idxd_wq_request_irq() fails then\n idxd_wq_unmap_portal() is called on error exit path, but\n drv_enable_wq() returns 0 because idxd_wq_disable() succeeds. The\n driver is thus loaded successfully.\n\n idxd_dmaengine_drv_remove()->drv_disable_wq()->idxd_wq_unmap_portal()\n Above flow on driver unload triggers the WARN in devm_iounmap() because\n the device resource has already been removed during error path of\n drv_enable_wq().\n\n(b)\n\n idxd_dmaengine_drv_probe() -> drv_enable_wq() -> idxd_wq_request_irq():\n In above flow, if idxd_wq_request_irq() fails then\n idxd_wq_init_percpu_ref() is never called to initialize the percpu\n counter, yet the driver loads successfully because drv_enable_wq()\n returns 0.\n\n idxd_dmaengine_drv_remove()->__idxd_wq_quiesce()->percpu_ref_kill():\n Above flow on driver unload triggers a BUG when attempting to drop the\n initial ref of the uninitialized percpu ref:\n BUG: kernel NULL pointer dereference, address: 0000000000000010\n\nFix the drv_enable_wq() error path by returning the original error that\nindicates failure of workqueue enabling. This ensures that the probe\nfails when an error is encountered and the driver remove paths are only\nattempted when the workqueue was enabled successfully."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: idxd: permite que la sonda falle cuando no se puede habilitar la cola de trabajo. La cola de trabajo se habilita cuando se carga el controlador apropiado y se deshabilita cuando se elimina el controlador. Cuando se elimina el controlador, se supone que la cola de trabajo se habilit\u00f3 correctamente y procede a liberar las asignaciones realizadas durante la habilitaci\u00f3n de la cola de trabajo. La falla durante la habilitaci\u00f3n de la cola de trabajo no impide que se cargue el controlador. Esto se debe a que la ruta de error dentro de drv_enable_wq() devuelve \u00e9xito a menos que se encuentre una segunda falla durante la ruta de error. Al devolver el \u00e9xito, es posible cargar el controlador incluso si no se puede habilitar la cola de trabajo y se intenta liberar las asignaciones que no existen durante la eliminaci\u00f3n del controlador. Algunos ejemplos de flujos problem\u00e1ticos: (a) idxd_dmaengine_drv_probe() -> drv_enable_wq() -> idxd_wq_request_irq(): en el flujo anterior, si idxd_wq_request_irq() falla, se llama a idxd_wq_unmap_portal() en la ruta de salida de error, pero drv_enable_wq() devuelve 0 porque idxd_wq_disable() tiene \u00e9xito. De este modo, el controlador se carga correctamente. idxd_dmaengine_drv_remove()->drv_disable_wq()->idxd_wq_unmap_portal() El flujo anterior al descargar el controlador activa la ADVERTENCIA en devm_iounmap() porque el recurso del dispositivo ya se elimin\u00f3 durante la ruta de error de drv_enable_wq(). (b) idxd_dmaengine_drv_probe() -> drv_enable_wq() -> idxd_wq_request_irq(): en el flujo anterior, si idxd_wq_request_irq() falla, nunca se llama a idxd_wq_init_percpu_ref() para inicializar el contador de percpu, pero el controlador se carga correctamente porque drv_enable_wq() devuelve 0 idxd_dmaengine_drv_remove()->__idxd_wq_quiesce()->percpu_ref_kill(): El flujo anterior en la descarga del controlador desencadena un ERROR al intentar eliminar la referencia inicial de la referencia percpu no inicializada: ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000010 Corrija el drv_enable_wq(. ) ruta de error al devolver el error original que indica un error al habilitar la cola de trabajo. Esto garantiza que la sonda falle cuando se encuentre un error y que las rutas de eliminaci\u00f3n del controlador solo se intenten cuando la cola de trabajo se habilit\u00f3 correctamente."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48869.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48869",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:04.080",
"lastModified": "2024-08-21T07:15:04.080",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadgetfs: Fix race between mounting and unmounting\n\nThe syzbot fuzzer and Gerald Lee have identified a use-after-free bug\nin the gadgetfs driver, involving processes concurrently mounting and\nunmounting the gadgetfs filesystem. In particular, gadgetfs_fill_super()\ncan race with gadgetfs_kill_sb(), causing the latter to deallocate\nthe_device while the former is using it. The output from KASAN says,\nin part:\n\nBUG: KASAN: use-after-free in instrument_atomic_read_write include/linux/instrumented.h:102 [inline]\nBUG: KASAN: use-after-free in atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:176 [inline]\nBUG: KASAN: use-after-free in __refcount_sub_and_test include/linux/refcount.h:272 [inline]\nBUG: KASAN: use-after-free in __refcount_dec_and_test include/linux/refcount.h:315 [inline]\nBUG: KASAN: use-after-free in refcount_dec_and_test include/linux/refcount.h:333 [inline]\nBUG: KASAN: use-after-free in put_dev drivers/usb/gadget/legacy/inode.c:159 [inline]\nBUG: KASAN: use-after-free in gadgetfs_kill_sb+0x33/0x100 drivers/usb/gadget/legacy/inode.c:2086\nWrite of size 4 at addr ffff8880276d7840 by task syz-executor126/18689\n\nCPU: 0 PID: 18689 Comm: syz-executor126 Not tainted 6.1.0-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nCall Trace:\n <TASK>\n...\n atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:176 [inline]\n __refcount_sub_and_test include/linux/refcount.h:272 [inline]\n __refcount_dec_and_test include/linux/refcount.h:315 [inline]\n refcount_dec_and_test include/linux/refcount.h:333 [inline]\n put_dev drivers/usb/gadget/legacy/inode.c:159 [inline]\n gadgetfs_kill_sb+0x33/0x100 drivers/usb/gadget/legacy/inode.c:2086\n deactivate_locked_super+0xa7/0xf0 fs/super.c:332\n vfs_get_super fs/super.c:1190 [inline]\n get_tree_single+0xd0/0x160 fs/super.c:1207\n vfs_get_tree+0x88/0x270 fs/super.c:1531\n vfs_fsconfig_locked fs/fsopen.c:232 [inline]\n\nThe simplest solution is to ensure that gadgetfs_fill_super() and\ngadgetfs_kill_sb() are serialized by making them both acquire a new\nmutex."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: USB: gadgetfs: corrige la ejecuci\u00f3n entre montar y desmontar Syzbot fuzzer y Gerald Lee han identificado un error de use-after-free en el controlador gadgetfs, que involucra procesos que montan y desmontan simult\u00e1neamente los gadgetfs. sistema de archivos. En particular, gadgetfs_fill_super() puede competir con gadgetfs_kill_sb(), provocando que este \u00faltimo desasigne the_device mientras el primero lo est\u00e1 usando. El resultado de KASAN dice, en parte: ERROR: KASAN: use-after-free en instrument_atomic_read_write include/linux/instrumented.h:102 [en l\u00ednea] ERROR: KASAN: use-after-free en atomic_fetch_sub_release include/linux/atomic/atomic -instrumented.h:176 [en l\u00ednea] ERROR: KASAN: uso despu\u00e9s de liberaci\u00f3n en __refcount_sub_and_test include/linux/refcount.h:272 [en l\u00ednea] ERROR: KASAN: uso despu\u00e9s de liberaci\u00f3n en __refcount_dec_and_test include/linux/refcount.h :315 [en l\u00ednea] ERROR: KASAN: uso despu\u00e9s de liberaci\u00f3n en refcount_dec_and_test include/linux/refcount.h:333 [en l\u00ednea] ERROR: KASAN: uso despu\u00e9s de liberaci\u00f3n en put_dev drivers/usb/gadget/legacy/inode.c :159 [en l\u00ednea] ERROR: KASAN: use-after-free en gadgetfs_kill_sb+0x33/0x100 drivers/usb/gadget/legacy/inode.c:2086 Escritura de tama\u00f1o 4 en la direcci\u00f3n ffff8880276d7840 mediante la tarea syz-executor126/18689 CPU: 0 PID: 18689 Comunicaci\u00f3n: syz-executor126 No contaminado 6.1.0-syzkaller #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 26/10/2022 Seguimiento de llamadas: ... atomic_fetch_sub_release include/linux/ atomic/atomic-instrumented.h:176 [en l\u00ednea] __refcount_sub_and_test include/linux/refcount.h:272 [en l\u00ednea] __refcount_dec_and_test include/linux/refcount.h:315 [en l\u00ednea] refcount_dec_and_test include/linux/refcount.h:333 [en l\u00ednea ] put_dev drivers/usb/gadget/legacy/inode.c:159 [en l\u00ednea] gadgetfs_kill_sb+0x33/0x100 drivers/usb/gadget/legacy/inode.c:2086 deactivate_locked_super+0xa7/0xf0 fs/super.c:332 vfs_get_super fs /super.c:1190 [en l\u00ednea] get_tree_single+0xd0/0x160 fs/super.c:1207 vfs_get_tree+0x88/0x270 fs/super.c:1531 vfs_fsconfig_locked fs/fsopen.c:232 [en l\u00ednea] La soluci\u00f3n m\u00e1s sencilla es garantizar que gadgetfs_fill_super() y gadgetfs_kill_sb() se serializan haciendo que ambos adquieran un nuevo mutex."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48870.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48870",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:04.143",
"lastModified": "2024-08-21T07:15:04.143",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: fix possible null-ptr-defer in spk_ttyio_release\n\nRun the following tests on the qemu platform:\n\nsyzkaller:~# modprobe speakup_audptr\n input: Speakup as /devices/virtual/input/input4\n initialized device: /dev/synth, node (MAJOR 10, MINOR 125)\n speakup 3.1.6: initialized\n synth name on entry is: (null)\n synth probe\n\nspk_ttyio_initialise_ldisc failed because tty_kopen_exclusive returned\nfailed (errno -16), then remove the module, we will get a null-ptr-defer\nproblem, as follow:\n\nsyzkaller:~# modprobe -r speakup_audptr\n releasing synth audptr\n BUG: kernel NULL pointer dereference, address: 0000000000000080\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: 0002 [#1] PREEMPT SMP PTI\n CPU: 2 PID: 204 Comm: modprobe Not tainted 6.1.0-rc6-dirty #1\n RIP: 0010:mutex_lock+0x14/0x30\n Call Trace:\n <TASK>\n spk_ttyio_release+0x19/0x70 [speakup]\n synth_release.part.6+0xac/0xc0 [speakup]\n synth_remove+0x56/0x60 [speakup]\n __x64_sys_delete_module+0x156/0x250\n ? fpregs_assert_state_consistent+0x1d/0x50\n do_syscall_64+0x37/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n </TASK>\n Modules linked in: speakup_audptr(-) speakup\n Dumping ftrace buffer:\n\nin_synth->dev was not initialized during modprobe, so we add check\nfor in_synth->dev to fix this bug."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: corrige posible null-ptr-defer en spk_ttyio_release Ejecute las siguientes pruebas en la plataforma qemu: syzkaller:~# modprobe Speakup_audptr input: Speakup as /devices/virtual/input/input4 dispositivo inicializado: /dev/synth, nodo (MAJOR 10, MINOR 125) Speakup 3.1.6: el nombre del sintetizador inicializado en la entrada es: (nulo) la sonda de sintetizador spk_ttyio_initialise_ldisc fall\u00f3 porque tty_kopen_exclusive devolvi\u00f3 un error (errno -16), luego elimine el m\u00f3dulo, obtendremos un problema de aplazamiento de ptr nulo, como sigue: syzkaller:~# modprobe -r Speakup_audptr liberando sintetizador audptr ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 00000000000000080 #PF: acceso de escritura del supervisor en modo kernel #PF: c\u00f3digo_error(0x0002 ) - p\u00e1gina no presente PGD 0 P4D 0 Ups: 0002 [#1] PREEMPT SMP PTI CPU: 2 PID: 204 Comm: modprobe No contaminado 6.1.0-rc6-dirty #1 RIP: 0010:mutex_lock+0x14/0x30 Llamada Seguimiento: spk_ttyio_release+0x19/0x70 [speakup] synth_release.part.6+0xac/0xc0 [speakup] synth_remove+0x56/0x60 [speakup] __x64_sys_delete_module+0x156/0x250? fpregs_assert_state_consistent+0x1d/0x50 do_syscall_64+0x37/0x90 entry_syscall_64_after_hwframe+0x63/0xcd m\u00f3dulos vinculados en: sheakup_audptr (-) volcando ftrace b\u00fafer: in_synth-&gt;&gt; nth-&gt; dev para corregir este error."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48871.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48871",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:04.207",
"lastModified": "2024-08-21T07:15:04.207",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer\n\nDriver's probe allocates memory for RX FIFO (port->rx_fifo) based on\ndefault RX FIFO depth, e.g. 16. Later during serial startup the\nqcom_geni_serial_port_setup() updates the RX FIFO depth\n(port->rx_fifo_depth) to match real device capabilities, e.g. to 32.\n\nThe RX UART handle code will read \"port->rx_fifo_depth\" number of words\ninto \"port->rx_fifo\" buffer, thus exceeding the bounds. This can be\nobserved in certain configurations with Qualcomm Bluetooth HCI UART\ndevice and KASAN:\n\n Bluetooth: hci0: QCA Product ID :0x00000010\n Bluetooth: hci0: QCA SOC Version :0x400a0200\n Bluetooth: hci0: QCA ROM Version :0x00000200\n Bluetooth: hci0: QCA Patch Version:0x00000d2b\n Bluetooth: hci0: QCA controller version 0x02000200\n Bluetooth: hci0: QCA Downloading qca/htbtfw20.tlv\n bluetooth hci0: Direct firmware load for qca/htbtfw20.tlv failed with error -2\n Bluetooth: hci0: QCA Failed to request file: qca/htbtfw20.tlv (-2)\n Bluetooth: hci0: QCA Failed to download patch (-2)\n ==================================================================\n BUG: KASAN: slab-out-of-bounds in handle_rx_uart+0xa8/0x18c\n Write of size 4 at addr ffff279347d578c0 by task swapper/0/0\n\n CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.1.0-rt5-00350-gb2450b7e00be-dirty #26\n Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT)\n Call trace:\n dump_backtrace.part.0+0xe0/0xf0\n show_stack+0x18/0x40\n dump_stack_lvl+0x8c/0xb8\n print_report+0x188/0x488\n kasan_report+0xb4/0x100\n __asan_store4+0x80/0xa4\n handle_rx_uart+0xa8/0x18c\n qcom_geni_serial_handle_rx+0x84/0x9c\n qcom_geni_serial_isr+0x24c/0x760\n __handle_irq_event_percpu+0x108/0x500\n handle_irq_event+0x6c/0x110\n handle_fasteoi_irq+0x138/0x2cc\n generic_handle_domain_irq+0x48/0x64\n\nIf the RX FIFO depth changes after probe, be sure to resize the buffer."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: serial: qcom-geni-serial: corrige los l\u00edmites fuera de los l\u00edmites en el b\u00fafer RX FIFO La sonda del controlador asigna memoria para RX FIFO (puerto-&gt;rx_fifo) seg\u00fan el valor predeterminado Profundidad FIFO de RX, por ejemplo, 16. M\u00e1s adelante, durante el inicio en serie, qcom_geni_serial_port_setup() actualiza la profundidad FIFO de RX (puerto-&gt;rx_fifo_profundidad) para que coincida con las capacidades reales del dispositivo, por ejemplo, a 32. El c\u00f3digo de identificador de RX UART leer\u00e1 el n\u00famero \"puerto-&gt;rx_fifo_profundidad\" de palabras en el b\u00fafer \"port-&gt;rx_fifo\", excediendo as\u00ed los l\u00edmites. Esto se puede observar en ciertas configuraciones con el dispositivo Qualcomm Bluetooth HCI UART y KASAN: Bluetooth: hci0: QCA ID de producto: 0x00000010 Bluetooth: hci0: QCA SOC Version: 0x400a0200 Bluetooth: hci0: QCA ROM Version: 0x00000200 Bluetooth: hci0: QCA Patch Version :0x00000d2b Bluetooth: hci0: versi\u00f3n del controlador QCA 0x02000200 Bluetooth: hci0: QCA Descargando qca/htbtfw20.tlv bluetooth hci0: La carga directa del firmware para qca/htbtfw20.tlv fall\u00f3 con el error -2 Bluetooth: hci0: QCA No se pudo solicitar el archivo: qca/ htbtfw20.tlv (-2) Bluetooth: hci0: QCA Error al descargar el parche (-2) =============================== ==================================== ERROR: KASAN: losa fuera de los l\u00edmites en handle_rx_uart+ 0xa8/0x18c Escritura de tama\u00f1o 4 en la direcci\u00f3n ffff279347d578c0 mediante task swapper/0/0 CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.1.0-rt5-00350-gb2450b7e00be-dirty #26 Nombre de hardware: Qualcomm Technologies, Inc Rob\u00f3tica RB5 (DT) Seguimiento de llamadas: dump_backtrace.part.0+0xe0/0xf0 show_stack+0x18/0x40 dump_stack_lvl+0x8c/0xb8 print_report+0x188/0x488 kasan_report+0xb4/0x100 __asan_store4+0x80/0xa4 handle_rx_uart+0xa. 8/0x18c qcom_geni_serial_handle_rx+ 0x84/0x9c qcom_geni_serial_isr+0x24c/0x760 __handle_irq_event_percpu+0x108/0x500 handle_irq_event+0x6c/0x110 handle_fasteoi_irq+0x138/0x2cc generic_handle_domain_irq+0x48/0x64 Si la profundidad FIFO de RX cambia despu\u00e9s sonda, aseg\u00farese de cambiar el tama\u00f1o del b\u00fafer."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48872.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48872",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:04.267",
"lastModified": "2024-08-21T07:15:04.267",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix use-after-free race condition for maps\n\nIt is possible that in between calling fastrpc_map_get() until\nmap->fl->lock is taken in fastrpc_free_map(), another thread can call\nfastrpc_map_lookup() and get a reference to a map that is about to be\ndeleted.\n\nRewrite fastrpc_map_get() to only increase the reference count of a map\nif it's non-zero. Propagate this to callers so they can know if a map is\nabout to be deleted.\n\nFixes this warning:\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 5 PID: 10100 at lib/refcount.c:25 refcount_warn_saturate\n...\nCall trace:\n refcount_warn_saturate\n [fastrpc_map_get inlined]\n [fastrpc_map_lookup inlined]\n fastrpc_map_create\n fastrpc_internal_invoke\n fastrpc_device_ioctl\n __arm64_sys_ioctl\n invoke_syscall"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: misc: fastrpc: corrige la condici\u00f3n de ejecuci\u00f3n de use-after-free para mapas. Es posible que entre llamadas a fastrpc_map_get() hasta que se tome map-&gt;fl-&gt;lock en fastrpc_free_map() , otro hilo puede llamar a fastrpc_map_lookup() y obtener una referencia a un mapa que est\u00e1 a punto de ser eliminado. Vuelva a escribir fastrpc_map_get() para aumentar solo el recuento de referencias de un mapa si no es cero. Propague esto a las personas que llaman para que puedan saber si un mapa est\u00e1 a punto de ser eliminado. Corrige esta advertencia: refcount_t: adici\u00f3n en 0; use-after-free. ADVERTENCIA: CPU: 5 PID: 10100 en lib/refcount.c:25 refcount_warn_saturate... Rastreo de llamadas: refcount_warn_saturate [fastrpc_map_get inlined] [fastrpc_map_lookup inlined] fastrpc_map_create fastrpc_internal_invoke fastrpc_device_ioctl __arm64_sys_ioctl invoke_sy llamar"
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48873.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48873",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:04.323",
"lastModified": "2024-08-21T07:15:04.323",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Don't remove map on creater_process and device_release\n\nDo not remove the map from the list on error path in\nfastrpc_init_create_process, instead call fastrpc_map_put, to avoid\nuse-after-free. Do not remove it on fastrpc_device_release either,\ncall fastrpc_map_put instead.\n\nThe fastrpc_free_map is the only proper place to remove the map.\nThis is called only after the reference count is 0."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: misc: fastrpc: no elimine el mapa en creater_process y device_release. No elimine el mapa de la lista en la ruta de error en fastrpc_init_create_process; en su lugar, llame a fastrpc_map_put para evitar el use-after-free. Tampoco lo elimine en fastrpc_device_release; en su lugar, llame a fastrpc_map_put. fastrpc_free_map es el \u00fanico lugar adecuado para eliminar el mapa. Esto se llama solo despu\u00e9s de que el recuento de referencias sea 0."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48874.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48874",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:04.383",
"lastModified": "2024-08-21T07:15:04.383",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix use-after-free and race in fastrpc_map_find\n\nCurrently, there is a race window between the point when the mutex is\nunlocked in fastrpc_map_lookup and the reference count increasing\n(fastrpc_map_get) in fastrpc_map_find, which can also lead to\nuse-after-free.\n\nSo lets merge fastrpc_map_find into fastrpc_map_lookup which allows us\nto both protect the maps list by also taking the &fl->lock spinlock and\nthe reference count, since the spinlock will be released only after.\nAdd take_ref argument to make this suitable for all callers."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: misc: fastrpc: corrige use-after-free y ejecuci\u00f3n en fastrpc_map_find Actualmente, hay una ventana de ejecuci\u00f3n entre el punto en el que se desbloquea el mutex en fastrpc_map_lookup y el recuento de referencias aumenta (fastrpc_map_get ) en fastrpc_map_find, lo que tambi\u00e9n puede generar use-after-free. Entonces, fusionemos fastrpc_map_find con fastrpc_map_lookup, lo que nos permite proteger la lista de mapas tomando tambi\u00e9n el &amp;fl-&gt;lock spinlock y el recuento de referencias, ya que el spinlock se liberar\u00e1 solo despu\u00e9s. Agregue el argumento take_ref para que sea adecuado para todas las personas que llaman."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48875.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48875",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:04.440",
"lastModified": "2024-08-21T07:15:04.440",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: sdata can be NULL during AMPDU start\n\nieee80211_tx_ba_session_handle_start() may get NULL for sdata when a\ndeauthentication is ongoing.\n\nHere a trace triggering the race with the hostapd test\nmulti_ap_fronthaul_on_ap:\n\n(gdb) list *drv_ampdu_action+0x46\n0x8b16 is in drv_ampdu_action (net/mac80211/driver-ops.c:396).\n391 int ret = -EOPNOTSUPP;\n392\n393 might_sleep();\n394\n395 sdata = get_bss_sdata(sdata);\n396 if (!check_sdata_in_driver(sdata))\n397 return -EIO;\n398\n399 trace_drv_ampdu_action(local, sdata, params);\n400\n\nwlan0: moving STA 02:00:00:00:03:00 to state 3\nwlan0: associated\nwlan0: deauthenticating from 02:00:00:00:03:00 by local choice (Reason: 3=DEAUTH_LEAVING)\nwlan3.sta1: Open BA session requested for 02:00:00:00:00:00 tid 0\nwlan3.sta1: dropped frame to 02:00:00:00:00:00 (unauthorized port)\nwlan0: moving STA 02:00:00:00:03:00 to state 2\nwlan0: moving STA 02:00:00:00:03:00 to state 1\nwlan0: Removed STA 02:00:00:00:03:00\nwlan0: Destroyed STA 02:00:00:00:03:00\nBUG: unable to handle page fault for address: fffffffffffffb48\nPGD 11814067 P4D 11814067 PUD 11816067 PMD 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 2 PID: 133397 Comm: kworker/u16:1 Tainted: G W 6.1.0-rc8-wt+ #59\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014\nWorkqueue: phy3 ieee80211_ba_session_work [mac80211]\nRIP: 0010:drv_ampdu_action+0x46/0x280 [mac80211]\nCode: 53 48 89 f3 be 89 01 00 00 e8 d6 43 bf ef e8 21 46 81 f0 83 bb a0 1b 00 00 04 75 0e 48 8b 9b 28 0d 00 00 48 81 eb 10 0e 00 00 <8b> 93 58 09 00 00 f6 c2 20 0f 84 3b 01 00 00 8b 05 dd 1c 0f 00 85\nRSP: 0018:ffffc900025ebd20 EFLAGS: 00010287\nRAX: 0000000000000000 RBX: fffffffffffff1f0 RCX: ffff888102228240\nRDX: 0000000080000000 RSI: ffffffff918c5de0 RDI: ffff888102228b40\nRBP: ffffc900025ebd40 R08: 0000000000000001 R09: 0000000000000001\nR10: 0000000000000001 R11: 0000000000000000 R12: ffff888118c18ec0\nR13: 0000000000000000 R14: ffffc900025ebd60 R15: ffff888018b7efb8\nFS: 0000000000000000(0000) GS:ffff88817a600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: fffffffffffffb48 CR3: 0000000105228006 CR4: 0000000000170ee0\nCall Trace:\n <TASK>\n ieee80211_tx_ba_session_handle_start+0xd0/0x190 [mac80211]\n ieee80211_ba_session_work+0xff/0x2e0 [mac80211]\n process_one_work+0x29f/0x620\n worker_thread+0x4d/0x3d0\n ? process_one_work+0x620/0x620\n kthread+0xfb/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n </TASK>"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: wifi: mac80211: sdata puede ser NULL durante el inicio de AMPDU. ieee80211_tx_ba_session_handle_start() puede obtener NULL para sdata cuando se est\u00e1 realizando una desautenticaci\u00f3n. Aqu\u00ed un rastro que desencadena la ejecuci\u00f3n con la prueba hostapd multi_ap_fronthaul_on_ap: (gdb) list *drv_ampdu_action+0x46 0x8b16 est\u00e1 en drv_ampdu_action (net/mac80211/driver-ops.c:396). 391 int ret = -EOPNOTSUPP; 392 393 podr\u00eda_dormir(); 394 395 sdata = get_bss_sdata(sdata); 396 si (!check_sdata_in_driver(sdata)) 397 retorno -EIO; 398 399 trace_drv_ampdu_action(local, sdata, params); 400 wlan0: mover STA 02:00:00:00:03:00 al estado 3 wlan0: wlan0 asociado: desautenticar desde 02:00:00:00:03:00 por elecci\u00f3n local (Raz\u00f3n: 3=DEAUTH_LEAVING) wlan3.sta1 : Sesi\u00f3n de BA abierta solicitada para 02:00:00:00:00:00 tid 0 wlan3.sta1: cuadro eliminado a 02:00:00:00:00:00 (puerto no autorizado) wlan0: moviendo STA 02:00:00 :00:03:00 al estado 2 wlan0: moviendo STA 02:00:00:00:03:00 al estado 1 wlan0: STA eliminada 02:00:00:00:03:00 wlan0: STA destruida 02:00: 00:00:03:00 ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: fffffffffffffffb48 PGD 11814067 P4D 11814067 PUD 11816067 PMD 0 Ups: 0000 [#1] PREEMPT SMP PTI CPU: 2 PID: 133397 Comm: kworker/u16:1 Tainted : GW 6.1.0-rc8-wt+ #59 Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 01/04/2014 Cola de trabajo: phy3 ieee80211_ba_session_work [mac80211] RIP: _ampdu_acci\u00f3n +0x46/0x280 [mac80211] C\u00f3digo: 53 48 89 f3 be 89 01 00 00 e8 d6 43 bf ef e8 21 46 81 f0 83 bb a0 1b 00 00 04 75 0e 48 8b 9b 28 0d 00 00 48 81 10 0e 00 00 &lt;8b&gt; 93 58 09 00 00 f6 c2 20 0f 84 3b 01 00 00 8b 05 dd 1c 0f 00 85 RSP: 0018:ffffc900025ebd20 EFLAGS: 00010287 RAX: 0000000000000000 RBX: ffffffffffff1f0 RCX: ffff888102228240 RDX: 0000000080000000 RSI: ffffffff918c5de0 RDI: ffff888102228b40 RBP: ffffc900025ebd40 R08: 0000000000000001 R09: 0000000000000001 R10: 00000000000000001 R11: 0000000000000000 R12: 888118c18ec0 R13: 0000000000000000 R14: ffffc900025ebd60 R15: ffff888018b7efb8 FS: 0000000000000000(0000) GS:ffff88817a600000(0000) 0000000000000 CS: 0010 DS: 0000 ES : 0000 CR0: 0000000080050033 CR2: fffffffffffffb48 CR3: 0000000105228006 CR4: 0000000000170ee0 Seguimiento de llamadas: ieee80211_tx_ba_session_handle_start+0xd0/0x190 11] ieee80211_ba_session_work+0xff/0x2e0 [mac80211] Process_one_work+0x29f/0x620 trabajador_thread+0x4d/0x3d0? proceso_one_work+0x620/0x620 kthread+0xfb/0x120 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30 "
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48876.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48876",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:04.500",
"lastModified": "2024-08-21T07:15:04.500",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix initialization of rx->link and rx->link_sta\n\nThere are some codepaths that do not initialize rx->link_sta properly. This\ncauses a crash in places which assume that rx->link_sta is valid if rx->sta\nis valid.\nOne known instance is triggered by __ieee80211_rx_h_amsdu being called from\nfast-rx. It results in a crash like this one:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000a8\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page PGD 0 P4D 0\n Oops: 0002 [#1] PREEMPT SMP PTI\n CPU: 1 PID: 506 Comm: mt76-usb-rx phy Tainted: G E 6.1.0-debian64x+1.7 #3\n Hardware name: ZOTAC ZBOX-ID92/ZBOX-IQ01/ZBOX-ID92/ZBOX-IQ01, BIOS B220P007 05/21/2014\n RIP: 0010:ieee80211_deliver_skb+0x62/0x1f0 [mac80211]\n Code: 00 48 89 04 24 e8 9e a7 c3 df 89 c0 48 03 1c c5 a0 ea 39 a1 4c 01 6b 08 48 ff 03 48\n 83 7d 28 00 74 11 48 8b 45 30 48 63 55 44 <48> 83 84 d0 a8 00 00 00 01 41 8b 86 c0\n 11 00 00 8d 50 fd 83 fa 01\n RSP: 0018:ffff999040803b10 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: ffffb9903f496480 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffff999040803ce0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: ffff8d21828ac900\n R13: 000000000000004a R14: ffff8d2198ed89c0 R15: ffff8d2198ed8000\n FS: 0000000000000000(0000) GS:ffff8d24afe80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000000000a8 CR3: 0000000429810002 CR4: 00000000001706e0\n Call Trace:\n <TASK>\n __ieee80211_rx_h_amsdu+0x1b5/0x240 [mac80211]\n ? ieee80211_prepare_and_rx_handle+0xcdd/0x1320 [mac80211]\n ? __local_bh_enable_ip+0x3b/0xa0\n ieee80211_prepare_and_rx_handle+0xcdd/0x1320 [mac80211]\n ? prepare_transfer+0x109/0x1a0 [xhci_hcd]\n ieee80211_rx_list+0xa80/0xda0 [mac80211]\n mt76_rx_complete+0x207/0x2e0 [mt76]\n mt76_rx_poll_complete+0x357/0x5a0 [mt76]\n mt76u_rx_worker+0x4f5/0x600 [mt76_usb]\n ? mt76_get_min_avg_rssi+0x140/0x140 [mt76]\n __mt76_worker_fn+0x50/0x80 [mt76]\n kthread+0xed/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n\nSince the initialization of rx->link and rx->link_sta is rather convoluted\nand duplicated in many places, clean it up by using a helper function to\nset it.\n\n[remove unnecessary rx->sta->sta.mlo check]"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: corrige la inicializaci\u00f3n de rx-&gt;link y rx-&gt;link_sta Hay algunas rutas de c\u00f3digo que no inicializan rx-&gt;link_sta correctamente. Esto provoca un bloqueo en lugares que asumen que rx-&gt;link_sta es v\u00e1lido si rx-&gt;sta es v\u00e1lido. Una instancia conocida se activa cuando se llama a __ieee80211_rx_h_amsdu desde fast-rx. Resulta en un bloqueo como este: ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 00000000000000a8 #PF: acceso de escritura del supervisor en modo kernel #PF: c\u00f3digo_error(0x0002) - p\u00e1gina no presente PGD 0 P4D 0 Ups: 0002 [#1 ] PREEMPT SMP PTI CPU: 1 PID: 506 Comm: mt76-usb-rx phy Contaminado: GE 6.1.0-debian64x+1.7 #3 Nombre del hardware: ZOTAC ZBOX-ID92/ZBOX-IQ01/ZBOX-ID92/ZBOX-IQ01, BIOS B220P007 21/05/2014 RIP: 0010:ieee80211_deliver_skb+0x62/0x1f0 [mac80211] C\u00f3digo: 00 48 89 04 24 e8 9e a7 c3 df 89 c0 48 03 1c c5 a0 ea 39 a1 4c 01 08 48 y siguientes 03 48 83 7d 28 00 74 11 48 8b 45 30 48 63 55 44 &lt;48&gt; 83 84 d0 a8 00 00 00 01 41 8b 86 c0 11 00 00 8d 50 fd 83 fa 01 RSP:ffff999040803b10 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffffb9903f496480 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000000000000 RBP: ffff999040803ce0 R08: 00000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8d21828ac900 R13: 000000000000004a R14: 98ed89c0 R15: ffff8d2198ed8000 FS: 0000000000000000(0000) GS:ffff8d24afe80000( 0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000a8 CR3: 0000000429810002 CR4: 00000000001 706e0 Seguimiento de llamadas: __ieee80211_rx_h_amsdu+0x1b5/0x240 [mac80211] ? ieee80211_prepare_and_rx_handle+0xcdd/0x1320 [mac80211]? __local_bh_enable_ip+0x3b/0xa0 ieee80211_prepare_and_rx_handle+0xcdd/0x1320 [mac80211]? prepare_transfer+0x109/0x1a0 [xhci_hcd] ieee80211_rx_list+0xa80/0xda0 [mac80211] mt76_rx_complete+0x207/0x2e0 [mt76] mt76_rx_poll_complete+0x357/0x5a0 [mt76u_rx_worker] +0x4f5/0x600 [mt76_usb] ? mt76_get_min_avg_rssi+0x140/0x140 [mt76] __mt76_worker_fn+0x50/0x80 [mt76] kthread+0xed/0x120 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30 Dado que la inicializaci\u00f3n de rx-&gt;link y rx-&gt;link_sta es bastante complicada y duplicada en muchos lugares, l\u00edmpiela usando una funci\u00f3n auxiliar para configurarla. [eliminar comprobaci\u00f3n innecesaria de rx-&gt;sta-&gt;sta.mlo]"
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48877.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48877",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:04.563",
"lastModified": "2024-08-21T07:15:04.563",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: let's avoid panic if extent_tree is not created\n\nThis patch avoids the below panic.\n\npc : __lookup_extent_tree+0xd8/0x760\nlr : f2fs_do_write_data_page+0x104/0x87c\nsp : ffffffc010cbb3c0\nx29: ffffffc010cbb3e0 x28: 0000000000000000\nx27: ffffff8803e7f020 x26: ffffff8803e7ed40\nx25: ffffff8803e7f020 x24: ffffffc010cbb460\nx23: ffffffc010cbb480 x22: 0000000000000000\nx21: 0000000000000000 x20: ffffffff22e90900\nx19: 0000000000000000 x18: ffffffc010c5d080\nx17: 0000000000000000 x16: 0000000000000020\nx15: ffffffdb1acdbb88 x14: ffffff888759e2b0\nx13: 0000000000000000 x12: ffffff802da49000\nx11: 000000000a001200 x10: ffffff8803e7ed40\nx9 : ffffff8023195800 x8 : ffffff802da49078\nx7 : 0000000000000001 x6 : 0000000000000000\nx5 : 0000000000000006 x4 : ffffffc010cbba28\nx3 : 0000000000000000 x2 : ffffffc010cbb480\nx1 : 0000000000000000 x0 : ffffff8803e7ed40\nCall trace:\n __lookup_extent_tree+0xd8/0x760\n f2fs_do_write_data_page+0x104/0x87c\n f2fs_write_single_data_page+0x420/0xb60\n f2fs_write_cache_pages+0x418/0xb1c\n __f2fs_write_data_pages+0x428/0x58c\n f2fs_write_data_pages+0x30/0x40\n do_writepages+0x88/0x190\n __writeback_single_inode+0x48/0x448\n writeback_sb_inodes+0x468/0x9e8\n __writeback_inodes_wb+0xb8/0x2a4\n wb_writeback+0x33c/0x740\n wb_do_writeback+0x2b4/0x400\n wb_workfn+0xe4/0x34c\n process_one_work+0x24c/0x5bc\n worker_thread+0x3e8/0xa50\n kthread+0x150/0x1b4"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: evitemos el p\u00e1nico si no se crea extend_tree. Este parche evita el siguiente p\u00e1nico. pc: __lookup_extent_tree+0xd8/0x760 lr: f2fs_do_write_data_page+0x104/0x87c sp: ffffffc010cbb3c0 x29: ffffffc010cbb3e0 x28: 0000000000000000 x27: ffffff8803e7f020 : ffffff8803e7ed40 x25: ffffff8803e7f020 x24: ffffffc010cbb460 x23: ffffffc010cbb480 x22: 0000000000000000 x21: 0000000000000000 x20: ffffffff22e9090 0x19: 0000000000000000 x18: ffffffc010c5d080 x17: 0000000000000000 x16: 0000000000000020 x15: ffffffdb1acdbb88 x14: ffffff888759e2b0 x13: 0000000000000000 x12: 02da49000 x11: 000000000a001200 x10: ffffff8803e7ed40 x9: ffffff8023195800 x8: ffffff802da49078 x7: 0000000000000001 x6: 0000000000000000 x5 000000000000006 x4: ffffffc010cbba28 x3: 0000000000000000 x2: ffffffc010cbb480 x1: 0000000000000000 x0: ffffff8803e7ed40 Rastreo de llamadas: __lookup_extent_tree+0xd8/0x760 f2fs_do_write_data_page+0x104/0x87c f2fs_write_single_data_page+0x420/0xb60 f 2fs_write_cache_pages+0x418/0xb1c __f2fs_write_data_pages+0x428/0x58c f2fs_write_data_pages+0x30/0x40 do_writepages+0x88/0x190 __writeback_single_inode+0x48/0x448 writeback_sb_inodes+0x468/0x9e8 __writeback_inodes_wb+0xb8/0x2a4 wb_writeback+0x33c/0x740 wb_do_writeback+0x2b4/0x400 wb_workfn+0xe4/0x34c Process_one_work+0x24c/0x5bc trabajador_thread+0x3e8/0xa 50 khilo+0x150/0x1b4"
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48878.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48878",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:04.627",
"lastModified": "2024-08-21T07:15:04.627",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_qca: Fix driver shutdown on closed serdev\n\nThe driver shutdown callback (which sends EDL_SOC_RESET to the device\nover serdev) should not be invoked when HCI device is not open (e.g. if\nhci_dev_open_sync() failed), because the serdev and its TTY are not open\neither. Also skip this step if device is powered off\n(qca_power_shutdown()).\n\nThe shutdown callback causes use-after-free during system reboot with\nQualcomm Atheros Bluetooth:\n\n Unable to handle kernel paging request at virtual address\n 0072662f67726fd7\n ...\n CPU: 6 PID: 1 Comm: systemd-shutdow Tainted: G W\n 6.1.0-rt5-00325-g8a5f56bcfcca #8\n Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT)\n Call trace:\n tty_driver_flush_buffer+0x4/0x30\n serdev_device_write_flush+0x24/0x34\n qca_serdev_shutdown+0x80/0x130 [hci_uart]\n device_shutdown+0x15c/0x260\n kernel_restart+0x48/0xac\n\nKASAN report:\n\n BUG: KASAN: use-after-free in tty_driver_flush_buffer+0x1c/0x50\n Read of size 8 at addr ffff16270c2e0018 by task systemd-shutdow/1\n\n CPU: 7 PID: 1 Comm: systemd-shutdow Not tainted\n 6.1.0-next-20221220-00014-gb85aaf97fb01-dirty #28\n Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT)\n Call trace:\n dump_backtrace.part.0+0xdc/0xf0\n show_stack+0x18/0x30\n dump_stack_lvl+0x68/0x84\n print_report+0x188/0x488\n kasan_report+0xa4/0xf0\n __asan_load8+0x80/0xac\n tty_driver_flush_buffer+0x1c/0x50\n ttyport_write_flush+0x34/0x44\n serdev_device_write_flush+0x48/0x60\n qca_serdev_shutdown+0x124/0x274\n device_shutdown+0x1e8/0x350\n kernel_restart+0x48/0xb0\n __do_sys_reboot+0x244/0x2d0\n __arm64_sys_reboot+0x54/0x70\n invoke_syscall+0x60/0x190\n el0_svc_common.constprop.0+0x7c/0x160\n do_el0_svc+0x44/0xf0\n el0_svc+0x2c/0x6c\n el0t_64_sync_handler+0xbc/0x140\n el0t_64_sync+0x190/0x194"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Bluetooth: hci_qca: corrige el apagado del controlador en serdev cerrado La devoluci\u00f3n de llamada de apagado del controlador (que env\u00eda EDL_SOC_RESET al dispositivo a trav\u00e9s de serdev) no debe invocarse cuando el dispositivo HCI no est\u00e1 abierto (por ejemplo, si hci_dev_open_sync () fall\u00f3), porque el serdev y su TTY tampoco est\u00e1n abiertos. Omita tambi\u00e9n este paso si el dispositivo est\u00e1 apagado (qca_power_shutdown()). La devoluci\u00f3n de llamada de apagado provoca use-after-free durante el reinicio del sistema con Qualcomm Atheros Bluetooth: no se puede manejar la solicitud de paginaci\u00f3n del kernel en la direcci\u00f3n virtual 0072662f67726fd7... CPU: 6 PID: 1 Comm: systemd-shutdow Contaminado: GW 6.1.0-rt5- 00325-g8a5f56bcfcca #8 Nombre del hardware: Qualcomm Technologies, Inc. Robotics RB5 (DT) Rastreo de llamadas: tty_driver_flush_b\u00fafer+0x4/0x30 serdev_device_write_flush+0x24/0x34 qca_serdev_shutdown+0x80/0x130 [hci_uart] device_shutdown+0x15c/0x2 60 kernel_restart+0x48/0xac KASAN informe: ERROR: KASAN: use-after-free en tty_driver_flush_b\u00fafer+0x1c/0x50 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff16270c2e0018 por tarea systemd-shutdow/1 CPU: 7 PID: 1 Comunicaciones: systemd-shutdow No contaminado 6.1.0-next- 20221220-00014-gb85aaf97fb01-dirty #28 Nombre del hardware: Qualcomm Technologies, Inc. Robotics RB5 (DT) Rastreo de llamadas: dump_backtrace.part.0+0xdc/0xf0 show_stack+0x18/0x30 dump_stack_lvl+0x68/0x84 print_report+0x188/0x488 puerto +0xa4/0xf0 __asan_load8+0x80/0xac tty_driver_flush_b\u00fafer+0x1c/0x50 ttyport_write_flush+0x34/0x44 serdev_device_write_flush+0x48/0x60 qca_serdev_shutdown+0x124/0x274 dispositivo_shutdown+0x1e8/0x3 50 kernel_restart+0x48/0xb0 __do_sys_reboot+0x244/0x2d0 __arm64_sys_reboot+0x54/0x70 invoke_syscall +0x60/0x190 el0_svc_common.constprop.0+0x7c/0x160 do_el0_svc+0x44/0xf0 el0_svc+0x2c/0x6c el0t_64_sync_handler+0xbc/0x140 el0t_64_sync+0x190/0x194"
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48879.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48879",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:04.690",
"lastModified": "2024-08-21T07:15:04.690",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: fix NULL-deref in init error path\n\nIn cases where runtime services are not supported or have been disabled,\nthe runtime services workqueue will never have been allocated.\n\nDo not try to destroy the workqueue unconditionally in the unlikely\nevent that EFI initialisation fails to avoid dereferencing a NULL\npointer."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: efi: corrige NULL-deref en la ruta de error de inicio En los casos en los que los servicios de ejecuci\u00f3n no son compatibles o se han deshabilitado, la cola de trabajo de los servicios de ejecuci\u00f3n nunca se habr\u00e1 asignado. No intente destruir la cola de trabajo incondicionalmente en el improbable caso de que la inicializaci\u00f3n de EFI no pueda evitar la desreferenciaci\u00f3n de un puntero NULL."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48880.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48880",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:04.753",
"lastModified": "2024-08-21T07:15:04.753",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/surface: aggregator: Add missing call to ssam_request_sync_free()\n\nAlthough rare, ssam_request_sync_init() can fail. In that case, the\nrequest should be freed via ssam_request_sync_free(). Currently it is\nleaked instead. Fix this."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: plataforma/superficie: agregador: Agregar llamada faltante a ssam_request_sync_free() Aunque es poco com\u00fan, ssam_request_sync_init() puede fallar. En ese caso, la solicitud debe liberarse mediante ssam_request_sync_free(). Actualmente se filtra. Arregla esto."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48881.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48881",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:04.810",
"lastModified": "2024-08-21T07:15:04.810",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd: Fix refcount leak in amd_pmc_probe\n\npci_get_domain_bus_and_slot() takes reference, the caller should release\nthe reference by calling pci_dev_put() after use. Call pci_dev_put() in\nthe error path to fix this."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: plataforma/x86/amd: se corrigi\u00f3 la fuga de recuento en amd_pmc_probe pci_get_domain_bus_and_slot() toma referencia, la persona que llama debe liberar la referencia llamando a pci_dev_put() despu\u00e9s de su uso. Llame a pci_dev_put() en la ruta del error para solucionar este problema."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48882.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48882",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:04.863",
"lastModified": "2024-08-21T07:15:04.863",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY)\n\nUpon updating MAC security entity (SecY) in hw offload path, the macsec\nsecurity association (SA) initialization routine is called. In case of\nextended packet number (epn) is enabled the salt and ssci attributes are\nretrieved using the MACsec driver rx_sa context which is unavailable when\nupdating a SecY property such as encoding-sa hence the null dereference.\nFix by using the provided SA to set those attributes."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: corrige la posible desreferencia nula de macsec al actualizar la entidad de seguridad MAC (SecY) Al actualizar la entidad de seguridad MAC (SecY) en la ruta de descarga de hw, se inicializa la asociaci\u00f3n de seguridad (SA) de macsec se llama rutina. En caso de que el n\u00famero de paquete extendido (epn) est\u00e9 habilitado, los atributos salt y ssci se recuperan utilizando el contexto rx_sa del controlador MACsec que no est\u00e1 disponible al actualizar una propiedad SecY como encoding-sa, de ah\u00ed la desreferencia nula. Solucione utilizando el SA proporcionado para establecer esos atributos."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48883.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48883",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:04.933",
"lastModified": "2024-08-21T07:15:04.933",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent\n\nA user is able to configure an arbitrary number of rx queues when\ncreating an interface via netlink. This doesn't work for child PKEY\ninterfaces because the child interface uses the parent receive channels.\n\nAlthough the child shares the parent's receive channels, the number of\nrx queues is important for the channel_stats array: the parent's rx\nchannel index is used to access the child's channel_stats. So the array\nhas to be at least as large as the parent's rx queue size for the\ncounting to work correctly and to prevent out of bound accesses.\n\nThis patch checks for the mentioned scenario and returns an error when\ntrying to create the interface. The error is propagated to the user."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: IPoIB, bloquea interfaces PKEY con menos colas de recepci\u00f3n que las principales. Un usuario puede configurar un n\u00famero arbitrario de colas de recepci\u00f3n al crear una interfaz a trav\u00e9s de netlink. Esto no funciona para interfaces PKEY secundarias porque la interfaz secundaria utiliza los canales de recepci\u00f3n principales. Aunque el ni\u00f1o comparte los canales de recepci\u00f3n de los padres, la cantidad de colas de recepci\u00f3n es importante para la matriz channel_stats: el \u00edndice del canal de recepci\u00f3n de los padres se usa para acceder a los channel_stats del ni\u00f1o. Por lo tanto, la matriz debe ser al menos tan grande como el tama\u00f1o de la cola de recepci\u00f3n principal para que el recuento funcione correctamente y evitar accesos fuera de los l\u00edmites. Este parche comprueba el escenario mencionado y devuelve un error al intentar crear la interfaz. El error se propaga al usuario."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48884.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48884",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:04.987",
"lastModified": "2024-08-21T07:15:04.987",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix command stats access after free\n\nCommand may fail while driver is reloading and can't accept FW commands\ntill command interface is reinitialized. Such command failure is being\nlogged to command stats. This results in NULL pointer access as command\nstats structure is being freed and reallocated during mlx5 devlink\nreload (see kernel log below).\n\nFix it by making command stats statically allocated on driver probe.\n\nKernel log:\n[ 2394.808802] BUG: unable to handle kernel paging request at 000000000002a9c0\n[ 2394.810610] PGD 0 P4D 0\n[ 2394.811811] Oops: 0002 [#1] SMP NOPTI\n...\n[ 2394.815482] RIP: 0010:native_queued_spin_lock_slowpath+0x183/0x1d0\n...\n[ 2394.829505] Call Trace:\n[ 2394.830667] _raw_spin_lock_irq+0x23/0x26\n[ 2394.831858] cmd_status_err+0x55/0x110 [mlx5_core]\n[ 2394.833020] mlx5_access_reg+0xe7/0x150 [mlx5_core]\n[ 2394.834175] mlx5_query_port_ptys+0x78/0xa0 [mlx5_core]\n[ 2394.835337] mlx5e_ethtool_get_link_ksettings+0x74/0x590 [mlx5_core]\n[ 2394.836454] ? kmem_cache_alloc_trace+0x140/0x1c0\n[ 2394.837562] __rh_call_get_link_ksettings+0x33/0x100\n[ 2394.838663] ? __rtnl_unlock+0x25/0x50\n[ 2394.839755] __ethtool_get_link_ksettings+0x72/0x150\n[ 2394.840862] duplex_show+0x6e/0xc0\n[ 2394.841963] dev_attr_show+0x1c/0x40\n[ 2394.843048] sysfs_kf_seq_show+0x9b/0x100\n[ 2394.844123] seq_read+0x153/0x410\n[ 2394.845187] vfs_read+0x91/0x140\n[ 2394.846226] ksys_read+0x4f/0xb0\n[ 2394.847234] do_syscall_64+0x5b/0x1a0\n[ 2394.848228] entry_SYSCALL_64_after_hwframe+0x65/0xca"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net/mlx5: corrige el acceso a las estad\u00edsticas de los comandos despu\u00e9s de liberarlos. El comando puede fallar mientras se recarga el controlador y no puede aceptar comandos de firmware hasta que se reinicialice la interfaz de comandos. Dicho error de comando se registra en las estad\u00edsticas de comando. Esto da como resultado un acceso al puntero NULL a medida que la estructura de estad\u00edsticas de comando se libera y reasigna durante la recarga de mlx5 devlink (consulte el registro del kernel a continuaci\u00f3n). Solucionelo haciendo que las estad\u00edsticas de comando se asignen est\u00e1ticamente en la sonda del controlador. Registro del kernel: [2394.808802] ERROR: no se puede manejar la solicitud de paginaci\u00f3n del kernel en 000000000002a9c0 [2394.810610] PGD 0 P4D 0 [2394.811811] Vaya: 0002 [#1] SMP NOPTI... [2394.815482] RIP: 10:native_queued_spin_lock_slowpath+0x183/0x1d0 ... [2394.829505] Seguimiento de llamadas: [2394.830667] _raw_spin_lock_irq+0x23/0x26 [2394.831858] cmd_status_err+0x55/0x110 [mlx5_core] [2394.833020] mlx5_access_reg+0xe7/0x1 50 [mlx5_core] [2394.834175] mlx5_query_port_ptys+0x78/0xa0 [mlx5_core] [2394.835337] mlx5e_ethtool_get_link_ksettings+0x74/0x590 [mlx5_core] [2394.836454]? kmem_cache_alloc_trace+0x140/0x1c0 [ 2394.837562] __rh_call_get_link_ksettings+0x33/0x100 [ 2394.838663] ? __rtnl_unlock+0x25/0x50 [ 2394.839755] __ethtool_get_link_ksettings+0x72/0x150 [ 2394.840862] duplex_show+0x6e/0xc0 [ 2394.841963] dev_attr_show+0x1c/0x40 [ 2394.8 43048] sysfs_kf_seq_show+0x9b/0x100 [ 2394.844123] seq_read+0x153/0x410 [ 2394.845187] vfs_read+ 0x91/0x140 [ 2394.846226] ksys_read+0x4f/0xb0 [ 2394.847234] do_syscall_64+0x5b/0x1a0 [ 2394.848228] entrada_SYSCALL_64_after_hwframe+0x65/0xca"
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48885.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48885",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:05.037",
"lastModified": "2024-08-21T07:15:05.037",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix potential memory leak in ice_gnss_tty_write()\n\nThe ice_gnss_tty_write() return directly if the write_buf alloc failed,\nleaking the cmd_buf.\n\nFix by free cmd_buf if write_buf alloc failed."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: soluciona una posible p\u00e9rdida de memoria en ice_gnss_tty_write(). El ice_gnss_tty_write() regresa directamente si falla la asignaci\u00f3n write_buf, filtrando el cmd_buf. Corrija mediante cmd_buf gratuito si falla la asignaci\u00f3n de write_buf."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48886.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48886",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:05.090",
"lastModified": "2024-08-21T07:15:05.090",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add check for kzalloc\n\nAdd the check for the return value of kzalloc in order to avoid\nNULL pointer dereference.\nMoreover, use the goto-label to share the clean code."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: Agregar verificaci\u00f3n para kzalloc Agregue la verificaci\u00f3n para el valor de retorno de kzalloc para evitar la desreferencia al puntero NULL. Adem\u00e1s, utilice la etiqueta goto para compartir el c\u00f3digo limpio."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48887.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48887",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:05.143",
"lastModified": "2024-08-21T07:15:05.143",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Remove rcu locks from user resources\n\nUser resource lookups used rcu to avoid two extra atomics. Unfortunately\nthe rcu paths were buggy and it was easy to make the driver crash by\nsubmitting command buffers from two different threads. Because the\nlookups never show up in performance profiles replace them with a\nregular spin lock which fixes the races in accesses to those shared\nresources.\n\nFixes kernel oops'es in IGT's vmwgfx execution_buffer stress test and\nseen crashes with apps using shared resources."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/vmwgfx: elimina los bloqueos de rcu de los recursos del usuario. Las b\u00fasquedas de recursos del usuario utilizaron rcu para evitar dos \u00e1tomos adicionales. Desafortunadamente, las rutas de rcu ten\u00edan errores y era f\u00e1cil hacer que el controlador fallara al enviar b\u00faferes de comando desde dos subprocesos diferentes. Debido a que las b\u00fasquedas nunca aparecen en los perfiles de rendimiento, reempl\u00e1celas con un bloqueo de giro normal que corrige las ejecuci\u00f3ns en los accesos a esos recursos compartidos. Corrige los fallos del kernel en la prueba de esfuerzo vmwgfxexecution_b\u00fafer de IGT y los fallos observados en las aplicaciones que utilizan recursos compartidos."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48888.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48888",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:05.193",
"lastModified": "2024-08-21T07:15:05.193",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: Fix memory leak in msm_mdss_parse_data_bus_icc_path\n\nof_icc_get() alloc resources for path1, we should release it when not\nneed anymore. Early return when IS_ERR_OR_NULL(path0) may leak path1.\nDefer getting path1 to fix this.\n\nPatchwork: https://patchwork.freedesktop.org/patch/514264/"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/msm/dpu: corrige la p\u00e9rdida de memoria en msm_mdss_parse_data_bus_icc_path of_icc_get() asigna recursos para la ruta1, debemos liberarlos cuando ya no los necesitemos. Retorno anticipado cuando IS_ERR_OR_NULL(ruta0) puede filtrar la ruta1. Posponga la obtenci\u00f3n de la ruta 1 para solucionar este problema. Remiendo: https://patchwork.freedesktop.org/patch/514264/"
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48889.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48889",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:05.243",
"lastModified": "2024-08-21T07:15:05.243",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: sof-nau8825: fix module alias overflow\n\nThe maximum name length for a platform_device_id entry is 20 characters\nincluding the trailing NUL byte. The sof_nau8825.c file exceeds that,\nwhich causes an obscure error message:\n\nsound/soc/intel/boards/snd-soc-sof_nau8825.mod.c:35:45: error: illegal character encoding in string literal [-Werror,-Winvalid-source-encoding]\nMODULE_ALIAS(\"platform:adl_max98373_nau8825<U+0018><AA>\");\n ^~~~\ninclude/linux/module.h:168:49: note: expanded from macro 'MODULE_ALIAS'\n ^~~~~~\ninclude/linux/module.h:165:56: note: expanded from macro 'MODULE_INFO'\n ^~~~\ninclude/linux/moduleparam.h:26:47: note: expanded from macro '__MODULE_INFO'\n = __MODULE_INFO_PREFIX __stringify(tag) \"=\" info\n\nI could not figure out how to make the module handling robust enough\nto handle this better, but as a quick fix, using slightly shorter\nnames that are still unique avoids the build issue."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ASoC: Intel: sof-nau8825: corrige el desbordamiento del alias del m\u00f3dulo La longitud m\u00e1xima del nombre para una entrada platform_device_id es de 20 caracteres, incluido el byte NUL final. El archivo sof_nau8825.c excede eso, lo que provoca un oscuro mensaje de error: sound/soc/intel/boards/snd-soc-sof_nau8825.mod.c:35:45: error: codificaci\u00f3n de caracteres ilegal en cadena literal [-Werror,- Codificaci\u00f3n de fuente v\u00e1lida de Win] MODULE_ALIAS(\"plataforma:adl_max98373_nau8825\"); ^~~~ include/linux/module.h:168:49: nota: ampliado desde la macro 'MODULE_ALIAS' ^~~~~~ include/linux/module.h:165:56: nota: ampliado desde la macro 'MODULE_INFO' ^~~~ include/linux/moduleparam.h:26:47: nota: ampliado desde la macro '__MODULE_INFO' = __MODULE_INFO_PREFIX __stringify(tag) \"=\" info No pude entender c\u00f3mo hacer que el m\u00f3dulo sea lo suficientemente robusto para manejar esto mejor, pero como soluci\u00f3n r\u00e1pida, usar nombres ligeramente m\u00e1s cortos que sigan siendo \u00fanicos evita el problema de compilaci\u00f3n."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48890.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48890",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:05.303",
"lastModified": "2024-08-21T07:15:05.303",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM\n\nstorvsc_queuecommand() maps the scatter/gather list using scsi_dma_map(),\nwhich in a confidential VM allocates swiotlb bounce buffers. If the I/O\nsubmission fails in storvsc_do_io(), the I/O is typically retried by higher\nlevel code, but the bounce buffer memory is never freed. The mostly like\ncause of I/O submission failure is a full VMBus channel ring buffer, which\nis not uncommon under high I/O loads. Eventually enough bounce buffer\nmemory leaks that the confidential VM can't do any I/O. The same problem\ncan arise in a non-confidential VM with kernel boot parameter\nswiotlb=force.\n\nFix this by doing scsi_dma_unmap() in the case of an I/O submission\nerror, which frees the bounce buffer memory."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: scsi: storvsc: corrige la fuga del b\u00fafer de rebote swiotlb en una VM confidencial storvsc_queuecommand() asigna la lista de dispersi\u00f3n/recopilaci\u00f3n usando scsi_dma_map(), que en una VM confidencial asigna buffers de rebote swiotlb. Si el env\u00edo de E/S falla en storvsc_do_io(), la E/S normalmente se reintenta mediante c\u00f3digo de nivel superior, pero la memoria del b\u00fafer de rebote nunca se libera. La causa m\u00e1s com\u00fan de falla en el env\u00edo de E/S es un b\u00fafer de anillo de canal VMBus lleno, lo cual no es infrecuente bajo cargas de E/S elevadas. Con el tiempo, se pierden suficientes memorias del b\u00fafer de rebote como para que la m\u00e1quina virtual confidencial no pueda realizar ninguna E/S. El mismo problema puede surgir en una m\u00e1quina virtual no confidencial con el par\u00e1metro de arranque del kernel swiotlb=force. Solucione este problema haciendo scsi_dma_unmap() en el caso de un error de env\u00edo de E/S, lo que libera la memoria del b\u00fafer de rebote."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48891.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48891",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:05.360",
"lastModified": "2024-08-21T07:15:05.360",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: da9211: Use irq handler when ready\n\nIf the system does not come from reset (like when it is kexec()), the\nregulator might have an IRQ waiting for us.\n\nIf we enable the IRQ handler before its structures are ready, we crash.\n\nThis patch fixes:\n\n[ 1.141839] Unable to handle kernel read from unreadable memory at virtual address 0000000000000078\n[ 1.316096] Call trace:\n[ 1.316101] blocking_notifier_call_chain+0x20/0xa8\n[ 1.322757] cpu cpu0: dummy supplies not allowed for exclusive requests\n[ 1.327823] regulator_notifier_call_chain+0x1c/0x2c\n[ 1.327825] da9211_irq_handler+0x68/0xf8\n[ 1.327829] irq_thread+0x11c/0x234\n[ 1.327833] kthread+0x13c/0x154"
},
{
"lang": "es",
"value": "En el kernel de Linux se ha solucionado la siguiente vulnerabilidad: regulator: da9211: Usar irq handler cuando est\u00e9 listo Si el sistema no viene del reset (como cuando es kexec()), es posible que el regulador tenga una IRQ esper\u00e1ndonos. Si habilitamos el controlador IRQ antes de que sus estructuras est\u00e9n listas, fallamos. Este parche corrige: [1.141839] No se puede manejar la lectura del kernel desde una memoria ilegible en la direcci\u00f3n virtual 0000000000000078 [1.316096] Rastreo de llamadas: [1.316101] blocking_notifier_call_chain+0x20/0xa8 [ 1.322757] cpu cpu0: suministros ficticios no permitidos para solicitudes exclusivas [ 1.327 823] regulador_notificador_call_chain +0x1c/0x2c [ 1.327825] da9211_irq_handler+0x68/0xf8 [ 1.327829] irq_thread+0x11c/0x234 [ 1.327833] kthread+0x13c/0x154"
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48892.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48892",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:05.420",
"lastModified": "2024-08-21T07:15:05.420",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/core: Fix use-after-free bug in dup_user_cpus_ptr()\n\nSince commit 07ec77a1d4e8 (\"sched: Allow task CPU affinity to be\nrestricted on asymmetric systems\"), the setting and clearing of\nuser_cpus_ptr are done under pi_lock for arm64 architecture. However,\ndup_user_cpus_ptr() accesses user_cpus_ptr without any lock\nprotection. Since sched_setaffinity() can be invoked from another\nprocess, the process being modified may be undergoing fork() at\nthe same time. When racing with the clearing of user_cpus_ptr in\n__set_cpus_allowed_ptr_locked(), it can lead to user-after-free and\npossibly double-free in arm64 kernel.\n\nCommit 8f9ea86fdf99 (\"sched: Always preserve the user requested\ncpumask\") fixes this problem as user_cpus_ptr, once set, will never\nbe cleared in a task's lifetime. However, this bug was re-introduced\nin commit 851a723e45d1 (\"sched: Always clear user_cpus_ptr in\ndo_set_cpus_allowed()\") which allows the clearing of user_cpus_ptr in\ndo_set_cpus_allowed(). This time, it will affect all arches.\n\nFix this bug by always clearing the user_cpus_ptr of the newly\ncloned/forked task before the copying process starts and check the\nuser_cpus_ptr state of the source task under pi_lock.\n\nNote to stable, this patch won't be applicable to stable releases.\nJust copy the new dup_user_cpus_ptr() function over."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: sched/core: corrige el error de use-after-free en dup_user_cpus_ptr() Desde el commit 07ec77a1d4e8 (\"sched: permitir que la afinidad de la CPU de la tarea se restrinja en sistemas asim\u00e9tricos\"), la configuraci\u00f3n y La limpieza de user_cpus_ptr se realiza en pi_lock para la arquitectura arm64. Sin embargo, dup_user_cpus_ptr() accede a user_cpus_ptr sin ninguna protecci\u00f3n de bloqueo. Dado que sched_setaffinity() puede invocarse desde otro proceso, el proceso que se est\u00e1 modificando puede estar pasando por fork() al mismo tiempo. Cuando se corre con la limpieza de user_cpus_ptr en __set_cpus_allowed_ptr_locked(), puede llevar a una liberaci\u00f3n posterior del usuario y posiblemente a una liberaci\u00f3n doble en el kernel arm64. El commit 8f9ea86fdf99 (\"programaci\u00f3n: conservar siempre la m\u00e1scara de CPU solicitada por el usuario\") soluciona este problema ya que user_cpus_ptr, una vez configurado, nunca se borrar\u00e1 durante la vida de una tarea. Sin embargo, este error se reintrodujo en el commit 851a723e45d1 (\"sched: borrar siempre user_cpus_ptr en do_set_cpus_allowed()\") que permite borrar user_cpus_ptr en do_set_cpus_allowed(). Esta vez afectar\u00e1 a todos los arcos. Corrija este error borrando siempre el user_cpus_ptr de la tarea reci\u00e9n clonada/bifurcada antes de que comience el proceso de copia y verifique el estado de user_cpus_ptr de la tarea fuente en pi_lock. Nota para las versiones estables: este parche no se aplicar\u00e1 a las versiones estables. Simplemente copie la nueva funci\u00f3n dup_user_cpus_ptr()."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48893.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48893",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:05.477",
"lastModified": "2024-08-21T07:15:05.477",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Cleanup partial engine discovery failures\n\nIf we abort driver initialisation in the middle of gt/engine discovery,\nsome engines will be fully setup and some not. Those incompletely setup\nengines only have 'engine->release == NULL' and so will leak any of the\ncommon objects allocated.\n\nv2:\n - Drop the destroy_pinned_context() helper for now. It's not really\n worth it with just a single callsite at the moment. (Janusz)"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/i915/gt: Limpieza de fallas parciales en el descubrimiento del motor Si abortamos la inicializaci\u00f3n del controlador en medio del descubrimiento de gt/engine, algunos motores estar\u00e1n completamente configurados y otros no. Esos motores configurados de forma incompleta solo tienen 'motor-&gt;liberaci\u00f3n == NULL' y, por lo tanto, filtrar\u00e1n cualquiera de los objetos comunes asignados. v2: - Suelta el ayudante destroy_pinned_context() por ahora. Realmente no vale la pena con un solo sitio de llamada en este momento. (Janusz)"
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48894.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48894",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:05.527",
"lastModified": "2024-08-21T07:15:05.527",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu-v3: Don't unregister on shutdown\n\nSimilar to SMMUv2, this driver calls iommu_device_unregister() from the\nshutdown path, which removes the IOMMU groups with no coordination\nwhatsoever with their users - shutdown methods are optional in device\ndrivers. This can lead to NULL pointer dereferences in those drivers'\nDMA API calls, or worse.\n\nInstead of calling the full arm_smmu_device_remove() from\narm_smmu_device_shutdown(), let's pick only the relevant function call -\narm_smmu_device_disable() - more or less the reverse of\narm_smmu_device_reset() - and call just that from the shutdown path."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/arm-smmu-v3: no cancelar el registro al apagar. Similar a SMMUv2, este controlador llama a iommu_device_unregister() desde la ruta de apagado, lo que elimina los grupos IOMMU sin coordinaci\u00f3n alguna. con sus usuarios: los m\u00e9todos de apagado son opcionales en los controladores de dispositivos. Esto puede provocar desreferencias de puntero NULL en las llamadas API DMA de esos controladores, o algo peor. En lugar de llamar al arm_smmu_device_remove() completo desde arm_smmu_device_shutdown(), seleccionemos solo la llamada a la funci\u00f3n relevante - arm_smmu_device_disable() - m\u00e1s o menos lo inverso de arm_smmu_device_reset() - y llamemos solo eso desde la ruta de apagado."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48895.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48895",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:05.580",
"lastModified": "2024-08-21T07:15:05.580",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu: Don't unregister on shutdown\n\nMichael Walle says he noticed the following stack trace while performing\na shutdown with \"reboot -f\". He suggests he got \"lucky\" and just hit the\ncorrect spot for the reboot while there was a packet transmission in\nflight.\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000098\nCPU: 0 PID: 23 Comm: kworker/0:1 Not tainted 6.1.0-rc5-00088-gf3600ff8e322 #1930\nHardware name: Kontron KBox A-230-LS (DT)\npc : iommu_get_dma_domain+0x14/0x20\nlr : iommu_dma_map_page+0x9c/0x254\nCall trace:\n iommu_get_dma_domain+0x14/0x20\n dma_map_page_attrs+0x1ec/0x250\n enetc_start_xmit+0x14c/0x10b0\n enetc_xmit+0x60/0xdc\n dev_hard_start_xmit+0xb8/0x210\n sch_direct_xmit+0x11c/0x420\n __dev_queue_xmit+0x354/0xb20\n ip6_finish_output2+0x280/0x5b0\n __ip6_finish_output+0x15c/0x270\n ip6_output+0x78/0x15c\n NF_HOOK.constprop.0+0x50/0xd0\n mld_sendpack+0x1bc/0x320\n mld_ifc_work+0x1d8/0x4dc\n process_one_work+0x1e8/0x460\n worker_thread+0x178/0x534\n kthread+0xe0/0xe4\n ret_from_fork+0x10/0x20\nCode: d503201f f9416800 d503233f d50323bf (f9404c00)\n---[ end trace 0000000000000000 ]---\nKernel panic - not syncing: Oops: Fatal exception in interrupt\n\nThis appears to be reproducible when the board has a fixed IP address,\nis ping flooded from another host, and \"reboot -f\" is used.\n\nThe following is one more manifestation of the issue:\n\n$ reboot -f\nkvm: exiting hardware virtualization\ncfg80211: failed to load regulatory.db\narm-smmu 5000000.iommu: disabling translation\nsdhci-esdhc 2140000.mmc: Removing from iommu group 11\nsdhci-esdhc 2150000.mmc: Removing from iommu group 12\nfsl-edma 22c0000.dma-controller: Removing from iommu group 17\ndwc3 3100000.usb: Removing from iommu group 9\ndwc3 3110000.usb: Removing from iommu group 10\nahci-qoriq 3200000.sata: Removing from iommu group 2\nfsl-qdma 8380000.dma-controller: Removing from iommu group 20\nplatform f080000.display: Removing from iommu group 0\netnaviv-gpu f0c0000.gpu: Removing from iommu group 1\netnaviv etnaviv: Removing from iommu group 1\ncaam_jr 8010000.jr: Removing from iommu group 13\ncaam_jr 8020000.jr: Removing from iommu group 14\ncaam_jr 8030000.jr: Removing from iommu group 15\ncaam_jr 8040000.jr: Removing from iommu group 16\nfsl_enetc 0000:00:00.0: Removing from iommu group 4\narm-smmu 5000000.iommu: Blocked unknown Stream ID 0x429; boot with \"arm-smmu.disable_bypass=0\" to allow, but this may have security implications\narm-smmu 5000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000002, GFSYNR1 0x00000429, GFSYNR2 0x00000000\nfsl_enetc 0000:00:00.1: Removing from iommu group 5\narm-smmu 5000000.iommu: Blocked unknown Stream ID 0x429; boot with \"arm-smmu.disable_bypass=0\" to allow, but this may have security implications\narm-smmu 5000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000002, GFSYNR1 0x00000429, GFSYNR2 0x00000000\narm-smmu 5000000.iommu: Blocked unknown Stream ID 0x429; boot with \"arm-smmu.disable_bypass=0\" to allow, but this may have security implications\narm-smmu 5000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00000429, GFSYNR2 0x00000000\nfsl_enetc 0000:00:00.2: Removing from iommu group 6\nfsl_enetc_mdio 0000:00:00.3: Removing from iommu group 8\nmscc_felix 0000:00:00.5: Removing from iommu group 3\nfsl_enetc 0000:00:00.6: Removing from iommu group 7\npcieport 0001:00:00.0: Removing from iommu group 18\narm-smmu 5000000.iommu: Blocked unknown Stream ID 0x429; boot with \"arm-smmu.disable_bypass=0\" to allow, but this may have security implications\narm-smmu 5000000.iommu: GFSR 0x00000002, GFSYNR0 0x00000000, GFSYNR1 0x00000429, GFSYNR2 0x00000000\npcieport 0002:00:00.0: Removing from iommu group 19\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000000a8\npc : iommu_get_dma_domain+0x14/0x20\nlr : iommu_dma_unmap_page+0x38/0xe0\nCall trace:\n iommu_get_dma_domain+0x14/0x20\n dma_unmap_page_attrs+0x38/0x1d0\n en\n---truncated---"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: iommu/arm-smmu: no cancelar el registro al apagar Michael Walle dice que not\u00f3 el siguiente seguimiento de pila mientras realizaba un apagado con \"reboot -f\". Sugiere que tuvo \"suerte\" y dio en el lugar correcto para el reinicio mientras hab\u00eda una transmisi\u00f3n de paquetes en vuelo. No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000098 CPU: 0 PID: 23 Comm: kworker/0:1 Not tainted 6.1.0-rc5-00088-gf3600ff8e322 #1930 Nombre de hardware: Kontron KBox A-230-LS (DT) pc: iommu_get_dma_domain+0x14/0x20 lr: iommu_dma_map_page+0x9c/0x254 Rastreo de llamadas: iommu_get_dma_domain+0x14/0x20 dma_map_page_attrs+0x1ec/0x250 enetc_start_xmit+0x14c/0x10b0 enetc_xmit+0x 60/0xdc dev_hard_start_xmit+0xb8/0x210 sch_direct_xmit+0x11c/0x420 __dev_queue_xmit+0x354 /0xb20 ip6_finish_output2+0x280/0x5b0 __ip6_finish_output+0x15c/0x270 ip6_output+0x78/0x15c NF_HOOK.constprop.0+0x50/0xd0 mld_sendpack+0x1bc/0x320 mld_ifc_work+0x1d8/0x4d c proceso_one_work+0x1e8/0x460 trabajador_thread+0x178/0x534 kthread+0xe0/ 0xe4 ret_from_fork+0x10/0x20 C\u00f3digo: d503201f f9416800 d503233f d50323bf (f9404c00) ---[ end trace 00000000000000000 ]--- P\u00e1nico del kernel - no se sincroniza: Ups: excepci\u00f3n fatal en la interrupci\u00f3n Esto parece ser reproducible cuando la placa tiene una IP direcci\u00f3n, se inunda el ping desde otro host y se utiliza \"reboot -f\". La siguiente es una manifestaci\u00f3n m\u00e1s del problema: $ reboot -f kvm: saliendo de la virtualizaci\u00f3n de hardware cfg80211: no se pudo cargar regulator.db arm-smmu 5000000.iommu: deshabilitando la traducci\u00f3n sdhci-esdhc 2140000.mmc: eliminando del grupo iommu 11 sdhci- esdhc 2150000.mmc: Eliminaci\u00f3n del grupo iommu 12 fsl-edma 22c0000.dma-controller: Eliminaci\u00f3n del grupo iommu 17 dwc3 3100000.usb: Eliminaci\u00f3n del grupo iommu 9 dwc3 3110000.usb: Eliminaci\u00f3n del grupo iommu 10 ahci-qoriq 3200000.sata : Eliminaci\u00f3n de iommu grupo 2 fsl-qdma 8380000.dma-controller: Eliminaci\u00f3n de iommu grupo 20 plataforma f080000.display: Eliminaci\u00f3n de iommu grupo 0 etnaviv-gpu f0c0000.gpu: Eliminaci\u00f3n de iommu grupo 1 etnaviv etnaviv: Eliminaci\u00f3n de iommu grupo 1 caam_jr 8010000.jr: Eliminando del grupo iommu 13 caam_jr 8020000.jr: Eliminando del grupo iommu 14 caam_jr 8030000.jr: Eliminando del grupo iommu 15 caam_jr 8040000.jr: Eliminando del grupo iommu 16 fsl_enetc 0000:00:00.0: Eliminando de iommu grupo 4 arm-smmu 5000000.iommu: ID de transmisi\u00f3n desconocida bloqueada 0x429; arranque con \"arm-smmu.disable_bypass=0\" para permitir, pero esto puede tener implicaciones de seguridad arm-smmu 5000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000002, GFSYNR1 0x00000429, GFSYNR2 0x00000000 fsl_enetc 0000:00 :00.1: Eliminaci\u00f3n del grupo 5 de Iommu arm-smmu 5000000.iommu: ID de transmisi\u00f3n desconocida bloqueada 0x429; arranque con \"arm-smmu.disable_bypass=0\" para permitir, pero esto puede tener implicaciones de seguridad arm-smmu 5000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000002, GFSYNR1 0x00000429, GFSYNR2 0x00000000 arm-smmu 5000000. iommu: ID de transmisi\u00f3n desconocida bloqueada 0x429 ; arranque con \"arm-smmu.disable_bypass=0\" para permitir, pero esto puede tener implicaciones de seguridad arm-smmu 5000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00000429, GFSYNR2 0x00000000 fsl_enetc 0000:00 :00.2: Eliminaci\u00f3n del grupo 6 de Iommu fsl_enetc_mdio 0000:00:00.3: Eliminaci\u00f3n del grupo iommu 8 mscc_felix 0000:00:00.5: Eliminaci\u00f3n del grupo iommu 3 fsl_enetc 0000:00:00.6: Eliminaci\u00f3n del grupo iommu 7 pcieport 0001:00:00.0: Eliminaci\u00f3n del grupo iommu 1 8 brazos- smmu 5000000.iommu: ID de transmisi\u00f3n desconocida bloqueada 0x429; arranque con \"arm-smmu.disable_bypass=0\" para permitir, pero esto puede tener implicaciones de seguridad arm-smmu 5000000.iommu: GFSR 0x00000002, GFSYNR0 0x00000000, GFSYNR1 0x00000429, GFSYNR2 0x00000000 pcieport 0002:00:00 .0: ---truncado---"
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48896.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48896",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:05.640",
"lastModified": "2024-08-21T07:15:05.640",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: fix pci device refcount leak\n\nAs the comment of pci_get_domain_bus_and_slot() says, it\nreturns a PCI device with refcount incremented, when finish\nusing it, the caller must decrement the reference count by\ncalling pci_dev_put().\n\nIn ixgbe_get_first_secondary_devfn() and ixgbe_x550em_a_has_mii(),\npci_dev_put() is called to avoid leak."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ixgbe: repara la fuga de recuento de dispositivos pci Como dice el comentario de pci_get_domain_bus_and_slot(), devuelve un dispositivo PCI con el recuento de referencia incrementado, cuando termine de usarlo, la persona que llama debe disminuir el recuento de referencias en llamando a pci_dev_put(). En ixgbe_get_first_secondary_devfn() y ixgbe_x550em_a_has_mii(), se llama a pci_dev_put() para evitar fugas."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48897.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48897",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:05.693",
"lastModified": "2024-08-21T07:15:05.693",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/mm: fix incorrect file_map_count for invalid pmd\n\nThe page table check trigger BUG_ON() unexpectedly when split hugepage:\n\n ------------[ cut here ]------------\n kernel BUG at mm/page_table_check.c:119!\n Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n Dumping ftrace buffer:\n (ftrace buffer empty)\n Modules linked in:\n CPU: 7 PID: 210 Comm: transhuge-stres Not tainted 6.1.0-rc3+ #748\n Hardware name: linux,dummy-virt (DT)\n pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : page_table_check_set.isra.0+0x398/0x468\n lr : page_table_check_set.isra.0+0x1c0/0x468\n[...]\n Call trace:\n page_table_check_set.isra.0+0x398/0x468\n __page_table_check_pte_set+0x160/0x1c0\n __split_huge_pmd_locked+0x900/0x1648\n __split_huge_pmd+0x28c/0x3b8\n unmap_page_range+0x428/0x858\n unmap_single_vma+0xf4/0x1c8\n zap_page_range+0x2b0/0x410\n madvise_vma_behavior+0xc44/0xe78\n do_madvise+0x280/0x698\n __arm64_sys_madvise+0x90/0xe8\n invoke_syscall.constprop.0+0xdc/0x1d8\n do_el0_svc+0xf4/0x3f8\n el0_svc+0x58/0x120\n el0t_64_sync_handler+0xb8/0xc0\n el0t_64_sync+0x19c/0x1a0\n[...]\n\nOn arm64, pmd_leaf() will return true even if the pmd is invalid due to\npmd_present_invalid() check. So in pmdp_invalidate() the file_map_count\nwill not only decrease once but also increase once. Then in set_pte_at(),\nthe file_map_count increase again, and so trigger BUG_ON() unexpectedly.\n\nAdd !pmd_present_invalid() check in pmd_user_accessible_page() to fix the\nproblem."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: arm64/mm: corrige file_map_count incorrecto para pmd no v\u00e1lido. La verificaci\u00f3n de la tabla de p\u00e1ginas activa BUG_ON() inesperadamente cuando se divide una p\u00e1gina enorme: ------------[ cortar aqu\u00ed ]------------ \u00a1ERROR del kernel en mm/page_table_check.c:119! Error interno: Ups - ERROR: 00000000f2000800 [#1] SMP Dumping ftrace buffer: (ftrace buffer vac\u00edo) M\u00f3dulos vinculados en: CPU: 7 PID: 210 Comm: transhuge-stres No contaminado 6.1.0-rc3+ #748 Nombre de hardware: linux ,dummy-virt (DT) pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc: page_table_check_set.isra.0+0x398/0x468 lr: page_table_check_set.isra.0+0x1c0/0x468 [...] Rastreo de llamadas: page_table_check_set.isra.0+0x398/0x468 __page_table_check_pte_set+0x160/0x1c0 __split_huge_pmd_locked+0x900/0x1648 __split_huge_pmd+0x28c/0x3b8 unmap_page_range+0x428/0x858 single_vma+0xf4/0x1c8 zap_page_range+0x2b0/0x410 madvise_vma_behavior+0xc44 /0xe78 do_madvise+0x280/0x698 __arm64_sys_madvise+0x90/0xe8 invoke_syscall.constprop.0+0xdc/0x1d8 do_el0_svc+0xf4/0x3f8 el0_svc+0x58/0x120 el0t_64_sync_handler+0x b8/0xc0 el0t_64_sync+0x19c/0x1a0 [...] En arm64, pmd_leaf () devolver\u00e1 verdadero incluso si el pmd no es v\u00e1lido debido a la verificaci\u00f3n pmd_present_invalid(). Entonces, en pmdp_invalidate() file_map_count no solo disminuir\u00e1 una vez sino que tambi\u00e9n aumentar\u00e1 una vez. Luego, en set_pte_at(), file_map_count aumenta nuevamente y, por lo tanto, activa BUG_ON() inesperadamente. Agregue !pmd_present_invalid() check in pmd_user_accessible_page() para solucionar el problema."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48898.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48898",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:05.750",
"lastModified": "2024-08-21T07:15:05.750",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer\n\nThere are 3 possible interrupt sources are handled by DP controller,\nHPDstatus, Controller state changes and Aux read/write transaction.\nAt every irq, DP controller have to check isr status of every interrupt\nsources and service the interrupt if its isr status bits shows interrupts\nare pending. There is potential race condition may happen at current aux\nisr handler implementation since it is always complete dp_aux_cmd_fifo_tx()\neven irq is not for aux read or write transaction. This may cause aux read\ntransaction return premature if host aux data read is in the middle of\nwaiting for sink to complete transferring data to host while irq happen.\nThis will cause host's receiving buffer contains unexpected data. This\npatch fixes this problem by checking aux isr and return immediately at\naux isr handler if there are no any isr status bits set.\n\nCurrent there is a bug report regrading eDP edid corruption happen during\nsystem booting up. After lengthy debugging to found that VIDEO_READY\ninterrupt was continuously firing during system booting up which cause\ndp_aux_isr() to complete dp_aux_cmd_fifo_tx() prematurely to retrieve data\nfrom aux hardware buffer which is not yet contains complete data transfer\nfrom sink. This cause edid corruption.\n\nFollows are the signature at kernel logs when problem happen,\nEDID has corrupt header\npanel-simple-dp-aux aux-aea0000.edp: Couldn't identify panel via EDID\n\nChanges in v2:\n-- do complete if (ret == IRQ_HANDLED) ay dp-aux_isr()\n-- add more commit text\n\nChanges in v3:\n-- add Stephen suggested\n-- dp_aux_isr() return IRQ_XXX back to caller\n-- dp_ctrl_isr() return IRQ_XXX back to caller\n\nChanges in v4:\n-- split into two patches\n\nChanges in v5:\n-- delete empty line between tags\n\nChanges in v6:\n-- remove extra \"that\" and fixed line more than 75 char at commit text\n\nPatchwork: https://patchwork.freedesktop.org/patch/516121/"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/msm/dp: no complete dp_aux_cmd_fifo_tx() si irq no es para transferencia auxiliar. Hay 3 posibles fuentes de interrupci\u00f3n que son manejadas por el controlador DP, HPDstatus, los cambios de estado del controlador y Aux. transacci\u00f3n de lectura/escritura. En cada irq, el controlador DP debe verificar el estado isr de cada fuente de interrupci\u00f3n y atender la interrupci\u00f3n si sus bits de estado isr muestran que hay interrupciones pendientes. Existe una posible condici\u00f3n de ejecuci\u00f3n que puede ocurrir en la implementaci\u00f3n actual del controlador aux isr, ya que siempre est\u00e1 completo dp_aux_cmd_fifo_tx(), incluso irq no es para transacciones de lectura o escritura auxiliar. Esto puede causar que la transacci\u00f3n de lectura auxiliar regrese prematuramente si la lectura de datos auxiliares del host est\u00e1 en medio de la espera de que el receptor complete la transferencia de datos al host mientras ocurre la irq. Esto har\u00e1 que el b\u00fafer de recepci\u00f3n del host contenga datos inesperados. Este parche soluciona este problema verificando aux isr y regresa inmediatamente al controlador aux isr si no hay ning\u00fan bit de estado isr establecido. Actualmente hay un informe de error que indica que la corrupci\u00f3n de eDP edid ocurre durante el inicio del sistema. Despu\u00e9s de una larga depuraci\u00f3n, descubr\u00ed que la interrupci\u00f3n VIDEO_READY se activaba continuamente durante el inicio del sistema, lo que provocaba que dp_aux_isr() completara dp_aux_cmd_fifo_tx() prematuramente para recuperar datos del b\u00fafer de hardware auxiliar que a\u00fan no contiene la transferencia completa de datos desde el receptor. Esto provoc\u00f3 corrupci\u00f3n. A continuaci\u00f3n se muestra la firma en los registros del kernel cuando ocurre un problema, EDID tiene el panel de encabezado corrupto-simple-dp-aux aux-aea0000.edp: No se pudo identificar el panel a trav\u00e9s de EDID Cambios en v2: - complete si (ret == IRQ_HANDLED) ay dp-aux_isr() - agregar m\u00e1s texto de confirmaci\u00f3n Cambios en v3: - agregar Stephen sugerido - dp_aux_isr() devolver IRQ_XXX a la persona que llama - dp_ctrl_isr() devolver IRQ_XXX a la persona que llama Cambios en v4: - dividir en dos parches Cambios en v5: - eliminar l\u00ednea vac\u00eda entre etiquetas Cambios en v6: - eliminar \"eso\" adicional y l\u00ednea fija de m\u00e1s de 75 caracteres en el texto de confirmaci\u00f3n Patchwork: https://patchwork.freedesktop.org/patch/516121/"
}
],
"metrics": {},

8
CVE-2022/CVE-2022-488xx/CVE-2022-48899.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48899",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:05.810",
"lastModified": "2024-08-21T07:15:05.810",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/virtio: Fix GEM handle creation UAF\n\nUserspace can guess the handle value and try to race GEM object creation\nwith handle close, resulting in a use-after-free if we dereference the\nobject after dropping the handle's reference. For that reason, dropping\nthe handle's reference must be done *after* we are done dereferencing\nthe object."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/virtio: corrige la creaci\u00f3n del identificador GEM. El espacio de usuario UAF puede adivinar el valor del identificador e intentar acelerar la creaci\u00f3n de objetos GEM con el cierre del identificador, lo que resulta en un use-after-free si desreferenciamos el objeto despu\u00e9s de soltar la referencia del identificador. Por esa raz\u00f3n, la eliminaci\u00f3n de la referencia del identificador debe realizarse *despu\u00e9s* de que hayamos terminado de desreferenciar el objeto."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-225xx/CVE-2023-22576.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-22576",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-08-21T10:15:04.173",
"lastModified": "2024-08-21T10:15:04.173",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. Exploitation may lead to unavailability of the service."
},
{
"lang": "es",
"value": "Dell Repository Manager versi\u00f3n 3.4.2 y anteriores contienen una vulnerabilidad de escalada de privilegios locales en el m\u00f3dulo de instalaci\u00f3n. Un atacante local con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad y ejecutar un ejecutable arbitrario en el sistema operativo con privilegios elevados utilizando la vulnerabilidad existente en el sistema operativo. La explotaci\u00f3n puede provocar la falta de disponibilidad del servicio."
}
],
"metrics": {

8
CVE-2023/CVE-2023-491xx/CVE-2023-49198.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-49198",
"sourceIdentifier": "security@apache.org",
"published": "2024-08-21T10:15:04.903",
"lastModified": "2024-08-21T10:15:04.903",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mysql security vulnerability in Apache SeaTunnel.\n\nAttackers can read files on the MySQL server by modifying the information in the MySQL URL\n\n allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360\nThis issue affects Apache SeaTunnel: 1.0.0.\n\nUsers are recommended to upgrade to version [1.0.1], which fixes the issue."
},
{
"lang": "es",
"value": "Vulnerabilidad de seguridad de MySQL en Apache SeaTunnel. Los atacantes pueden leer archivos en el servidor MySQL modificando la informaci\u00f3n en la URL de MySQL allowLoadLocalInfile=true&amp;allowUrlInLocalInfile=true&amp;allowLoadLocalInfileInPath=/&amp;maxAllowedPacket=655360 Este problema afecta a Apache SeaTunnel: 1.0.0. Se recomienda a los usuarios actualizar a la versi\u00f3n [1.0.1], que soluciona el problema."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-528xx/CVE-2023-52893.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52893",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:05.880",
"lastModified": "2024-08-21T07:15:05.880",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngsmi: fix null-deref in gsmi_get_variable\n\nWe can get EFI variables without fetching the attribute, so we must\nallow for that in gsmi.\n\ncommit 859748255b43 (\"efi: pstore: Omit efivars caching EFI varstore\naccess layer\") added a new get_variable call with attr=NULL, which\ntriggers panic in gsmi."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: gsmi: corrige null-deref en gsmi_get_variable Podemos obtener variables EFI sin recuperar el atributo, por lo que debemos permitir eso en gsmi. commit 859748255b43 (\"efi: pstore: Omit efivars caching EFI varstore access Layer\") agreg\u00f3 una nueva llamada get_variable con attr=NULL, lo que desencadena p\u00e1nico en gsmi."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-528xx/CVE-2023-52894.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52894",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:05.943",
"lastModified": "2024-08-21T07:15:05.943",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()\n\nIn Google internal bug 265639009 we've received an (as yet) unreproducible\ncrash report from an aarch64 GKI 5.10.149-android13 running device.\n\nAFAICT the source code is at:\n https://android.googlesource.com/kernel/common/+/refs/tags/ASB-2022-12-05_13-5.10\n\nThe call stack is:\n ncm_close() -> ncm_notify() -> ncm_do_notify()\nwith the crash at:\n ncm_do_notify+0x98/0x270\nCode: 79000d0b b9000a6c f940012a f9400269 (b9405d4b)\n\nWhich I believe disassembles to (I don't know ARM assembly, but it looks sane enough to me...):\n\n // halfword (16-bit) store presumably to event->wLength (at offset 6 of struct usb_cdc_notification)\n 0B 0D 00 79 strh w11, [x8, #6]\n\n // word (32-bit) store presumably to req->Length (at offset 8 of struct usb_request)\n 6C 0A 00 B9 str w12, [x19, #8]\n\n // x10 (NULL) was read here from offset 0 of valid pointer x9\n // IMHO we're reading 'cdev->gadget' and getting NULL\n // gadget is indeed at offset 0 of struct usb_composite_dev\n 2A 01 40 F9 ldr x10, [x9]\n\n // loading req->buf pointer, which is at offset 0 of struct usb_request\n 69 02 40 F9 ldr x9, [x19]\n\n // x10 is null, crash, appears to be attempt to read cdev->gadget->max_speed\n 4B 5D 40 B9 ldr w11, [x10, #0x5c]\n\nwhich seems to line up with ncm_do_notify() case NCM_NOTIFY_SPEED code fragment:\n\n event->wLength = cpu_to_le16(8);\n req->length = NCM_STATUS_BYTECOUNT;\n\n /* SPEED_CHANGE data is up/down speeds in bits/sec */\n data = req->buf + sizeof *event;\n data[0] = cpu_to_le32(ncm_bitrate(cdev->gadget));\n\nMy analysis of registers and NULL ptr deref crash offset\n (Unable to handle kernel NULL pointer dereference at virtual address 000000000000005c)\nheavily suggests that the crash is due to 'cdev->gadget' being NULL when executing:\n data[0] = cpu_to_le32(ncm_bitrate(cdev->gadget));\nwhich calls:\n ncm_bitrate(NULL)\nwhich then calls:\n gadget_is_superspeed(NULL)\nwhich reads\n ((struct usb_gadget *)NULL)->max_speed\nand hits a panic.\n\nAFAICT, if I'm counting right, the offset of max_speed is indeed 0x5C.\n(remember there's a GKI KABI reservation of 16 bytes in struct work_struct)\n\nIt's not at all clear to me how this is all supposed to work...\nbut returning 0 seems much better than panic-ing..."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: gadget: f_ncm: corrige potencial NULL ptr deref en ncm_bitrate() En el error interno de Google 265639009 hemos recibido un informe de fallo (hasta ahora) irreproducible de un aarch64 GKI 5.10. Dispositivo en ejecuci\u00f3n 149-android13. AFAICT, el c\u00f3digo fuente est\u00e1 en: https://android.googlesource.com/kernel/common/+/refs/tags/ASB-2022-12-05_13-5.10 La pila de llamadas es: ncm_close() -&gt; ncm_notify() - &gt; ncm_do_notify() con el bloqueo en: ncm_do_notify+0x98/0x270 C\u00f3digo: 79000d0b b9000a6c f940012a f9400269 (b9405d4b) El cual creo que se desmonta (no conozco el ensamblaje de ARM, pero me parece bastante sensato...): / / almac\u00e9n de media palabra (16 bits) presumiblemente en evento-&gt;wLength (en el desplazamiento 6 de la estructura usb_cdc_notification) 0B 0D 00 79 strh w11, [x8, #6] // almac\u00e9n de palabra (32 bits) presumiblemente en req-&gt;Longitud (en el desplazamiento 8 de la estructura usb_request) 6C 0A 00 B9 str w12, [x19, #8] // aqu\u00ed se ley\u00f3 x10 (NULL) desde el desplazamiento 0 del puntero v\u00e1lido x9 // En mi humilde opini\u00f3n, estamos leyendo 'cdev-&gt;gadget' y obtener NULL // el gadget est\u00e1 de hecho en el desplazamiento 0 de la estructura usb_composite_dev 2A 01 40 F9 ldr x10, [x9] // cargando el puntero req-&gt;buf, que est\u00e1 en el desplazamiento 0 de la estructura usb_request 69 02 40 F9 ldr x9, [x19 ] // x10 es nulo, falla, parece ser un intento de leer cdev-&gt;gadget-&gt;max_speed 4B 5D 40 B9 ldr w11, [x10, #0x5c] que parece alinearse con ncm_do_notify() caso NCM_NOTIFY_SPEED fragmento de c\u00f3digo: evento -&gt;wLongitud = cpu_to_le16(8); solicitud-&gt;longitud = NCM_STATUS_BYTECOUNT; /* Los datos SPEED_CHANGE son velocidades de subida/bajada en bits/seg. */ data = req-&gt;buf + sizeof *event; datos[0] = cpu_to_le32(ncm_bitrate(cdev-&gt;gadget)); Mi an\u00e1lisis de los registros y la compensaci\u00f3n de fallas de NULL ptr deref (no se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 000000000000005c) sugiere en gran medida que la falla se debe a que 'cdev-&gt;gadget' es NULL al ejecutar: datos[0] = cpu_to_le32(ncm_bitrate (cdev-&gt;gadget)); que llama: ncm_bitrate(NULL) que luego llama: gadget_is_superspeed(NULL) que lee ((struct usb_gadget *)NULL)-&gt;max_speed y entra en p\u00e1nico. AFAICT, si estoy contando bien, el desplazamiento de max_speed es de hecho 0x5C. (recuerde que hay una reserva GKI KABI de 16 bytes en la estructura work_struct) No me queda del todo claro c\u00f3mo se supone que funciona todo esto... pero devolver 0 parece mucho mejor que entrar en p\u00e1nico..."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-528xx/CVE-2023-52895.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52895",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:06.007",
"lastModified": "2024-08-21T07:15:06.007",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/poll: don't reissue in case of poll race on multishot request\n\nA previous commit fixed a poll race that can occur, but it's only\napplicable for multishot requests. For a multishot request, we can safely\nignore a spurious wakeup, as we never leave the waitqueue to begin with.\n\nA blunt reissue of a multishot armed request can cause us to leak a\nbuffer, if they are ring provided. While this seems like a bug in itself,\nit's not really defined behavior to reissue a multishot request directly.\nIt's less efficient to do so as well, and not required to rearm anything\nlike it is for singleshot poll requests."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: io_uring/poll: no volver a emitir en caso de ejecuci\u00f3n de sondeo en solicitud de m\u00faltiples disparos. Una confirmaci\u00f3n anterior solucion\u00f3 una ejecuci\u00f3n de sondeo que puede ocurrir, pero solo se aplica a solicitudes de m\u00faltiples disparos. Para una solicitud de disparo m\u00faltiple, podemos ignorar con seguridad una activaci\u00f3n espuria, ya que, para empezar, nunca salimos de la cola de espera. Una reemisi\u00f3n contundente de una solicitud de armado de m\u00faltiples disparos puede hacer que perdamos un b\u00fafer, si se proporciona en anillo. Si bien esto parece un error en s\u00ed mismo, en realidad no es un comportamiento definido volver a emitir una solicitud multidisparo directamente. Tambi\u00e9n es menos eficiente hacerlo y no es necesario rearmar nada como lo es para solicitudes de sondeo de un solo disparo."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-528xx/CVE-2023-52896.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52896",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:06.060",
"lastModified": "2024-08-21T07:15:06.060",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between quota rescan and disable leading to NULL pointer deref\n\nIf we have one task trying to start the quota rescan worker while another\none is trying to disable quotas, we can end up hitting a race that results\nin the quota rescan worker doing a NULL pointer dereference. The steps for\nthis are the following:\n\n1) Quotas are enabled;\n\n2) Task A calls the quota rescan ioctl and enters btrfs_qgroup_rescan().\n It calls qgroup_rescan_init() which returns 0 (success) and then joins a\n transaction and commits it;\n\n3) Task B calls the quota disable ioctl and enters btrfs_quota_disable().\n It clears the bit BTRFS_FS_QUOTA_ENABLED from fs_info->flags and calls\n btrfs_qgroup_wait_for_completion(), which returns immediately since the\n rescan worker is not yet running.\n Then it starts a transaction and locks fs_info->qgroup_ioctl_lock;\n\n4) Task A queues the rescan worker, by calling btrfs_queue_work();\n\n5) The rescan worker starts, and calls rescan_should_stop() at the start\n of its while loop, which results in 0 iterations of the loop, since\n the flag BTRFS_FS_QUOTA_ENABLED was cleared from fs_info->flags by\n task B at step 3);\n\n6) Task B sets fs_info->quota_root to NULL;\n\n7) The rescan worker tries to start a transaction and uses\n fs_info->quota_root as the root argument for btrfs_start_transaction().\n This results in a NULL pointer dereference down the call chain of\n btrfs_start_transaction(). The stack trace is something like the one\n reported in Link tag below:\n\n general protection fault, probably for non-canonical address 0xdffffc0000000041: 0000 [#1] PREEMPT SMP KASAN\n KASAN: null-ptr-deref in range [0x0000000000000208-0x000000000000020f]\n CPU: 1 PID: 34 Comm: kworker/u4:2 Not tainted 6.1.0-syzkaller-13872-gb6bb9676f216 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\n Workqueue: btrfs-qgroup-rescan btrfs_work_helper\n RIP: 0010:start_transaction+0x48/0x10f0 fs/btrfs/transaction.c:564\n Code: 48 89 fb 48 (...)\n RSP: 0018:ffffc90000ab7ab0 EFLAGS: 00010206\n RAX: 0000000000000041 RBX: 0000000000000208 RCX: ffff88801779ba80\n RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000\n RBP: dffffc0000000000 R08: 0000000000000001 R09: fffff52000156f5d\n R10: fffff52000156f5d R11: 1ffff92000156f5c R12: 0000000000000000\n R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000003\n FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f2bea75b718 CR3: 000000001d0cc000 CR4: 00000000003506e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n <TASK>\n btrfs_qgroup_rescan_worker+0x3bb/0x6a0 fs/btrfs/qgroup.c:3402\n btrfs_work_helper+0x312/0x850 fs/btrfs/async-thread.c:280\n process_one_work+0x877/0xdb0 kernel/workqueue.c:2289\n worker_thread+0xb14/0x1330 kernel/workqueue.c:2436\n kthread+0x266/0x300 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308\n </TASK>\n Modules linked in:\n\nSo fix this by having the rescan worker function not attempt to start a\ntransaction if it didn't do any rescan work."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: corrige la ejecuci\u00f3n entre el rescaneo de cuotas y la deshabilitaci\u00f3n que conduce a un puntero NULL deref. Si tenemos una tarea que intenta iniciar el trabajador de rescaneo de cuotas mientras otra intenta deshabilitar las cuotas, podemos finalizar hasta llegar a una ejecuci\u00f3n que resulta en que el trabajador de rescaneo de cuotas realice una desreferencia del puntero NULL. Los pasos para esto son los siguientes: 1) Se habilitan las cuotas; 2) La tarea A llama al ioctl de rescaneo de cuotas e ingresa btrfs_qgroup_rescan(). Llama a qgroup_rescan_init() que devuelve 0 (\u00e9xito) y luego se une a una transacci\u00f3n y la confirma; 3) La tarea B llama a ioctl de desactivaci\u00f3n de cuota e ingresa btrfs_quota_disable(). Borra el bit BTRFS_FS_QUOTA_ENABLED de fs_info-&gt;flags y llama a btrfs_qgroup_wait_for_completion(), que regresa inmediatamente ya que el trabajador de rescaneo a\u00fan no se est\u00e1 ejecutando. Luego inicia una transacci\u00f3n y bloquea fs_info-&gt;qgroup_ioctl_lock; 4) La tarea A pone en cola al trabajador que vuelve a escanear, llamando a btrfs_queue_work(); 5) El trabajador de rescaneo inicia y llama a rescan_should_stop() al inicio de su ciclo while, lo que resulta en 0 iteraciones del ciclo, ya que la bandera BTRFS_FS_QUOTA_ENABLED fue borrada de fs_info-&gt;flags por la tarea B en el paso 3); 6) La tarea B establece fs_info-&gt;quota_root en NULL; 7) El trabajador de rescaneo intenta iniciar una transacci\u00f3n y usa fs_info-&gt;quota_root como argumento ra\u00edz para btrfs_start_transaction(). Esto da como resultado una desreferencia del puntero NULL en la cadena de llamadas de btrfs_start_transaction(). El seguimiento de la pila es similar al que se informa en la etiqueta de enlace a continuaci\u00f3n: falla de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdffffc0000000041: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000208-0x0000000000000020f] CPU: 1 PID: 34 Comm: kworker/u4:2 No contaminado 6.1.0-syzkaller-13872-gb6bb9676f216 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 26/10/2022 Cola de trabajo: btrfs-qgroup-rescan btrfs_work_helper RIP: 0010:start_transaction+0x48/0x10f0 fs/btrfs/transaction.c:564 C\u00f3digo: 48 89 fb 48 (...) RSP: 0018:ffffc90000ab7ab0 EFLAGS: 00010206 RAX: 0000000000000041 X: 0000000000000208 RCX: ffff88801779ba80 RDX: 00000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: dffffc0000000000 R08: 0000000000000001 R09: fffff52000156f5d R10: fffff52000156f5d R11: 2000156f5c R12: 0000000000000000 R13: 0000000000000001 R14: 0000000000000001 R15: 00000000000000003 FS: 0000000000000000(0000) 8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f2bea75b718 CR3: 000000001d0cc000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 00000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: / btrfs/qgroup.c:3402 btrfs_work_helper+0x312/0x850 fs/btrfs/async-thread.c:280 Process_one_work+0x877/0xdb0 kernel/workqueue.c:2289 trabajador_thread+0xb14/0x1330 kernel/workqueue.c:2436 kthread+0x266 /0x300 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 M\u00f3dulos vinculados en: Solucione este problema haciendo que la funci\u00f3n de trabajo de rescaneo no intente iniciar una transacci\u00f3n si No hice ning\u00fan trabajo de reexploraci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-528xx/CVE-2023-52897.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52897",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:06.120",
"lastModified": "2024-08-21T07:15:06.120",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: do not warn on record without old_roots populated\n\n[BUG]\nThere are some reports from the mailing list that since v6.1 kernel, the\nWARN_ON() inside btrfs_qgroup_account_extent() gets triggered during\nrescan:\n\n WARNING: CPU: 3 PID: 6424 at fs/btrfs/qgroup.c:2756 btrfs_qgroup_account_extents+0x1ae/0x260 [btrfs]\n CPU: 3 PID: 6424 Comm: snapperd Tainted: P OE 6.1.2-1-default #1 openSUSE Tumbleweed 05c7a1b1b61d5627475528f71f50444637b5aad7\n RIP: 0010:btrfs_qgroup_account_extents+0x1ae/0x260 [btrfs]\n Call Trace:\n <TASK>\n btrfs_commit_transaction+0x30c/0xb40 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6]\n ? start_transaction+0xc3/0x5b0 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6]\n btrfs_qgroup_rescan+0x42/0xc0 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6]\n btrfs_ioctl+0x1ab9/0x25c0 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6]\n ? __rseq_handle_notify_resume+0xa9/0x4a0\n ? mntput_no_expire+0x4a/0x240\n ? __seccomp_filter+0x319/0x4d0\n __x64_sys_ioctl+0x90/0xd0\n do_syscall_64+0x5b/0x80\n ? syscall_exit_to_user_mode+0x17/0x40\n ? do_syscall_64+0x67/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x7fd9b790d9bf\n </TASK>\n\n[CAUSE]\nSince commit e15e9f43c7ca (\"btrfs: introduce\nBTRFS_QGROUP_RUNTIME_FLAG_NO_ACCOUNTING to skip qgroup accounting\"), if\nour qgroup is already in inconsistent state, we will no longer do the\ntime-consuming backref walk.\n\nThis can leave some qgroup records without a valid old_roots ulist.\nNormally this is fine, as btrfs_qgroup_account_extents() would also skip\nthose records if we have NO_ACCOUNTING flag set.\n\nBut there is a small window, if we have NO_ACCOUNTING flag set, and\ninserted some qgroup_record without a old_roots ulist, but then the user\ntriggered a qgroup rescan.\n\nDuring btrfs_qgroup_rescan(), we firstly clear NO_ACCOUNTING flag, then\ncommit current transaction.\n\nAnd since we have a qgroup_record with old_roots = NULL, we trigger the\nWARN_ON() during btrfs_qgroup_account_extents().\n\n[FIX]\nUnfortunately due to the introduction of NO_ACCOUNTING flag, the\nassumption that every qgroup_record would have its old_roots populated\nis no longer correct.\n\nFix the false alerts and drop the WARN_ON()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: btrfs: qgroup: no advertir en el registro sin old_roots poblado [ERROR] Hay algunos informes de la lista de correo que desde el kernel v6.1, WARN_ON() dentro de btrfs_qgroup_account_extent() se activa durante la nueva exploraci\u00f3n: ADVERTENCIA: CPU: 3 PID: 6424 en fs/btrfs/qgroup.c:2756 btrfs_qgroup_account_extents+0x1ae/0x260 [btrfs] CPU: 3 PID: 6424 Comm: snapperd Contaminado: P OE 6.1.2-1- predeterminado #1 openSUSE Tumbleweed 05c7a1b1b61d5627475528f71f50444637b5aad7 RIP: 0010:btrfs_qgroup_account_extents+0x1ae/0x260 [btrfs] Seguimiento de llamadas: btrfs_commit_transaction+0x30c/0xb40 c39c9c546c241c593f03bd6d5f39ea1b676250f6] ? start_transaction+0xc3/0x5b0 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6] btrfs_qgroup_rescan+0x42/0xc0 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f 6]btrfs_ioctl+0x1ab9/0x25c0 [btrfs c39c9c546c241c593f03bd6d5f39ea1b676250f6]? __rseq_handle_notify_resume+0xa9/0x4a0 ? mntput_no_expire+0x4a/0x240? __seccomp_filter+0x319/0x4d0 __x64_sys_ioctl+0x90/0xd0 do_syscall_64+0x5b/0x80 ? syscall_exit_to_user_mode+0x17/0x40? do_syscall_64+0x67/0x80 Entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fd9b790d9bf [CAUSA] Desde el commit e15e9f43c7ca (\"btrfs: introduzca BTRFS_QGROUP_RUNTIME_FLAG_NO_ACCOUNTING para omitir la contabilidad de qgroup\"), si qgroup ya est\u00e1 en estado inconsistente, no lo haremos Ya no hagas la larga caminata hacia atr\u00e1s. Esto puede dejar algunos registros de qgroup sin una lista old_roots v\u00e1lida. Normalmente, esto est\u00e1 bien, ya que btrfs_qgroup_account_extents() tambi\u00e9n omitir\u00eda esos registros si tenemos configurado el indicador NO_ACCOUNTING. Pero hay una peque\u00f1a ventana, si tenemos el indicador NO_ACCOUNTING configurado e insertamos alg\u00fan qgroup_record sin una lista old_roots, pero luego el usuario activ\u00f3 una nueva exploraci\u00f3n de qgroup. Durante btrfs_qgroup_rescan(), primero borramos el indicador NO_ACCOUNTING y luego confirmamos la transacci\u00f3n actual. Y como tenemos un qgroup_record con old_roots = NULL, activamos WARN_ON() durante btrfs_qgroup_account_extents(). [FIX] Desafortunadamente, debido a la introducci\u00f3n del indicador NO_ACCOUNTING, la suposici\u00f3n de que cada qgroup_record tendr\u00eda sus old_roots completadas ya no es correcta. Corrija las alertas falsas y elimine WARN_ON()."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-528xx/CVE-2023-52898.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52898",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:06.180",
"lastModified": "2024-08-21T07:15:06.180",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix null pointer dereference when host dies\n\nMake sure xhci_free_dev() and xhci_kill_endpoint_urbs() do not race\nand cause null pointer dereference when host suddenly dies.\n\nUsb core may call xhci_free_dev() which frees the xhci->devs[slot_id]\nvirt device at the same time that xhci_kill_endpoint_urbs() tries to\nloop through all the device's endpoints, checking if there are any\ncancelled urbs left to give back.\n\nhold the xhci spinlock while freeing the virt device"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xhci: corrige la desreferencia del puntero nulo cuando el host muere. Aseg\u00farese de que xhci_free_dev() y xhci_kill_endpoint_urbs() no corran y provoquen una desreferencia del puntero nulo cuando el host muere repentinamente. El n\u00facleo USB puede llamar a xhci_free_dev(), lo que libera el dispositivo virt xhci-&gt;devs[slot_id] al mismo tiempo que xhci_kill_endpoint_urbs() intenta recorrer todos los endpoints del dispositivo, verificando si quedan urbs canceladas para devolver. mantenga presionado el xhci spinlock mientras libera el dispositivo virt"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-528xx/CVE-2023-52899.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52899",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:06.237",
"lastModified": "2024-08-21T07:15:06.237",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nAdd exception protection processing for vd in axi_chan_handle_err function\n\nSince there is no protection for vd, a kernel panic will be\ntriggered here in exceptional cases.\n\nYou can refer to the processing of axi_chan_block_xfer_complete function\n\nThe triggered kernel panic is as follows:\n\n[ 67.848444] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060\n[ 67.848447] Mem abort info:\n[ 67.848449] ESR = 0x96000004\n[ 67.848451] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 67.848454] SET = 0, FnV = 0\n[ 67.848456] EA = 0, S1PTW = 0\n[ 67.848458] Data abort info:\n[ 67.848460] ISV = 0, ISS = 0x00000004\n[ 67.848462] CM = 0, WnR = 0\n[ 67.848465] user pgtable: 4k pages, 48-bit VAs, pgdp=00000800c4c0b000\n[ 67.848468] [0000000000000060] pgd=0000000000000000, p4d=0000000000000000\n[ 67.848472] Internal error: Oops: 96000004 [#1] SMP\n[ 67.848475] Modules linked in: dmatest\n[ 67.848479] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.100-emu_x2rc+ #11\n[ 67.848483] pstate: 62000085 (nZCv daIf -PAN -UAO +TCO BTYPE=--)\n[ 67.848487] pc : axi_chan_handle_err+0xc4/0x230\n[ 67.848491] lr : axi_chan_handle_err+0x30/0x230\n[ 67.848493] sp : ffff0803fe55ae50\n[ 67.848495] x29: ffff0803fe55ae50 x28: ffff800011212200\n[ 67.848500] x27: ffff0800c42c0080 x26: ffff0800c097c080\n[ 67.848504] x25: ffff800010d33880 x24: ffff80001139d850\n[ 67.848508] x23: ffff0800c097c168 x22: 0000000000000000\n[ 67.848512] x21: 0000000000000080 x20: 0000000000002000\n[ 67.848517] x19: ffff0800c097c080 x18: 0000000000000000\n[ 67.848521] x17: 0000000000000000 x16: 0000000000000000\n[ 67.848525] x15: 0000000000000000 x14: 0000000000000000\n[ 67.848529] x13: 0000000000000000 x12: 0000000000000040\n[ 67.848533] x11: ffff0800c0400248 x10: ffff0800c040024a\n[ 67.848538] x9 : ffff800010576cd4 x8 : ffff0800c0400270\n[ 67.848542] x7 : 0000000000000000 x6 : ffff0800c04003e0\n[ 67.848546] x5 : ffff0800c0400248 x4 : ffff0800c4294480\n[ 67.848550] x3 : dead000000000100 x2 : dead000000000122\n[ 67.848555] x1 : 0000000000000100 x0 : ffff0800c097c168\n[ 67.848559] Call trace:\n[ 67.848562] axi_chan_handle_err+0xc4/0x230\n[ 67.848566] dw_axi_dma_interrupt+0xf4/0x590\n[ 67.848569] __handle_irq_event_percpu+0x60/0x220\n[ 67.848573] handle_irq_event+0x64/0x120\n[ 67.848576] handle_fasteoi_irq+0xc4/0x220\n[ 67.848580] __handle_domain_irq+0x80/0xe0\n[ 67.848583] gic_handle_irq+0xc0/0x138\n[ 67.848585] el1_irq+0xc8/0x180\n[ 67.848588] arch_cpu_idle+0x14/0x2c\n[ 67.848591] default_idle_call+0x40/0x16c\n[ 67.848594] do_idle+0x1f0/0x250\n[ 67.848597] cpu_startup_entry+0x2c/0x60\n[ 67.848600] rest_init+0xc0/0xcc\n[ 67.848603] arch_call_rest_init+0x14/0x1c\n[ 67.848606] start_kernel+0x4cc/0x500\n[ 67.848610] Code: eb0002ff 9a9f12d6 f2fbd5a2 f2fbd5a3 (a94602c1)\n[ 67.848613] ---[ end trace 585a97036f88203a ]---"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Agregar procesamiento de protecci\u00f3n de excepci\u00f3n para vd en la funci\u00f3n axi_chan_handle_err Dado que no hay protecci\u00f3n para vd, aqu\u00ed se activar\u00e1 un p\u00e1nico del kernel en casos excepcionales. Puede consultar el procesamiento de la funci\u00f3n axi_chan_block_xfer_complete. El p\u00e1nico del kernel desencadenado es el siguiente: [67.848444] No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000060 [67.848447] Informaci\u00f3n de cancelaci\u00f3n de memoria: [67.848449] ESR = 0x96000004 [67.8 48451] CE = 0x25 : DABT (EL actual), IL = 32 bits [ 67.848454] SET = 0, FnV = 0 [ 67.848456] EA = 0, S1PTW = 0 [ 67.848458] Informaci\u00f3n de cancelaci\u00f3n de datos: [ 67.848460] ISV = 0, ISS = 0x00000004 [ 67.848462 ] CM = 0, WnR = 0 [ 67.848465] tabla de p\u00e1ginas de usuario: p\u00e1ginas de 4k, VA de 48 bits, pgdp=00000800c4c0b000 [ 67.848468] [0000000000000060] pgd=0000000000000000, 000000000000 [67.848472] Error interno: Ups: 96000004 [#1 ] SMP [67.848475] M\u00f3dulos vinculados en: dmatest [67.848479] CPU: 0 PID: 0 Comm: swapper/0 No contaminado 5.10.100-emu_x2rc+ #11 [67.848483] pstate: 62000085 (nZCv daIf -PAN -UAO +TCO BTYPE= --) [67.848487] pc: axi_chan_handle_err+0xc4/0x230 [67.848491] lr: axi_chan_handle_err+0x30/0x230 [67.848493] sp: ffff0803fe55ae50 [67.848495] x29: fe55ae50 x28: ffff800011212200 [ 67.848500] x27: ffff0800c42c0080 x26: ffff0800c097c080 [ 67.848504] x25: ffff800010d33880 x24: ffff80001139d850 [ 67.848508] x23: ffff0800c097c168 x22: 0000000000000000 [ 67.848512] x21: 0000000000000080 x20: 0000000000002000 [ 67.848517] x19: ffff0800c097c080 x18: 0000000000000000 [ 67.848521] x17: 0000000000000000 x16: 0000000000000 000 [67.848525] x15: 0000000000000000 x14: 0000000000000000 [ 67.848529] x13: 0000000000000000 x12: 0000000000000040 [ 67.848533] x11: ffff0800c0400248 x10: ffff0800c040024a [ 67.848538] x9: ffff800010576cd4 x8: ffff0800c0400270 [67.848542] x7: 0000000000000000 x6: ffff0800c04003e0 [67.848546] x5: 8x4: ffff0800c4294480 [67.848550] x3 : dead000000000100 x2 : dead000000000122 [ 67.848555 ] x1 : 0000000000000100 x0 : ffff0800c097c168 [ 67.848559 ] Rastreo de llamadas: [ 67.848562] 0x230 [ 67.848566] dw_axi_dma_interrupt+0xf4/0x590 [ 67.848569] __handle_irq_event_percpu+0x60/0x220 [ 67.848573] handle_irq_event+0x64 /0x120 [ 67.848576] handle_fasteoi_irq+0xc4/0x220 [ 67.848580] __handle_domain_irq+0x80/0xe0 [ 67.848583] gic_handle_irq+0xc0/0x138 [ 67.848585] 0x180 [67.848588] arch_cpu_idle+0x14/0x2c [67.848591] default_idle_call+0x40/0x16c [ 67.848594] do_idle+0x1f0/0x250 [ 67.848597] cpu_startup_entry+0x2c/0x60 [ 67.848600] rest_init+0xc0/0xcc [ 67.848603] arch_call_rest_init+0x14/0x1c [ 67.84860 6] start_kernel+0x4cc/0x500 [ 67.848610] C\u00f3digo: eb0002ff 9a9f12d6 f2fbd5a2 f2fbd5a3 ( a94602c1) [67.848613] ---[ final de seguimiento 585a97036f88203a ]---"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-529xx/CVE-2023-52900.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52900",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:06.297",
"lastModified": "2024-08-21T07:15:06.297",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix general protection fault in nilfs_btree_insert()\n\nIf nilfs2 reads a corrupted disk image and tries to reads a b-tree node\nblock by calling __nilfs_btree_get_block() against an invalid virtual\nblock address, it returns -ENOENT because conversion of the virtual block\naddress to a disk block address fails. However, this return value is the\nsame as the internal code that b-tree lookup routines return to indicate\nthat the block being searched does not exist, so functions that operate on\nthat b-tree may misbehave.\n\nWhen nilfs_btree_insert() receives this spurious 'not found' code from\nnilfs_btree_do_lookup(), it misunderstands that the 'not found' check was\nsuccessful and continues the insert operation using incomplete lookup path\ndata, causing the following crash:\n\n general protection fault, probably for non-canonical address\n 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN\n KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n ...\n RIP: 0010:nilfs_btree_get_nonroot_node fs/nilfs2/btree.c:418 [inline]\n RIP: 0010:nilfs_btree_prepare_insert fs/nilfs2/btree.c:1077 [inline]\n RIP: 0010:nilfs_btree_insert+0x6d3/0x1c10 fs/nilfs2/btree.c:1238\n Code: bc 24 80 00 00 00 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89\n ff e8 4b 02 92 fe 4d 8b 3f 49 83 c7 28 4c 89 f8 48 c1 e8 03 <42> 80 3c\n 28 00 74 08 4c 89 ff e8 2e 02 92 fe 4d 8b 3f 49 83 c7 02\n ...\n Call Trace:\n <TASK>\n nilfs_bmap_do_insert fs/nilfs2/bmap.c:121 [inline]\n nilfs_bmap_insert+0x20d/0x360 fs/nilfs2/bmap.c:147\n nilfs_get_block+0x414/0x8d0 fs/nilfs2/inode.c:101\n __block_write_begin_int+0x54c/0x1a80 fs/buffer.c:1991\n __block_write_begin fs/buffer.c:2041 [inline]\n block_write_begin+0x93/0x1e0 fs/buffer.c:2102\n nilfs_write_begin+0x9c/0x110 fs/nilfs2/inode.c:261\n generic_perform_write+0x2e4/0x5e0 mm/filemap.c:3772\n __generic_file_write_iter+0x176/0x400 mm/filemap.c:3900\n generic_file_write_iter+0xab/0x310 mm/filemap.c:3932\n call_write_iter include/linux/fs.h:2186 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x7dc/0xc50 fs/read_write.c:584\n ksys_write+0x177/0x2a0 fs/read_write.c:637\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n ...\n </TASK>\n\nThis patch fixes the root cause of this problem by replacing the error\ncode that __nilfs_btree_get_block() returns on block address conversion\nfailure from -ENOENT to another internal code -EINVAL which means that the\nb-tree metadata is corrupted.\n\nBy returning -EINVAL, it propagates without glitches, and for all relevant\nb-tree operations, functions in the upper bmap layer output an error\nmessage indicating corrupted b-tree metadata via\nnilfs_bmap_convert_error(), and code -EIO will be eventually returned as\nit should be."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: soluciona el fallo de protecci\u00f3n general en nilfs_btree_insert() Si nilfs2 lee una imagen de disco corrupta e intenta leer un bloque de nodo de \u00e1rbol b llamando a __nilfs_btree_get_block() contra una direcci\u00f3n de bloque virtual no v\u00e1lida, devuelve -ENOENT porque falla la conversi\u00f3n de la direcci\u00f3n del bloque virtual a una direcci\u00f3n de bloque de disco. Sin embargo, este valor de retorno es el mismo que el c\u00f3digo interno que devuelven las rutinas de b\u00fasqueda del \u00e1rbol b para indicar que el bloque que se busca no existe, por lo que las funciones que operan en ese \u00e1rbol b pueden comportarse mal. Cuando nilfs_btree_insert() recibe este c\u00f3digo falso 'no encontrado' de nilfs_btree_do_lookup(), malinterpreta que la verificaci\u00f3n 'no encontrado' fue exitosa y contin\u00faa la operaci\u00f3n de inserci\u00f3n utilizando datos de ruta de b\u00fasqueda incompletos, lo que provoca el siguiente bloqueo: falla de protecci\u00f3n general, probablemente por direcci\u00f3n no can\u00f3nica 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref en el rango [0x0000000000000028-0x000000000000002f] ... RIP: 0010:nilfs_btree_get_nonroot_node fs/nilfs 2/btree.c:418 [en l\u00ednea] RIP: 0010:nilfs_btree_prepare_insert fs/nilfs2/btree.c:1077 [en l\u00ednea] RIP: 0010:nilfs_btree_insert+0x6d3/0x1c10 fs/nilfs2/btree.c:1238 C\u00f3digo: bc 24 80 00 00 00 4c 89 f8 48 c1 e8 3 42 80 3c 28 00 74 08 4c 89 ff e8 4b 02 92 fe 4d 8b 3f 49 83 c7 28 4c 89 f8 48 c1 e8 03 &lt;42&gt; 80 3c 28 00 74 08 4c 89 ff e8 2e 02 92 fe 4d 8b f 49 83 c7 02... Seguimiento de llamadas: nilfs_bmap_do_insert fs/nilfs2/bmap.c:121 [en l\u00ednea] nilfs_bmap_insert+0x20d/0x360 fs/nilfs2/bmap.c:147 nilfs_get_block+0x414/0x8d0 fs/nilfs2/inode.c: 101 __block_write_begin_int+0x54c/0x1a80 fs/buffer.c:1991 __block_write_begin fs/buffer.c:2041 [en l\u00ednea] block_write_begin+0x93/0x1e0 fs/buffer.c:2102 nilfs_write_begin+0x9c/0x110 fs/nilfs2/inode.c :261 generic_perform_write+0x2e4/0x5e0 mm/filemap.c:3772 __generic_file_write_iter+0x176/0x400 mm/filemap.c:3900 generic_file_write_iter+0xab/0x310 mm/filemap.c:3932 call_write_iter include/linux/fs.h:2186 [en l\u00ednea] new_sync_write fs/read_write.c:491 [en l\u00ednea] vfs_write+0x7dc/0xc50 fs/read_write.c:584 ksys_write+0x177/0x2a0 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] do_syscall_64 +0x3d/0xb0 arch/x86/entry/common.c:80 Entry_SYSCALL_64_after_hwframe+0x63/0xcd ... Este parche soluciona la causa ra\u00edz de este problema reemplazando el c\u00f3digo de error que devuelve __nilfs_btree_get_block() en la conversi\u00f3n de direcciones de bloque falla de -ENOENT a otro c\u00f3digo interno -EINVAL, lo que significa que los metadatos del \u00e1rbol b est\u00e1n da\u00f1ados. Al devolver -EINVAL, se propaga sin fallos y, para todas las operaciones relevantes del \u00e1rbol b, las funciones en la capa superior del mapa b generan un mensaje de error que indica metadatos del \u00e1rbol b corruptos a trav\u00e9s de nilfs_bmap_convert_error(), y el c\u00f3digo -EIO se devolver\u00e1 eventualmente cuando deber\u00eda ser."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-529xx/CVE-2023-52901.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52901",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:06.363",
"lastModified": "2024-08-21T07:15:06.363",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Check endpoint is valid before dereferencing it\n\nWhen the host controller is not responding, all URBs queued to all\nendpoints need to be killed. This can cause a kernel panic if we\ndereference an invalid endpoint.\n\nFix this by using xhci_get_virt_ep() helper to find the endpoint and\nchecking if the endpoint is valid before dereferencing it.\n\n[233311.853271] xhci-hcd xhci-hcd.1.auto: xHCI host controller not responding, assume dead\n[233311.853393] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000e8\n\n[233311.853964] pc : xhci_hc_died+0x10c/0x270\n[233311.853971] lr : xhci_hc_died+0x1ac/0x270\n\n[233311.854077] Call trace:\n[233311.854085] xhci_hc_died+0x10c/0x270\n[233311.854093] xhci_stop_endpoint_command_watchdog+0x100/0x1a4\n[233311.854105] call_timer_fn+0x50/0x2d4\n[233311.854112] expire_timers+0xac/0x2e4\n[233311.854118] run_timer_softirq+0x300/0xabc\n[233311.854127] __do_softirq+0x148/0x528\n[233311.854135] irq_exit+0x194/0x1a8\n[233311.854143] __handle_domain_irq+0x164/0x1d0\n[233311.854149] gic_handle_irq.22273+0x10c/0x188\n[233311.854156] el1_irq+0xfc/0x1a8\n[233311.854175] lpm_cpuidle_enter+0x25c/0x418 [msm_pm]\n[233311.854185] cpuidle_enter_state+0x1f0/0x764\n[233311.854194] do_idle+0x594/0x6ac\n[233311.854201] cpu_startup_entry+0x7c/0x80\n[233311.854209] secondary_start_kernel+0x170/0x198"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: usb: xhci: verifique que el endpoint sea v\u00e1lido antes de desreferenciarlo. Cuando el controlador de host no responde, se deben eliminar todas las URB en cola para todos los endpoints. Esto puede provocar un p\u00e1nico en el kernel si eliminamos la referencia a un endpoint no v\u00e1lido. Solucione este problema utilizando el asistente xhci_get_virt_ep() para encontrar el endpoint y comprobar si es v\u00e1lido antes de desreferenciarlo. [233311.853271] xhci-hcd xhci-hcd.1.auto: El controlador de host xHCI no responde, se supone muerto [233311.853393] No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 00000000000000e8 [233311.853964] pc: xhci_hc_died+0x10c/ 0x270 [233311.853971] lr : xhci_hc_died+0x1ac/0x270 [233311.854077] Rastreo de llamadas: [233311.854085] xhci_hc_died+0x10c/0x270 [233311.854093] xhci_stop_endpoint_command_watchdog+0x100/0x1a4 11.854105] call_timer_fn+0x50/0x2d4 [233311.854112] expire_timers+0xac/0x2e4 [233311.854118] run_timer_softirq+0x300 /0xabc [233311.854127] __do_softirq+0x148/0x528 [233311.854135] irq_exit+0x194/0x1a8 [233311.854143] __handle_domain_irq+0x164/0x1d0 [233311.854149] gic_handle_irq.22273+0x10c/0x188 [233311.854156] el1_irq+0xfc/0x1a8 [233311.854175] lpm_cpuidle_enter+0x25c /0x418 [msm_pm] [233311.854185] cpuidle_enter_state+0x1f0/0x764 [233311.854194] do_idle+0x594/0x6ac [233311.854201] cpu_startup_entry+0x7c/0x80 [233311.8542 09] kernel_inicio_secundario+0x170/0x198"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-529xx/CVE-2023-52902.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52902",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:06.427",
"lastModified": "2024-08-21T07:15:06.427",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnommu: fix memory leak in do_mmap() error path\n\nThe preallocation of the maple tree nodes may leak if the error path to\n\"error_just_free\" is taken. Fix this by moving the freeing of the maple\ntree nodes to a shared location for all error paths."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: nommu: corrige la p\u00e9rdida de memoria en la ruta de error do_mmap() La preasignaci\u00f3n de los nodos del \u00e1rbol de arce puede perderse si se toma la ruta de error a \"error_just_free\". Solucione este problema moviendo la liberaci\u00f3n de los nodos del \u00e1rbol de arce a una ubicaci\u00f3n compartida para todas las rutas de error."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-529xx/CVE-2023-52903.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52903",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:06.480",
"lastModified": "2024-08-21T07:15:06.480",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: lock overflowing for IOPOLL\n\nsyzbot reports an issue with overflow filling for IOPOLL:\n\nWARNING: CPU: 0 PID: 28 at io_uring/io_uring.c:734 io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734\nCPU: 0 PID: 28 Comm: kworker/u4:1 Not tainted 6.2.0-rc3-syzkaller-16369-g358a161a6a9e #0\nWorkqueue: events_unbound io_ring_exit_work\nCall trace:\n\u00a0io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734\n\u00a0io_req_cqe_overflow+0x5c/0x70 io_uring/io_uring.c:773\n\u00a0io_fill_cqe_req io_uring/io_uring.h:168 [inline]\n\u00a0io_do_iopoll+0x474/0x62c io_uring/rw.c:1065\n\u00a0io_iopoll_try_reap_events+0x6c/0x108 io_uring/io_uring.c:1513\n\u00a0io_uring_try_cancel_requests+0x13c/0x258 io_uring/io_uring.c:3056\n\u00a0io_ring_exit_work+0xec/0x390 io_uring/io_uring.c:2869\n\u00a0process_one_work+0x2d8/0x504 kernel/workqueue.c:2289\n\u00a0worker_thread+0x340/0x610 kernel/workqueue.c:2436\n\u00a0kthread+0x12c/0x158 kernel/kthread.c:376\n\u00a0ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:863\n\nThere is no real problem for normal IOPOLL as flush is also called with\nuring_lock taken, but it's getting more complicated for IOPOLL|SQPOLL,\nfor which __io_cqring_overflow_flush() happens from the CQ waiting path."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: io_uring: bloqueo desbordado para IOPOLL syzbot informa un problema con el desbordamiento de llenado para IOPOLL: ADVERTENCIA: CPU: 0 PID: 28 en io_uring/io_uring.c:734 io_cqring_event_overflow+0x1c0/0x230 io_uring /io_uring.c:734 CPU: 0 PID: 28 Comm: kworker/u4:1 No contaminado 6.2.0-rc3-syzkaller-16369-g358a161a6a9e #0 Cola de trabajo: events_unbound io_ring_exit_work Seguimiento de llamadas: io_cqring_event_overflow+0x1c0/0x230 durante. c:734 io_req_cqe_overflow+0x5c/0x70 io_uring/io_uring.c:773 io_fill_cqe_req io_uring/io_uring.h:168 [en l\u00ednea] io_do_iopoll+0x474/0x62c io_uring/rw.c:1065 io_iopoll_try_reap_events+0x6c /0x108 io_uring/io_uring.c:1513 io_uring_try_cancel_requests+0x13c/0x258 io_uring/io_uring.c:3056 io_ring_exit_work+0xec/0x390 io_uring/io_uring.c:2869 Process_one_work+0x2d8/0x504 kernel/workqueue.c:2289 trabajador_thread+0x340/0x610 ue.c:2436 khilo+ 0x12c/0x158 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:863 No hay ning\u00fan problema real para IOPOLL normal ya que tambi\u00e9n se llama a descarga con uring_lock tomado, pero se est\u00e1 volviendo m\u00e1s complicado para IOPOLL |SQPOLL, para el cual __io_cqring_overflow_flush() ocurre desde la ruta de espera de CQ."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-529xx/CVE-2023-52904.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52904",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:06.540",
"lastModified": "2024-08-21T07:15:06.540",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()\n\nThe subs function argument may be NULL, so do not use it before the NULL check."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: usb-audio: corrige la posible desreferencia del puntero NULL en snd_usb_pcm_has_fixed_rate() El argumento de la funci\u00f3n subs puede ser NULL, as\u00ed que no lo use antes de la verificaci\u00f3n NULL."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-529xx/CVE-2023-52905.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52905",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:06.597",
"lastModified": "2024-08-21T07:15:06.597",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix resource leakage in VF driver unbind\n\nresources allocated like mcam entries to support the Ntuple feature\nand hash tables for the tc feature are not getting freed in driver\nunbind. This patch fixes the issue."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: octeontx2-pf: corrige la p\u00e9rdida de recursos en la desvinculaci\u00f3n del controlador VF, los recursos asignados como entradas mcam para admitir la funci\u00f3n Ntuple y las tablas hash para la funci\u00f3n tc no se liberan en la desvinculaci\u00f3n del controlador. Este parche soluciona el problema."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-529xx/CVE-2023-52906.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52906",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:06.663",
"lastModified": "2024-08-21T07:15:06.663",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_mpls: Fix warning during failed attribute validation\n\nThe 'TCA_MPLS_LABEL' attribute is of 'NLA_U32' type, but has a\nvalidation type of 'NLA_VALIDATE_FUNCTION'. This is an invalid\ncombination according to the comment above 'struct nla_policy':\n\n\"\nMeaning of `validate' field, use via NLA_POLICY_VALIDATE_FN:\n NLA_BINARY Validation function called for the attribute.\n All other Unused - but note that it's a union\n\"\n\nThis can trigger the warning [1] in nla_get_range_unsigned() when\nvalidation of the attribute fails. Despite being of 'NLA_U32' type, the\nassociated 'min'/'max' fields in the policy are negative as they are\naliased by the 'validate' field.\n\nFix by changing the attribute type to 'NLA_BINARY' which is consistent\nwith the above comment and all other users of NLA_POLICY_VALIDATE_FN().\nAs a result, move the length validation to the validation function.\n\nNo regressions in MPLS tests:\n\n # ./tdc.py -f tc-tests/actions/mpls.json\n [...]\n # echo $?\n 0\n\n[1]\nWARNING: CPU: 0 PID: 17743 at lib/nlattr.c:118\nnla_get_range_unsigned+0x1d8/0x1e0 lib/nlattr.c:117\nModules linked in:\nCPU: 0 PID: 17743 Comm: syz-executor.0 Not tainted 6.1.0-rc8 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org 04/01/2014\nRIP: 0010:nla_get_range_unsigned+0x1d8/0x1e0 lib/nlattr.c:117\n[...]\nCall Trace:\n <TASK>\n __netlink_policy_dump_write_attr+0x23d/0x990 net/netlink/policy.c:310\n netlink_policy_dump_write_attr+0x22/0x30 net/netlink/policy.c:411\n netlink_ack_tlv_fill net/netlink/af_netlink.c:2454 [inline]\n netlink_ack+0x546/0x760 net/netlink/af_netlink.c:2506\n netlink_rcv_skb+0x1b7/0x240 net/netlink/af_netlink.c:2546\n rtnetlink_rcv+0x18/0x20 net/core/rtnetlink.c:6109\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x5e9/0x6b0 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x739/0x860 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg net/socket.c:734 [inline]\n ____sys_sendmsg+0x38f/0x500 net/socket.c:2482\n ___sys_sendmsg net/socket.c:2536 [inline]\n __sys_sendmsg+0x197/0x230 net/socket.c:2565\n __do_sys_sendmsg net/socket.c:2574 [inline]\n __se_sys_sendmsg net/socket.c:2572 [inline]\n __x64_sys_sendmsg+0x42/0x50 net/socket.c:2572\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/sched: act_mpls: Advertencia de correcci\u00f3n durante la validaci\u00f3n fallida del atributo El atributo 'TCA_MPLS_LABEL' es de tipo 'NLA_U32', pero tiene un tipo de validaci\u00f3n de 'NLA_VALIDATE_FUNCTION'. Esta es una combinaci\u00f3n no v\u00e1lida seg\u00fan el comentario anterior 'struct nla_policy': \" Significado del campo `validar', util\u00edcelo a trav\u00e9s de NLA_POLICY_VALIDATE_FN: NLA_BINARY Funci\u00f3n de validaci\u00f3n llamada para el atributo. Todos los dem\u00e1s no utilizados, pero tenga en cuenta que es una uni\u00f3n \" Esto puede desencadenar la advertencia [1] en nla_get_range_unsigned() cuando falla la validaci\u00f3n del atributo. A pesar de ser del tipo 'NLA_U32', los campos 'min'/'max' asociados en la pol\u00edtica son negativos ya que tienen un alias del campo 'validate'. Para solucionarlo, cambie el tipo de atributo a 'NLA_BINARY', que es coherente con el comentario anterior y con todos los dem\u00e1s usuarios de NLA_POLICY_VALIDATE_FN(). Como resultado, mueva la validaci\u00f3n de longitud a la funci\u00f3n de validaci\u00f3n. No hay regresiones en las pruebas MPLS: # ./tdc.py -f tc-tests/actions/mpls.json [...] # echo $? 0 [1] ADVERTENCIA: CPU: 0 PID: 17743 en lib/nlattr.c:118 nla_get_range_unsigned+0x1d8/0x1e0 lib/nlattr.c:117 M\u00f3dulos vinculados en: CPU: 0 PID: 17743 Comm: syz-executor.0 No tainted 6.1.0-rc8 #3 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS rel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org 01/04/2014 RIP: 0010:nla_get_range_unsigned+0x1d8 /0x1e0 lib/nlattr.c:117 [...] Seguimiento de llamadas: __netlink_policy_dump_write_attr+0x23d/0x990 net/netlink/policy.c:310 netlink_policy_dump_write_attr+0x22/0x30 net/netlink/policy.c:411 netlink_ack_tlv_fill net /netlink/af_netlink.c:2454 [en l\u00ednea] netlink_ack+0x546/0x760 net/netlink/af_netlink.c:2506 netlink_rcv_skb+0x1b7/0x240 net/netlink/af_netlink.c:2546 rtnetlink_rcv+0x18/0x20 net/core/rtnetlink. c:6109 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [en l\u00ednea] netlink_unicast+0x5e9/0x6b0 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x739/0x860 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c :714 [en l\u00ednea] sock_sendmsg net/socket.c:734 [en l\u00ednea] ____sys_sendmsg+0x38f/0x500 net/socket.c:2482 ___sys_sendmsg net/socket.c:2536 [en l\u00ednea] __sys_sendmsg+0x197/0x230 net/socket.c: 2565 __do_sys_sendmsg net/socket.c:2574 [en l\u00ednea] __se_sys_sendmsg net/socket.c:2572 [en l\u00ednea] __x64_sys_sendmsg+0x42/0x50 net/socket.c:2572 do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 Entry_SYSCALL_64_after_hwframe+0x63/0xcd"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-529xx/CVE-2023-52907.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52907",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:06.733",
"lastModified": "2024-08-21T07:15:06.733",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()\n\nFix a use-after-free that occurs in hcd when in_urb sent from\npn533_usb_send_frame() is completed earlier than out_urb. Its callback\nfrees the skb data in pn533_send_async_complete() that is used as a\ntransfer buffer of out_urb. Wait before sending in_urb until the\ncallback of out_urb is called. To modify the callback of out_urb alone,\nseparate the complete function of out_urb and ack_urb.\n\nFound by a modified version of syzkaller.\n\nBUG: KASAN: use-after-free in dummy_timer\nCall Trace:\n memcpy (mm/kasan/shadow.c:65)\n dummy_perform_transfer (drivers/usb/gadget/udc/dummy_hcd.c:1352)\n transfer (drivers/usb/gadget/udc/dummy_hcd.c:1453)\n dummy_timer (drivers/usb/gadget/udc/dummy_hcd.c:1972)\n arch_static_branch (arch/x86/include/asm/jump_label.h:27)\n static_key_false (include/linux/jump_label.h:207)\n timer_expire_exit (include/trace/events/timer.h:127)\n call_timer_fn (kernel/time/timer.c:1475)\n expire_timers (kernel/time/timer.c:1519)\n __run_timers (kernel/time/timer.c:1790)\n run_timer_softirq (kernel/time/timer.c:1803)"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: nfc: pn533: espere a que se complete out_urb en pn533_usb_send_frame() Se corrige un use-after-free que ocurre en hcd cuando in_urb enviado desde pn533_usb_send_frame() se completa antes que out_urb. Su devoluci\u00f3n de llamada libera los datos de skb en pn533_send_async_complete() que se utilizan como b\u00fafer de transferencia de out_urb. Espere antes de enviar in_urb hasta que se llame a la devoluci\u00f3n de llamada de out_urb. Para modificar la devoluci\u00f3n de llamada de out_urb solo, separe la funci\u00f3n completa de out_urb y ack_urb. Encontrado por una versi\u00f3n modificada de syzkaller. ERROR: KASAN: use-after-free en dummy_timer Rastreo de llamadas: memcpy (mm/kasan/shadow.c:65) dummy_perform_transfer (drivers/usb/gadget/udc/dummy_hcd.c:1352) transfer (drivers/usb/gadget/ udc/dummy_hcd.c:1453) dummy_timer (drivers/usb/gadget/udc/dummy_hcd.c:1972) arch_static_branch (arch/x86/include/asm/jump_label.h:27) static_key_false (include/linux/jump_label.h: 207) timer_expire_exit (include/trace/events/timer.h:127) call_timer_fn (kernel/time/timer.c:1475) expire_timers (kernel/time/timer.c:1519) __run_timers (kernel/time/timer.c: 1790) run_timer_softirq (n\u00facleo/hora/timer.c:1803)"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-529xx/CVE-2023-52908.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52908",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:06.800",
"lastModified": "2024-08-21T07:15:06.800",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix potential NULL dereference\n\nFix potential NULL dereference, in the case when \"man\", the resource manager\nmight be NULL, when/if we print debug information."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: corrige una posible desreferencia NULL. Se corrige una posible desreferencia NULL, en el caso de que sea \"man\", el administrador de recursos podr\u00eda ser NULL, cuando/si imprimimos informaci\u00f3n de depuraci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-529xx/CVE-2023-52909.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52909",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:06.857",
"lastModified": "2024-08-21T07:15:06.857",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix handling of cached open files in nfsd4_open codepath\n\nCommit fb70bf124b05 (\"NFSD: Instantiate a struct file when creating a\nregular NFSv4 file\") added the ability to cache an open fd over a\ncompound. There are a couple of problems with the way this currently\nworks:\n\nIt's racy, as a newly-created nfsd_file can end up with its PENDING bit\ncleared while the nf is hashed, and the nf_file pointer is still zeroed\nout. Other tasks can find it in this state and they expect to see a\nvalid nf_file, and can oops if nf_file is NULL.\n\nAlso, there is no guarantee that we'll end up creating a new nfsd_file\nif one is already in the hash. If an extant entry is in the hash with a\nvalid nf_file, nfs4_get_vfs_file will clobber its nf_file pointer with\nthe value of op_file and the old nf_file will leak.\n\nFix both issues by making a new nfsd_file_acquirei_opened variant that\ntakes an optional file pointer. If one is present when this is called,\nwe'll take a new reference to it instead of trying to open the file. If\nthe nfsd_file already has a valid nf_file, we'll just ignore the\noptional file and pass the nfsd_file back as-is.\n\nAlso rework the tracepoints a bit to allow for an \"opened\" variant and\ndon't try to avoid counting acquisitions in the case where we already\nhave a cached open file."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: corrige el manejo de archivos abiertos almacenados en cach\u00e9 en la ruta de c\u00f3digo nfsd4_open el commit fb70bf124b05 (\"NFSD: crear una instancia de un archivo de estructura al crear un archivo NFSv4 normal\") agreg\u00f3 la capacidad de almacenar en cach\u00e9 un fd abierto sobre un compuesto. Hay un par de problemas con la forma en que esto funciona actualmente: Es picante, ya que un nfsd_file reci\u00e9n creado puede terminar con su bit PENDIENTE borrado mientras el nf tiene hash, y el puntero nf_file todav\u00eda est\u00e1 puesto a cero. Otras tareas pueden encontrarlo en este estado y esperan ver un nf_file v\u00e1lido, y pueden ir si nf_file es NULL. Adem\u00e1s, no hay garant\u00eda de que terminemos creando un nuevo nfsd_file si ya hay uno en el hash. Si una entrada existente est\u00e1 en el hash con un nf_file v\u00e1lido, nfs4_get_vfs_file golpear\u00e1 su puntero nf_file con el valor de op_file y el antiguo nf_file se filtrar\u00e1. Solucione ambos problemas creando una nueva variante nfsd_file_acquirei_opened que toma un puntero de archivo opcional. Si hay uno presente cuando se llama, tomaremos una nueva referencia en lugar de intentar abrir el archivo. Si el nfsd_file ya tiene un nf_file v\u00e1lido, simplemente ignoraremos el archivo opcional y devolveremos el nfsd_file tal como est\u00e1. Tambi\u00e9n vuelva a trabajar un poco los puntos de seguimiento para permitir una variante \"abierta\" y no intente evitar contar adquisiciones en el caso de que ya tengamos un archivo abierto en cach\u00e9."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-529xx/CVE-2023-52910.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52910",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:06.910",
"lastModified": "2024-08-21T07:15:06.910",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/iova: Fix alloc iova overflows issue\n\nIn __alloc_and_insert_iova_range, there is an issue that retry_pfn\noverflows. The value of iovad->anchor.pfn_hi is ~0UL, then when\niovad->cached_node is iovad->anchor, curr_iova->pfn_hi + 1 will\noverflow. As a result, if the retry logic is executed, low_pfn is\nupdated to 0, and then new_pfn < low_pfn returns false to make the\nallocation successful.\n\nThis issue occurs in the following two situations:\n1. The first iova size exceeds the domain size. When initializing\niova domain, iovad->cached_node is assigned as iovad->anchor. For\nexample, the iova domain size is 10M, start_pfn is 0x1_F000_0000,\nand the iova size allocated for the first time is 11M. The\nfollowing is the log information, new->pfn_lo is smaller than\niovad->cached_node.\n\nExample log as follows:\n[ 223.798112][T1705487] sh: [name:iova&]__alloc_and_insert_iova_range\nstart_pfn:0x1f0000,retry_pfn:0x0,size:0xb00,limit_pfn:0x1f0a00\n[ 223.799590][T1705487] sh: [name:iova&]__alloc_and_insert_iova_range\nsuccess start_pfn:0x1f0000,new->pfn_lo:0x1efe00,new->pfn_hi:0x1f08ff\n\n2. The node with the largest iova->pfn_lo value in the iova domain\nis deleted, iovad->cached_node will be updated to iovad->anchor,\nand then the alloc iova size exceeds the maximum iova size that can\nbe allocated in the domain.\n\nAfter judging that retry_pfn is less than limit_pfn, call retry_pfn+1\nto fix the overflow issue."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: iommu/iova: soluciona el problema de desbordamiento de alloc iova. En __alloc_and_insert_iova_range, hay un problema que retry_pfn se desborda. El valor de iovad-&gt;anchor.pfn_hi es ~0UL, luego, cuando iovad-&gt;cached_node es iovad-&gt;anchor, curr_iova-&gt;pfn_hi + 1 se desbordar\u00e1. Como resultado, si se ejecuta la l\u00f3gica de reintento, low_pfn se actualiza a 0 y luego new_pfn &lt; low_pfn devuelve falso para que la asignaci\u00f3n sea exitosa. Este problema ocurre en las dos situaciones siguientes: 1. El tama\u00f1o del primer iova excede el tama\u00f1o del dominio. Al inicializar el dominio iova, iovad-&gt;cached_node se asigna como iovad-&gt;anchor. Por ejemplo, el tama\u00f1o del dominio iova es 10 M, start_pfn es 0x1_F000_0000 y el tama\u00f1o de iova asignado por primera vez es 11 M. La siguiente es la informaci\u00f3n de registro, new-&gt;pfn_lo es m\u00e1s peque\u00f1o que iovad-&gt;cached_node. Registro de ejemplo como sigue: [ 223.798112][T1705487] sh: [name:iova&amp;]__alloc_and_insert_iova_range start_pfn:0x1f0000,retry_pfn:0x0,size:0xb00,limit_pfn:0x1f0a00 [ 223.799590][T1705487] [nombre:iova&amp;]__alloc_and_insert_iova_range \u00e9xito start_pfn :0x1f0000,new-&gt;pfn_lo:0x1efe00,new-&gt;pfn_hi:0x1f08ff 2. El nodo con el valor iova-&gt;pfn_lo m\u00e1s grande en el dominio iova se elimina, iovad-&gt;cached_node se actualizar\u00e1 a iovad-&gt;anchor y luego el tama\u00f1o de alloc iova excede el tama\u00f1o m\u00e1ximo de iova que se puede asignar en el dominio. Despu\u00e9s de juzgar que retry_pfn es menor que limit_pfn, llame a retry_pfn+1 para solucionar el problema de desbordamiento."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-529xx/CVE-2023-52911.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52911",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:06.967",
"lastModified": "2024-08-21T07:15:06.967",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: another fix for the headless Adreno GPU\n\nFix another oops reproducible when rebooting the board with the Adreno\nGPU working in the headless mode (e.g. iMX platforms).\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000 when read\n[00000000] *pgd=74936831, *pte=00000000, *ppte=00000000\nInternal error: Oops: 17 [#1] ARM\nCPU: 0 PID: 51 Comm: reboot Not tainted 6.2.0-rc1-dirty #11\nHardware name: Freescale i.MX53 (Device Tree Support)\nPC is at msm_atomic_commit_tail+0x50/0x970\nLR is at commit_tail+0x9c/0x188\npc : [<c06aa430>] lr : [<c067a214>] psr: 600e0013\nsp : e0851d30 ip : ee4eb7eb fp : 00090acc\nr10: 00000058 r9 : c2193014 r8 : c4310000\nr7 : c4759380 r6 : 07bef61d r5 : 00000000 r4 : 00000000\nr3 : c44cc440 r2 : 00000000 r1 : 00000000 r0 : 00000000\nFlags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none\nControl: 10c5387d Table: 74910019 DAC: 00000051\nRegister r0 information: NULL pointer\nRegister r1 information: NULL pointer\nRegister r2 information: NULL pointer\nRegister r3 information: slab kmalloc-1k start c44cc400 pointer offset 64 size 1024\nRegister r4 information: NULL pointer\nRegister r5 information: NULL pointer\nRegister r6 information: non-paged memory\nRegister r7 information: slab kmalloc-128 start c4759380 pointer offset 0 size 128\nRegister r8 information: slab kmalloc-2k start c4310000 pointer offset 0 size 2048\nRegister r9 information: non-slab/vmalloc memory\nRegister r10 information: non-paged memory\nRegister r11 information: non-paged memory\nRegister r12 information: non-paged memory\nProcess reboot (pid: 51, stack limit = 0xc80046d9)\nStack: (0xe0851d30 to 0xe0852000)\n1d20: c4759380 fbd77200 000005ff 002b9c70\n1d40: c4759380 c4759380 00000000 07bef61d 00000600 c0d6fe7c c2193014 00000058\n1d60: 00090acc c067a214 00000000 c4759380 c4310000 00000000 c44cc854 c067a89c\n1d80: 00000000 00000000 00000000 c4310468 00000000 c4759380 c4310000 c4310468\n1da0: c4310470 c0643258 c4759380 00000000 00000000 c0c4ee24 00000000 c44cc810\n1dc0: 00000000 c0c4ee24 00000000 c44cc810 00000000 0347d2a8 e0851e00 e0851e00\n1de0: c4759380 c067ad20 c4310000 00000000 c44cc810 c27f8718 c44cc854 c067adb8\n1e00: c4933000 00000002 00000001 00000000 00000000 c2130850 00000000 c2130854\n1e20: c25fc488 00000000 c0ff162c 00000000 00000001 00000002 00000000 00000000\n1e40: c43102c0 c43102c0 00000000 0347d2a8 c44cc810 c44cc814 c2133da8 c06d1a60\n1e60: 00000000 00000000 00079028 c2012f24 fee1dead c4933000 00000058 c01431e4\n1e80: 01234567 c0143a20 00000000 00000000 00000000 00000000 00000000 00000000\n1ea0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1ec0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f80: 00000000 00000000 00000000 0347d2a8 00000002 00000004 00000078 00000058\n1fa0: c010028c c0100060 00000002 00000004 fee1dead 28121969 01234567 00079028\n1fc0: 00000002 00000004 00000078 00000058 0002fdc5 00000000 00000000 00090acc\n1fe0: 00000058 becc9c64 b6e97e05 b6e0e5f6 600e0030 fee1dead 00000000 00000000\n msm_atomic_commit_tail from commit_tail+0x9c/0x188\n commit_tail from drm_atomic_helper_commit+0x160/0x188\n drm_atomic_helper_commit from drm_atomic_commit+0xac/0xe0\n drm_atomic_commit from drm_atomic_helper_disable_all+0x1b0/0x1c0\n drm_atomic_helper_disable_all from drm_atomic_helper_shutdown+0x88/0x140\n drm_atomic_helper_shutdown from device_shutdown+0x16c/0x240\n device_shutdown from kernel_restart+0x38/0x90\n kernel_restart from __do_sys_reboot+0x\n---truncated---"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/msm: otra soluci\u00f3n para la GPU Adreno sin cabeza. Se corrigi\u00f3 otro error reproducible al reiniciar la placa con la GPU Adreno funcionando en modo sin cabeza (por ejemplo, plataformas iMX). No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 00000000 cuando se lee [00000000] *pgd=74936831, *pte=00000000, *ppte=00000000 Error interno: Ups: 17 [#1] ARM CPU: 0 PID: 51 Comm: reiniciar Not tainted 6.2.0-rc1-dirty #11 Nombre del hardware: Freescale i.MX53 (soporte de \u00e1rbol de dispositivos) La PC est\u00e1 en msm_atomic_commit_tail+0x50/0x970 LR est\u00e1 en commit_tail+0x9c/0x188 pc: [] lr: [&lt; c067a214&gt;] psr: 600e0013 sp: e0851d30 ip: ee4eb7eb fp: 00090acc r10: 00000058 r9: c2193014 r8: c4310000 r7: c4759380 r6: 07bef61d r5: 00000 r4: 00000000 r3: c44cc440 r2: 00000000 r1: 00000000 r0: 00000000 Banderas: nZCv IRQ en FIQ en Modo SVC_32 ISA ARM Segmento ninguno Control: 10c5387d Tabla: 74910019 DAC: 00000051 Informaci\u00f3n del registro r0: puntero NULL Informaci\u00f3n del registro r1: puntero NULL Informaci\u00f3n del registro r2: puntero NULL Informaci\u00f3n del registro r3: slab kmalloc-1k inicio c44cc400 desplazamiento del puntero 64 tama\u00f1o 1024 Informaci\u00f3n del registro r4: puntero NULL Informaci\u00f3n del registro r5: puntero NULL Informaci\u00f3n del registro r6: memoria no paginada Informaci\u00f3n del registro r7: slab kmalloc-128 inicio c4759380 desplazamiento del puntero 0 tama\u00f1o 128 Informaci\u00f3n del registro r8: slab kmalloc-2k inicio c4310000 desplazamiento del puntero 0 tama\u00f1o 2048 Informaci\u00f3n del registro r9: memoria no slab/vmalloc Informaci\u00f3n del registro r10: memoria no paginada Informaci\u00f3n del registro r11: memoria no paginada Informaci\u00f3n del registro r12: memoria no paginada Reinicio del proceso (pid: 51, l\u00edmite de pila = 0xc80046d9) Pila : (0xe0851d30 a 0xe0852000) 1d20: c4759380 fbd77200 000005ff 002b9c70 1d40: c4759380 c4759380 00000000 07bef61d 00000600 c0d6fe7c 3014 00000058 1d60: 00090acc c067a214 00000000 c4759380 c4310000 00000000 c44cc854 c067a89c 1d80: 00000000 00000000 00000000 c431046 8 00000000 c4759380 c4310000 c4310468 1da0: c4310470 c0643258 c4759380 00000000 00000000 c0c4ee24 00000000 c44cc810 1dc0: 00000000 c0c4ee24 00000000 c44cc810 00000000 0347d2a8 e0851e00 e0851e00 1de0: c4759380 c067ad20 c4310000 00 c44cc810 c27f8718 c44cc854 c067adb8 1e00: c4933000 00000002 00000001 00000000 00000000 c2130850 00000000 c2130854 1e20: c25fc488 00000 c0ff162c 00000000 00000001 00000002 00000000 00000000 1e40: c43102c0 c43102c0 00000000 0347d2a8 c44cc810 c44cc814 c2133da8 c06d1a60 1e60: 00000000 00000000 00079028 c2012f24 fee1dead c4933000 00000058 c01431e4 1e80: 01234567 c0143a20 00000000 000 00000000 00000000 00000000 00000000 1ea0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 1ec0: 000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 1ee0: 00000000 00000000 00000000 00000000 00000000 0000 00000000 00000000 1f00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 1f20: 00000000 00000000 000000 00000000 00000000 00000000 00000000 00000000 1f40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000 1f60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 1f80: 00000000 00000000 00000000 0347d2a 8 00000002 00000004 00000078 00000058 1fa0: c010028c c0100060 00000002 00000004 fee1dead 28121969 01234567 00079028 1fc0: 00000002 00000004 00000078 0000058 0002fdc5 00000000 00000000 00090acc 1fe0: 00000058 becc9c64 b6e97e05 b6e0e5f6 600e0030 fee1dead 00000000 00000000 msm_atomic_commit_tail de commit_tail+ 0x9c/0x188 commit_tail de drm_atomic_helper_commit+0x160/0x188 drm_atomic_helper_commit de drm_atomic_commit+ 0xac/0xe0 drm_atomic_commit de drm_atomic_helper_disable_all+0x1b0/0x1c0 drm_atomic_helper_disable_all de drm_atomic_helper_shutdown+0x88/0x140 drm_atomic_helper_shutdown de device_shutdown+0x16c/0x240 device_shutdown de kernel_restart+0x 38/0x90 kernel_restart desde __do_sys_reboot+0x ---truncado---"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-529xx/CVE-2023-52912.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52912",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:07.020",
"lastModified": "2024-08-21T07:15:07.020",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fixed bug on error when unloading amdgpu\n\nFixed bug on error when unloading amdgpu.\n\nThe error message is as follows:\n[ 377.706202] kernel BUG at drivers/gpu/drm/drm_buddy.c:278!\n[ 377.706215] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[ 377.706222] CPU: 4 PID: 8610 Comm: modprobe Tainted: G IOE 6.0.0-thomas #1\n[ 377.706231] Hardware name: ASUS System Product Name/PRIME Z390-A, BIOS 2004 11/02/2021\n[ 377.706238] RIP: 0010:drm_buddy_free_block+0x26/0x30 [drm_buddy]\n[ 377.706264] Code: 00 00 00 90 0f 1f 44 00 00 48 8b 0e 89 c8 25 00 0c 00 00 3d 00 04 00 00 75 10 48 8b 47 18 48 d3 e0 48 01 47 28 e9 fa fe ff ff <0f> 0b 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 41 54 55 48 89 f5 53\n[ 377.706282] RSP: 0018:ffffad2dc4683cb8 EFLAGS: 00010287\n[ 377.706289] RAX: 0000000000000000 RBX: ffff8b1743bd5138 RCX: 0000000000000000\n[ 377.706297] RDX: ffff8b1743bd5160 RSI: ffff8b1743bd5c78 RDI: ffff8b16d1b25f70\n[ 377.706304] RBP: ffff8b1743bd59e0 R08: 0000000000000001 R09: 0000000000000001\n[ 377.706311] R10: ffff8b16c8572400 R11: ffffad2dc4683cf0 R12: ffff8b16d1b25f70\n[ 377.706318] R13: ffff8b16d1b25fd0 R14: ffff8b1743bd59c0 R15: ffff8b16d1b25f70\n[ 377.706325] FS: 00007fec56c72c40(0000) GS:ffff8b1836500000(0000) knlGS:0000000000000000\n[ 377.706334] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 377.706340] CR2: 00007f9b88c1ba50 CR3: 0000000110450004 CR4: 00000000003706e0\n[ 377.706347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 377.706354] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 377.706361] Call Trace:\n[ 377.706365] <TASK>\n[ 377.706369] drm_buddy_free_list+0x2a/0x60 [drm_buddy]\n[ 377.706376] amdgpu_vram_mgr_fini+0xea/0x180 [amdgpu]\n[ 377.706572] amdgpu_ttm_fini+0x12e/0x1a0 [amdgpu]\n[ 377.706650] amdgpu_bo_fini+0x22/0x90 [amdgpu]\n[ 377.706727] gmc_v11_0_sw_fini+0x26/0x30 [amdgpu]\n[ 377.706821] amdgpu_device_fini_sw+0xa1/0x3c0 [amdgpu]\n[ 377.706897] amdgpu_driver_release_kms+0x12/0x30 [amdgpu]\n[ 377.706975] drm_dev_release+0x20/0x40 [drm]\n[ 377.707006] release_nodes+0x35/0xb0\n[ 377.707014] devres_release_all+0x8b/0xc0\n[ 377.707020] device_unbind_cleanup+0xe/0x70\n[ 377.707027] device_release_driver_internal+0xee/0x160\n[ 377.707033] driver_detach+0x44/0x90\n[ 377.707039] bus_remove_driver+0x55/0xe0\n[ 377.707045] pci_unregister_driver+0x3b/0x90\n[ 377.707052] amdgpu_exit+0x11/0x6c [amdgpu]\n[ 377.707194] __x64_sys_delete_module+0x142/0x2b0\n[ 377.707201] ? fpregs_assert_state_consistent+0x22/0x50\n[ 377.707208] ? exit_to_user_mode_prepare+0x3e/0x190\n[ 377.707215] do_syscall_64+0x38/0x90\n[ 377.707221] entry_SYSCALL_64_after_hwframe+0x63/0xcd"
},
{
"lang": "es",
"value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: Se corrigi\u00f3 el error al descargar amdgpu. Se corrigi\u00f3 el error al descargar amdgpu. El mensaje de error es el siguiente: [377.706202] ERROR del kernel en drivers/gpu/drm/drm_buddy.c:278. [ 377.706215] c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP NOPTI [ 377.706222] CPU: 4 PID: 8610 Comm: modprobe Contaminado: G IOE 6.0.0-thomas #1 [ 377.706231] Nombre de hardware: Nombre del producto del sistema ASUS/PRIME Z390 -A, BIOS 2004 02/11/2021 [377.706238] RIP: 0010:drm_buddy_free_block+0x26/0x30 [drm_buddy] [377.706264] C\u00f3digo: 00 00 00 90 0f 1f 44 00 00 48 8b 0e 89 8 25 00 0c 00 00 3d 00 04 00 00 75 10 48 8b 47 18 48 d3 e0 48 01 47 28 e9 fa fe ff ff &lt;0f&gt; 0b 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 41 54 55 48 89 f5 [ 377.706282] RSP : 0018:ffffad2dc4683cb8 EFLAGS: 00010287 [ 377.706289] RAX: 0000000000000000 RBX: ffff8b1743bd5138 RCX: 0000000000000000 [ 377.706297] RDX: ffff8b1743bd5160 RSI: ffff8b1743bd5c78 RDI: ffff8b16d1b25f70 [ 377.706304] RBP: ffff8b1743bd59e0 R08: 0000000000000001 R09: 00000000000000001 [ 377.706311] R10: ffff8b16c8572400 R11 : ffffad2dc4683cf0 R12: ffff8b16d1b25f70 [ 377.706318] R13: ffff8b16d1b25fd0 R14: ffff8b1743bd59c0 R15: ffff8b16d1b25f70 [ 377.706325] FS: 07fec56c72c40(0000) GS:ffff8b1836500000(0000) knlGS:0000000000000000 [ 377.706334] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 377.706340] CR2: 00007f9b88c1ba50 CR3: 0000000110450004 CR4: 00000000003706e0 [ 377.706347] DR0: 0000000000000000 DR1: 00000000000000 00 DR2: 0000000000000000 [ 377.706354] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 377.706361] Seguimiento de llamadas: [ 377.706365] &gt; [ 377.706369 ] drm_buddy_free_list+0x2a/0x60 [drm_buddy] [ 377.706376] amdgpu_vram_mgr_fini+0xea/0x180 [amdgpu] [ 377.706572] amdgpu_ttm_fini+0x12e/0x1a0 [amdgpu] [ 377.706650] dgpu_bo_fini+0x22/0x90 [amdgpu] [ 377.706727] gmc_v11_0_sw_fini+0x26/0x30 [amdgpu] [ 377.706821] amdgpu_device_fini_sw+0xa1/0x3c0 [amdgpu] [ 377.706897] amdgpu_driver_release_kms+0x12/0x30 [amdgpu] [ 377.706975] drm_dev_release+0x20/0x40 [drm] 377.707006] release_nodes+0x35/0xb0 [ 377.707014] devres_release_all+0x8b /0xc0 [ 377.707020] dispositivo_unbind_cleanup+0xe/0x70 [ 377.707027] dispositivo_release_driver_internal+0xee/0x160 [ 377.707033] driver_detach+0x44/0x90 [ 377.707039] bus_remove_driver+0x55/0x e0 [377.707045] pci_unregister_driver+0x3b/0x90 [377.707052] amdgpu_exit+0x11/0x6c [amdgpu] [377.707194] __x64_sys_delete_module+0x142/0x2b0 [377.707201]? fpregs_assert_state_consistent+0x22/0x50 [377.707208]? exit_to_user_mode_prepare+0x3e/0x190 [ 377.707215] do_syscall_64+0x38/0x90 [ 377.707221] entrada_SYSCALL_64_after_hwframe+0x63/0xcd"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-529xx/CVE-2023-52913.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52913",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:07.087",
"lastModified": "2024-08-21T07:15:07.087",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: Fix potential context UAFs\n\ngem_context_register() makes the context visible to userspace, and which\npoint a separate thread can trigger the I915_GEM_CONTEXT_DESTROY ioctl.\nSo we need to ensure that nothing uses the ctx ptr after this. And we\nneed to ensure that adding the ctx to the xarray is the *last* thing\nthat gem_context_register() does with the ctx pointer.\n\n[tursulin: Stable and fixes tags add/tidy.]\n(cherry picked from commit bed4b455cf5374e68879be56971c1da563bcd90c)"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/i915: corrige posibles UAF de contexto gem_context_register() hace que el contexto sea visible para el espacio de usuario, y en qu\u00e9 punto un hilo separado puede activar el ioctl I915_GEM_CONTEXT_DESTROY. Por lo tanto, debemos asegurarnos de que nada use ctx ptr despu\u00e9s de esto. Y debemos asegurarnos de que agregar ctx al xarray sea lo *\u00faltimo* que hace gem_context_register() con el puntero ctx. [tursulin: etiquetas estables y corregidas agregadas/ordenadas.] (seleccionado de el commit bed4b455cf5374e68879be56971c1da563bcd90c)"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-529xx/CVE-2023-52914.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52914",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:07.143",
"lastModified": "2024-08-21T07:15:07.143",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/poll: add hash if ready poll request can't complete inline\n\nIf we don't, then we may lose access to it completely, leading to a\nrequest leak. This will eventually stall the ring exit process as\nwell."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: io_uring/poll: agregue hash si la solicitud de sondeo lista no se puede completar en l\u00ednea. Si no lo hacemos, podemos perder el acceso a ella por completo, lo que provocar\u00e1 una fuga de solicitud. Esto eventualmente tambi\u00e9n detendr\u00e1 el proceso de salida del anillo."
}
],
"metrics": {},

6
CVE-2024/CVE-2024-10xx/CVE-2024-1062.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1062",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-12T13:15:09.210",
"lastModified": "2024-07-18T16:15:06.337",
"lastModified": "2024-08-21T13:15:04.323",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -72,6 +72,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:4633",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:5690",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-1062",
"source": "secalert@redhat.com"

6
CVE-2024/CVE-2024-21xx/CVE-2024-2199.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-2199",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-05-28T12:15:08.950",
"lastModified": "2024-07-18T16:15:06.620",
"lastModified": "2024-08-21T13:15:04.610",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -80,6 +80,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:4633",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:5690",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-2199",
"source": "secalert@redhat.com"

8
CVE-2024/CVE-2024-222xx/CVE-2024-22281.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22281",
"sourceIdentifier": "security@apache.org",
"published": "2024-08-20T23:15:03.347",
"lastModified": "2024-08-20T23:15:03.347",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "security@apache.org",
@ -16,6 +16,10 @@
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** The Apache Helix Front (UI) component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies.\n\nThis issue affects Apache Helix Front (UI): all versions.\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO SE ASIGN\u00d3 ** El componente Apache Helix Front (UI) conten\u00eda un secreto codificado que permit\u00eda a un atacante falsificar sesiones generando sus propias cookies falsas. Este problema afecta a Apache Helix Front (UI): todas las versiones. Como este proyecto est\u00e1 retirado, no planeamos lanzar una versi\u00f3n que solucione este problema. Se recomienda a los usuarios que busquen una alternativa o restrinjan el acceso a la instancia a usuarios confiables. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-271xx/CVE-2024-27184.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27184",
"sourceIdentifier": "security@joomla.org",
"published": "2024-08-20T16:15:10.733",
"lastModified": "2024-08-20T16:15:10.733",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.."
},
{
"lang": "es",
"value": "Una validaci\u00f3n inadecuada de las URL podr\u00eda dar lugar a una verificaci\u00f3n no v\u00e1lida de si una URL de redireccionamiento es interna o no."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-271xx/CVE-2024-27185.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27185",
"sourceIdentifier": "security@joomla.org",
"published": "2024-08-20T16:15:10.840",
"lastModified": "2024-08-20T20:35:21.323",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors."
},
{
"lang": "es",
"value": "La clase de paginaci\u00f3n incluye par\u00e1metros arbitrarios en los enlaces, lo que genera vectores de ataque de envenenamiento de cach\u00e9."
}
],
"metrics": {

8
CVE-2024/CVE-2024-271xx/CVE-2024-27186.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27186",
"sourceIdentifier": "security@joomla.org",
"published": "2024-08-20T16:15:10.893",
"lastModified": "2024-08-20T16:15:10.893",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions."
},
{
"lang": "es",
"value": "La funci\u00f3n de plantilla de correo carece de un mecanismo de escape, lo que genera vectores XSS en m\u00faltiples extensiones."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-271xx/CVE-2024-27187.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27187",
"sourceIdentifier": "security@joomla.org",
"published": "2024-08-20T16:15:10.983",
"lastModified": "2024-08-20T20:35:22.107",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Controls allows backend users to overwrite their username when disallowed."
},
{
"lang": "es",
"value": "Los controles de acceso inadecuados permiten a los usuarios de backend sobrescribir su nombre de usuario cuando no est\u00e1n permitidos."
}
],
"metrics": {

8
CVE-2024/CVE-2024-318xx/CVE-2024-31842.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31842",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T20:15:08.090",
"lastModified": "2024-08-20T20:15:08.090",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Italtel Embrace 1.6.4. La aplicaci\u00f3n web inserta el token de acceso de un usuario autenticado dentro de las solicitudes GET. La cadena de consulta para la URL podr\u00eda guardarse en el historial del navegador, pasarse a trav\u00e9s de Referers a otros sitios web, almacenarse en registros web o registrarse de otro modo en otras fuentes. Si la cadena de consulta contiene informaci\u00f3n confidencial, como identificadores de sesi\u00f3n, los atacantes pueden usar esta informaci\u00f3n para lanzar m\u00e1s ataques. Debido a que el token de acceso se env\u00eda en solicitudes GET, esta vulnerabilidad podr\u00eda provocar la apropiaci\u00f3n completa de la cuenta."
}
],
"metrics": {},

72
CVE-2024/CVE-2024-344xx/CVE-2024-34458.json
View File

@ -2,20 +2,84 @@
"id": "CVE-2024-34458",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T14:15:08.873",
"lastModified": "2024-08-20T15:44:20.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-21T13:31:38.380",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in information disclosure."
},
{
"lang": "es",
"value": "Keyfactor Command 10.5.x anterior a 10.5.1 y 11.5.x anterior a 11.5.1 permite la inyecci\u00f3n SQL, lo que podr\u00eda resultar en la divulgaci\u00f3n de informaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:keyfactor:command:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24F747AE-03A5-4036-A12C-9296A4324B43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:keyfactor:command:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7D465AC2-3EDB-4338-85C3-FF7F074CE585"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://trust.keyfactor.com/?itemUid=d73921fd-bc9e-4e35-a974-cfb628e6a226&source=click",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-352xx/CVE-2024-35214.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-35214",
"sourceIdentifier": "secure@blackberry.com",
"published": "2024-08-20T18:15:08.497",
"lastModified": "2024-08-20T18:15:08.497",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A tampering vulnerability in the CylanceOPTICS Windows Installer Package of CylanceOPTICS for Windows version 3.2 and 3.3 could allow an attacker to potentially uninstall CylanceOPTICS from a system thereby leaving it with only the protection of CylancePROTECT."
},
{
"lang": "es",
"value": "Una vulnerabilidad de manipulaci\u00f3n en el paquete CylanceOPTICS Windows Installer de CylanceOPTICS para Windows versi\u00f3n 3.2 y 3.3 podr\u00eda permitir a un atacante desinstalar CylanceOPTICS de un sistema, dej\u00e1ndolo as\u00ed solo con la protecci\u00f3n de CylancePROTECT."
}
],
"metrics": {

6
CVE-2024/CVE-2024-36xx/CVE-2024-3657.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-3657",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-05-28T13:15:11.057",
"lastModified": "2024-07-18T16:15:07.693",
"lastModified": "2024-08-21T13:15:04.753",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -80,6 +80,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:4633",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:5690",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-3657",
"source": "secalert@redhat.com"

8
CVE-2024/CVE-2024-370xx/CVE-2024-37008.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37008",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-08-21T10:15:05.037",
"lastModified": "2024-08-21T10:15:05.037",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo DWG creado con fines malintencionados, al analizarse en Revit, puede provocar un desbordamiento del b\u00fafer basado en la pila. Un actor malintencionado puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"metrics": {

47
CVE-2024/CVE-2024-371xx/CVE-2024-37109.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37109",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-24T13:15:10.483",
"lastModified": "2024-06-28T13:15:02.650",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-21T13:49:47.070",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wishlistmember:wishlist_member:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.26.7",
"matchCriteriaId": "04F823C9-F802-4D6F-AC26-DEF76ABC56CE"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-authenticated-arbitrary-php-code-execution-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-381xx/CVE-2024-38175.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38175",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-08-20T19:15:09.950",
"lastModified": "2024-08-20T19:15:09.950",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "secure@microsoft.com",
@ -16,6 +16,10 @@
{
"lang": "en",
"value": "An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network."
},
{
"lang": "es",
"value": "Una vulnerabilidad de control de acceso inadecuado en Instancia administrada de Azure para Apache Cassandra permite a un atacante autenticado elevar privilegios en una red."
}
],
"metrics": {

8
CVE-2024/CVE-2024-383xx/CVE-2024-38305.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38305",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-08-21T03:15:05.020",
"lastModified": "2024-08-21T03:15:05.020",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local low-privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executables on the operating system with elevated privileges."
},
{
"lang": "es",
"value": "Dell SupportAssist for Home PCs Installer exe versi\u00f3n 4.0.3 contiene una vulnerabilidad de escalada de privilegios en el instalador. Un atacante local autenticado con pocos privilegios podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la ejecuci\u00f3n de ejecutables arbitrarios en el sistema operativo con privilegios elevados."
}
],
"metrics": {

78
CVE-2024/CVE-2024-390xx/CVE-2024-39094.json
View File

@ -2,28 +2,94 @@
"id": "CVE-2024-39094",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T14:15:09.330",
"lastModified": "2024-08-20T15:44:20.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-21T13:31:04.087",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters."
},
{
"lang": "es",
"value": "Friendica 2024.03 es vulnerable a Cross Site Scripting (XSS) en la configuraci\u00f3n/perfil a trav\u00e9s de la p\u00e1gina de inicio, xmpp y los par\u00e1metros de matriz."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:friendica:friendica:2024.03:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8639D6-03C8-4E15-BB2D-4217078E983E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://friendi.ca/2024/08/17/friendica-2024-08-released/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/friendica/friendica/issues/14220",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://github.com/friendica/friendica/releases/tag/2024.08",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

8
CVE-2024/CVE-2024-407xx/CVE-2024-40743.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-40743",
"sourceIdentifier": "security@joomla.org",
"published": "2024-08-20T16:15:11.457",
"lastModified": "2024-08-20T16:15:11.457",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors."
},
{
"lang": "es",
"value": "Los m\u00e9todos stripImages y stripIframes no procesaron correctamente las entradas, lo que gener\u00f3 vectores XSS."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-416xx/CVE-2024-41657.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41657",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-20T21:15:13.687",
"lastModified": "2024-08-20T21:15:13.687",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to the a logic error in checking only for a prefix when authenticating the Origin header, any domain can create a valid subdomain with a valid subdomain prefix (Ex: localhost.example.com), allowing the website to make requests to Casdoor as the current signed-in user."
},
{
"lang": "es",
"value": "Casdoor es una plataforma de gesti\u00f3n de acceso e identidad (IAM)/inicio de sesi\u00f3n \u00fanico (SSO) basada en la interfaz de usuario. En Casdoor 1.577.0 y versiones anteriores, existe una vulnerabilidad l\u00f3gica en el filtro beego CorsFilter que permite que cualquier sitio web realice solicitudes entre dominios a Casdoor como usuario conectado. Debido a un error l\u00f3gico al verificar solo un prefijo al autenticar el encabezado de Origen, cualquier dominio puede crear un subdominio v\u00e1lido con un prefijo de subdominio v\u00e1lido (Ej.: localhost.example.com), permitiendo que el sitio web realice solicitudes a Casdoor como usuario que ha iniciado sesi\u00f3n actualmente."
}
],
"metrics": {

8
CVE-2024/CVE-2024-416xx/CVE-2024-41658.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41658",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-20T21:15:13.910",
"lastModified": "2024-08-20T21:15:13.910",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, he purchase URL that is created to generate a WechatPay QR code is vulnerable to reflected XSS. When purchasing an item through casdoor, the product page allows you to pay via wechat pay. When using wechat pay, a QR code with the wechat pay link is displayed on the payment page, hosted on the domain of casdoor. This page takes a query parameter from the url successUrl, and redirects the user to that url after a successful purchase. Because the user has no reason to think that the payment page contains sensitive information, they may share it with other or can be social engineered into sending it to others. An attacker can then craft the casdoor link with a special url and send it back to the user, and once payment has gone though an XSS attack occurs."
},
{
"lang": "es",
"value": "Casdoor es una plataforma de gesti\u00f3n de acceso e identidad (IAM)/inicio de sesi\u00f3n \u00fanico (SSO) basada en la interfaz de usuario. En Casdoor 1.577.0 y versiones anteriores, la URL de compra creada para generar un c\u00f3digo QR de WechatPay es vulnerable al XSS reflejado. Al comprar un art\u00edculo a trav\u00e9s de casdoor, la p\u00e1gina del producto le permite pagar mediante wechat pay. Cuando se utiliza wechat pay, se muestra un c\u00f3digo QR con el enlace de wechat pay en la p\u00e1gina de pago, alojada en el dominio de casdoor. Esta p\u00e1gina toma un par\u00e1metro de consulta de la URL SuccessUrl y redirige al usuario a esa URL despu\u00e9s de una compra exitosa. Debido a que el usuario no tiene motivos para pensar que la p\u00e1gina de pago contiene informaci\u00f3n confidencial, puede compartirla con otros o puede sufrir ingenier\u00eda social para enviarla a otros. Luego, un atacante puede crear el enlace casdoor con una URL especial y envi\u00e1rselo de vuelta al usuario, y una vez que se haya realizado el pago, se produce un ataque XSS."
}
],
"metrics": {

8
CVE-2024/CVE-2024-416xx/CVE-2024-41659.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41659",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-20T20:15:08.207",
"lastModified": "2024-08-20T20:15:08.207",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker to read private information or make privileged changes to the system as the vulnerable user account."
},
{
"lang": "es",
"value": "Memos es un servicio de toma de notas liviano y que prioriza la privacidad. Existe una configuraci\u00f3n incorrecta de CORS en memos 0.20.1 y versiones anteriores donde se refleja un origen arbitrario con Access-Control-Allow-Credentials establecido en verdadero. Esto puede permitir que un sitio web atacante realice una solicitud de origen cruzado, lo que le permite leer informaci\u00f3n privada o realizar cambios privilegiados en el sistema como cuenta de usuario vulnerable."
}
],
"metrics": {

8
CVE-2024/CVE-2024-417xx/CVE-2024-41773.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41773",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-08-20T20:15:08.423",
"lastModified": "2024-08-20T20:15:08.423",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls."
},
{
"lang": "es",
"value": "IBM Global Configuration Management 7.0.2 y 7.0.3 podr\u00eda permitir que un usuario autenticado archive una l\u00ednea base global debido a controles de acceso inadecuados."
}
],
"metrics": {

68
CVE-2024/CVE-2024-420xx/CVE-2024-42006.json
View File

@ -2,20 +2,80 @@
"id": "CVE-2024-42006",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T14:15:09.540",
"lastModified": "2024-08-20T15:44:20.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-21T13:26:54.577",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure."
},
{
"lang": "es",
"value": "Keyfactor AWS Orchestrator hasta 2.0 permite la divulgaci\u00f3n de informaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:keyfactor:aws_orchestrator:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.01",
"matchCriteriaId": "CEB8148F-5A42-4500-9781-DCBB7E9A32F3"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://trust.keyfactor.com/?itemUid=d73921fd-bc9e-4e35-a974-cfb628e6a226&source=click",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

50
CVE-2024/CVE-2024-423xx/CVE-2024-42335.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-42335",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2024-08-20T13:15:05.317",
"lastModified": "2024-08-20T15:44:20.567",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-21T13:49:19.863",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "7Twenty - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
},
{
"lang": "es",
"value": "7Twenty - CWE-79: Neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (\"Cross-site Scripting\")"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
@ -47,10 +71,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:7-twenty:bot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17379E5F-4B89-4197-ACF8-BED7023CBAAA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
"source": "cna@cyber.gov.il",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-423xx/CVE-2024-42361.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42361",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-20T21:15:14.120",
"lastModified": "2024-08-20T21:15:14.120",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection."
},
{
"lang": "es",
"value": "Hertzbeat es un sistema de monitoreo en tiempo real de c\u00f3digo abierto. Hertzbeat 1.6.0 y versiones anteriores declaran un endpoint /api/monitor/{monitorId}/metric/{metricFull} para descargar m\u00e9tricas de trabajo. En el proceso, ejecuta una consulta SQL con datos controlados por el usuario, lo que permite la inyecci\u00f3n de SQL."
}
],
"metrics": {

8
CVE-2024/CVE-2024-423xx/CVE-2024-42362.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42362",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-20T21:15:14.333",
"lastModified": "2024-08-20T21:15:14.333",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0."
},
{
"lang": "es",
"value": "Hertzbeat es un sistema de monitoreo en tiempo real de c\u00f3digo abierto. Hertzbeat tiene un RCE autenticado (rol de usuario) mediante una deserializaci\u00f3n insegura en /api/monitors/import. Esta vulnerabilidad se solucion\u00f3 en 1.6.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-423xx/CVE-2024-42363.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42363",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-20T21:15:14.543",
"lastModified": "2024-08-20T21:15:14.543",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. The role parameter flows into the RoleConfigFile initializer and then into the Kubernetes::Util.parse_file method where it is unsafely deserialized using the YAML.load_stream method. This issue may lead to Remote Code Execution (RCE). This vulnerability is fixed in 3385."
},
{
"lang": "es",
"value": "Antes de 3385, el par\u00e1metro de rol controlado por el usuario ingresa a la aplicaci\u00f3n en Kubernetes::RoleVerificationsController. El par\u00e1metro de rol fluye hacia el inicializador RoleConfigFile y luego hacia el m\u00e9todo Kubernetes::Util.parse_file donde se deserializa de forma insegura mediante el m\u00e9todo YAML.load_stream. Este problema puede provocar la ejecuci\u00f3n remota de c\u00f3digo (RCE). Esta vulnerabilidad se soluciona en 3385."
}
],
"metrics": {

62
CVE-2024/CVE-2024-425xx/CVE-2024-42566.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-42566",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T13:15:07.443",
"lastModified": "2024-08-20T18:35:08.070",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-21T13:47:05.013",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the password parameter at login.php"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el commit de School Management System bae5aa conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro de contrase\u00f1a en login.php"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -47,10 +81,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arajajyothibabu:school_management_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020-06-20",
"matchCriteriaId": "98CEDB6F-0D88-4FA7-8DE0-114F4080633A"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/topsky979/95a8f0d24f1d409a14df4c04e0a8c547",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-425xx/CVE-2024-42567.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-42567",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T13:15:07.540",
"lastModified": "2024-08-20T18:35:09.340",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-21T13:46:48.087",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el commit de School Management System bae5aa conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro sid en /search.php?action=2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -47,10 +81,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arajajyothibabu:school_management_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020-06-20",
"matchCriteriaId": "98CEDB6F-0D88-4FA7-8DE0-114F4080633A"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/topsky979/96ba3f6ccd333480aa86e7078c4886d7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-425xx/CVE-2024-42568.json
View File

@ -2,20 +2,81 @@
"id": "CVE-2024-42568",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T13:15:07.643",
"lastModified": "2024-08-20T15:44:20.567",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-21T13:46:29.497",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el commit de School Management System bae5aa conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro de transporte en vehicle.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arajajyothibabu:school_management_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020-06-20",
"matchCriteriaId": "98CEDB6F-0D88-4FA7-8DE0-114F4080633A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/topsky979/38a30275374ef796ab860795f5df4dac",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-425xx/CVE-2024-42570.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-42570",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T13:15:07.830",
"lastModified": "2024-08-20T18:35:10.617",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-21T13:46:00.837",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at admininsert.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el commit bae5aa de School Management System bae5aa conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro medio en admininsert.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -47,10 +81,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arajajyothibabu:school_management_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020-06-20",
"matchCriteriaId": "98CEDB6F-0D88-4FA7-8DE0-114F4080633A"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/topsky979/1d9ebca101fc5e30040436d70e522102",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-425xx/CVE-2024-42572.json
View File

@ -2,20 +2,81 @@
"id": "CVE-2024-42572",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T13:15:08.007",
"lastModified": "2024-08-20T15:44:20.567",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-21T13:44:58.823",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el commit de School Management System bae5aa conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro medio en unitmarks.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arajajyothibabu:school_management_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020-06-20",
"matchCriteriaId": "98CEDB6F-0D88-4FA7-8DE0-114F4080633A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/topsky979/c4c9508b8b3ed11f098f716d46572295",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-425xx/CVE-2024-42573.json
View File

@ -2,20 +2,81 @@
"id": "CVE-2024-42573",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T13:15:08.097",
"lastModified": "2024-08-20T15:44:20.567",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-21T13:44:48.360",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at dtmarks.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el commit de School Management System bae5aa conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro medio en dtmarks.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arajajyothibabu:school_management_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020-06-20",
"matchCriteriaId": "98CEDB6F-0D88-4FA7-8DE0-114F4080633A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/topsky979/d44aabca29c1a6a9845fde465b924e79",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-425xx/CVE-2024-42574.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-42574",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T13:15:08.193",
"lastModified": "2024-08-20T21:35:05.983",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-21T13:44:39.147",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el commit de School Management System bae5aa conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro medio en attendance.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -47,10 +81,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arajajyothibabu:school_management_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020-06-20",
"matchCriteriaId": "98CEDB6F-0D88-4FA7-8DE0-114F4080633A"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/topsky979/7064f8bbd3977ee665a098efcd0170c0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-425xx/CVE-2024-42575.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-42575",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T13:15:08.283",
"lastModified": "2024-08-20T18:35:11.897",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-21T13:43:06.420",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el commit de School Management System bae5aa conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro medio en substaff.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -47,10 +81,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arajajyothibabu:school_management_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020-06-20",
"matchCriteriaId": "98CEDB6F-0D88-4FA7-8DE0-114F4080633A"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/topsky979/2fddc00b33b038cd778c1e4fb1936a15",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-425xx/CVE-2024-42577.json
View File

@ -2,20 +2,80 @@
"id": "CVE-2024-42577",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T13:15:08.477",
"lastModified": "2024-08-20T15:44:20.567",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-21T13:39:36.670",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) in the component add_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges."
},
{
"lang": "es",
"value": "Una Cross-Site Request Forgery (CSRF) en el componente add_product.php de Warehouse Inventory System v2.0 permite a los atacantes escalar privilegios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siamonhasan:warehouse_inventory_system:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6228DEE1-8E9A-4EC8-9796-41C85AE4F6EA"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/topsky979/20ad7b251f2905db38e7a6566b1d46cc",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-425xx/CVE-2024-42579.json
View File

@ -2,20 +2,80 @@
"id": "CVE-2024-42579",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T13:15:08.687",
"lastModified": "2024-08-20T15:44:20.567",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-21T13:39:19.630",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) in the component add_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges."
},
{
"lang": "es",
"value": "Una Cross-Site Request Forgery (CSRF) en el componente add_group.php de Warehouse Inventory System v2.0 permite a los atacantes escalar privilegios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siamonhasan:warehouse_inventory_system:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6228DEE1-8E9A-4EC8-9796-41C85AE4F6EA"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/topsky979/ed59fb8b35a220dfa064a3a3cb1ecb1b",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-425xx/CVE-2024-42580.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-42580",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T13:15:08.793",
"lastModified": "2024-08-20T19:35:11.603",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-21T13:39:07.857",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) in the component edit_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges."
},
{
"lang": "es",
"value": "Una Cross-Site Request Forgery (CSRF) en el componente edit_group.php de Warehouse Inventory System v2.0 permite a los atacantes escalar privilegios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -47,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siamonhasan:warehouse_inventory_system:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6228DEE1-8E9A-4EC8-9796-41C85AE4F6EA"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/topsky979/8a05309486637d8c6ce8c6624ec1e897",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-425xx/CVE-2024-42581.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-42581",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T13:15:08.890",
"lastModified": "2024-08-20T21:35:07.197",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-21T13:38:50.380",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges."
},
{
"lang": "es",
"value": "Una Cross-Site Request Forgery (CSRF) en el componente delete_group.php de Warehouse Inventory System v2.0 permite a los atacantes escalar privilegios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -47,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siamonhasan:warehouse_inventory_system:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6228DEE1-8E9A-4EC8-9796-41C85AE4F6EA"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/topsky979/2bd26343ccdff7c759f62d332c8caff6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-425xx/CVE-2024-42582.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-42582",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T13:15:08.987",
"lastModified": "2024-08-20T18:35:13.170",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-21T13:38:36.603",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) in the component delete_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges."
},
{
"lang": "es",
"value": "Una Cross-Site Request Forgery (CSRF) en el componente delete_categorie.php de Warehouse Inventory System v2.0 permite a los atacantes escalar privilegios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -47,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siamonhasan:warehouse_inventory_system:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6228DEE1-8E9A-4EC8-9796-41C85AE4F6EA"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/topsky979/c0d78b257ce1e661be30de1ce9551d27",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-425xx/CVE-2024-42583.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-42583",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T13:15:09.077",
"lastModified": "2024-08-20T18:35:14.437",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-21T13:38:19.947",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) in the component delete_user.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges."
},
{
"lang": "es",
"value": "Una Cross-Site Request Forgery (CSRF) en el componente delete_user.php de Warehouse Inventory System v2.0 permite a los atacantes escalar privilegios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -47,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siamonhasan:warehouse_inventory_system:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6228DEE1-8E9A-4EC8-9796-41C85AE4F6EA"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/topsky979/dac0206b8de14763bdbe2b6bb7020cdc",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-425xx/CVE-2024-42584.json
View File

@ -2,20 +2,80 @@
"id": "CVE-2024-42584",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T13:15:09.173",
"lastModified": "2024-08-20T15:44:20.567",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-21T13:37:57.767",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) in the component delete_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges."
},
{
"lang": "es",
"value": "Una Cross-Site Request Forgery (CSRF) en el componente delete_product.php de Warehouse Inventory System v2.0 permite a los atacantes escalar privilegios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siamonhasan:warehouse_inventory_system:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6228DEE1-8E9A-4EC8-9796-41C85AE4F6EA"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/topsky979/6037eaac5749430c29cf15fdd9df0ba5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-425xx/CVE-2024-42598.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42598",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T16:15:11.727",
"lastModified": "2024-08-20T16:15:11.727",
"vulnStatus": "Received",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges."
},
{
"lang": "es",
"value": "SeaCMS 13.0 tiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. La raz\u00f3n de esta vulnerabilidad es que, aunque admin_editplayer.php impone restricciones a los archivos editados, los atacantes a\u00fan pueden eludir estas restricciones y escribir c\u00f3digo, lo que permite a los atacantes autenticados explotar la vulnerabilidad para ejecutar comandos arbitrarios y obtener privilegios del sistema."
}
],
"metrics": {},

Some files were not shown because too many files have changed in this diff Show More